This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."
Download it now to read this article plus other related content.
REVIEWED BY STEVEN WEIL
Price: Starts at $12,500 for five concurrent sessions
Secure remote vendor and system administrator access to information systems is a critical business requirement for many organizations, but it can be a challenge to manage and audit. While VPNs are fine for most users, they can require client software and don't offer the level of audit and forensic capabilities demanded by regulatory requirements and high-security environments. eGuardPost is a hardened appliance that can be used to secure, manage and audit these sensitive connections.
We were able to successfully create multiple users and enforce a variety of access controls on them.
Once users log in via HTTPS and are authenticated via RSA Security's SecurID, Secure Computing's Safe-Word or LDAP (or against user accounts created and stored on eGuardPost), eGuardPost determines what type of remote access they are allowed and which systems they can connect to. Security managers can assign specific roles (e.g., requester, approver, auditor and administrator) to remote users.
eGuardPost can be configured to automatically log in specific users; it retrieves the necessary password from the local or a remote PAR. The password is never shown to, or known by, the remote user.
Security managers can also require that certain remote connection requests be approved by one or more designated persons. Connection requests and approvals can be sent to a ticketing system.
Systems to be managed are defined, users are created, and the security manager determines which users have what type of remote access to which systems. You can even limit access to specified time periods, which will be very useful for vendors and contractors, as well as admins assigned to particular tasks. Systems and users can be placed into and managed as groups.
Users do not need to install any software; eGuardPost proxies all remote connections. It can establish connections to systems via Telnet, Windows Terminal Server, SSH, VNC and X5250.
eGuardPost can produce detailed reports of user rights and activities, security alerts, firewall events, database events and Web server events. Reports can only be exported to Excel and some of them are a bit cryptic. The appliance supports SNMP and syslog.
Testing methodology: Our test network included a Windows XP laptop, an unmanaged switch and three Windows 2003 Web, FTP and domain controller servers.
This was first published in March 2007