Access Control

Caymas Systems' Caymas 318 Access Gateway v2.5.1

Caymas 318 Access Gateway v2.5.1
Caymas Systems
Price: Starts at $24,995

@exb

Caymas 318 Access Gateway v2.5.1
@exe As organizations extend their information resources, they're deploying a hodgepodge of security technologies to block attacks and prevent malicious or compromised users from gaining network access.

The Caymas 318 Access Gateway simplifies protection by combining access control, IDS/IPS, firewall capabilities, and endpoint and application security in one appliance. The appliance supports up to 500 concurrent users and 300 Mbps throughput (the high-end 525 model supports 2,500 users and 1 Gbps).

The Access Gateway uses granular policies to allow client machines (Windows 98/NT/2000/XP, SuSE Linux 8.2, or Macintosh OS X) flexible, identity-based access to remote, internal and extranet resources such as e-mail, applications (e.g., MS Terminal Server, HTTP, FTP) and files (CIFS/Samba and NFS) via SSL proxy or tunnel. IPSec is also supported.

Endpoint security policy enforcement includes checks for up-to-date AV signature files, properly configured and operating personal firewalls, and patch levels.

Exec Summary
up Granular access control
down Broad OS Support
down Endpoint Security Enforcement
down Manual Snort Updates
down No e-mail, pager alerts
down No Snort rule editing

Its IDS/IPS is Snort-based; signature matches can generate user-defined actions ranging from logging the event to disabling the account. However, existing threat rules and responses can't be edited; you have to delete them and create new ones. Also, signatures have to be manually updated.

The Access Gateway can cryptographically sign cookies and/or URLs. Rate limits can also be set to protect against DoS attacks.

Granular policies can define access rights to specific resources. Time-of-day limitations and per-method or file-extension qualifiers (e.g., "delete" HTTP method not allowed, .exe files prohibited) can also be enforced. The Access Gateway provides single sign-on to Web servers and file shares.

Security managers can easily create profiles and groups to define users, machines, and/or networks, and how they must authenticate--Active Direc-tory, local database, LDAP, RADIUS or RSA SecurID.

The Java management interface is complex but well designed. Documen-tation is excellent.

Organizations can enable detailed logging per user or resource (e.g., logins and logouts, resource accesses). Specific events, such as an attempt to access a denied resource, can be configured to generate an alarm and send an SNMP trap to a network management system, such as Hewlett-Packard's OpenView. We would have liked to have been able to directly generate e-mail and/or pager alerts.

The Access Gateway can generate a variety of useful reports, including system performance, resource activity summaries and user activity details, but they can only be exported to .csv files.

With its plug-and-play architecture, multiple authentication options, granular access control, strong security features and detailed reporting, the Access Gateway is a good choice to enforce secure access to business resources.

-STEVEN WEIL

This was first published in May 2005

Dig deeper on Network Access Control Basics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close