Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Spotlight on the incident response hot seat."

Download it now to read this article plus other related content.

Open-Source Alternative

    Requires Free Membership to View

Can open-source endpoint security alternatives provide SMBs with protection similar to that of commercial products? The University of Toronto says yes and has built the open-source Endpoint Security Policy Project (www.utoronto.ca/security/UTORprotect/ESP/index.htm).

The solution is described as an OS patching system that requires users to keep systems up-to-date. It uses NetReg, an open-source network registration system developed by Southwestern University, to provide network isolation. The open-source Squid Web cache proxy provides limited Internet access to users whose clients are quarantined, and a Microsoft Baseline Security Analyzer wizard to handle patch detection. Users can't access the university network until their machines are compliant with policy. It includes the Nessus vulnerability scanner, so users can scan their own workstations for vulnerabilities.

Mike Wiseman, the university's manager of computer security administration, says it will soon add support for simple password auditing and IDS testing.

--Tom Bowers

Assembly Required
We tested the products for ease of installation; our goal was to get them up and running quickly without tech support. ENDFORCE, Senforce, Sygate and Check Point run on Windows Server 2003, and required SQL Server (Sygate supports Oracle as well), IIS and an SSL certificate.

Sygate's documentation and wizards made for the smoothest installation; we were basically able to install the product by answering a series of on-screen questions.

Check Point's documentation and wizards were almost as sharp, helping us install the policy server without incident. However, the agent installation caused an XP Pro workstation to crash during the reboot. Check Point hasn't received similar reports, and its tech support was unable to reproduce the error.

StillSecure's agentless system was easy to install and used a Linux-based script to build the policy server.

Although it comes packaged on a hardened Linux server, InfoExpress' CyberGatekeeper was the most challenging installation, requiring professional support because of its unique architecture; the technical staff deftly walked us through the installation over the phone. The complexity lies in InfoExpress' server working directly with switches and routers. Setting up VLANs manually on switches and mapping them to the production and quarantine areas of a network are painstaking processes. If your infrastructure supports 802.1X, the job becomes substantially easier; the InfoExpress agent simply communicates to the 802.1X infrastructure, letting the switching intelligence determine the configuration.

ENDFORCE's poor documentation made installation quite difficult. At some points, we had five different documents open. It was easy to miss important steps, such as Web certificate installation, because the instructions were buried inside a paragraph. As a result, we made good use of its knowledgeable technical support staff.

Senforce's quick start guide was insufficient, but the combination of tutorials on the installation CD and the admin guide enabled us to complete the installation without technical support.

Enterprise Ready?
The scalability and flexibility of these products varied with their host OS and depended on whether they used an agent or agentless architecture. StillSecure's agentless design makes it highly scalable, particularly if it's deployed in front of DHCP servers, enforcing access by preventing the workstation from obtaining an IP address to the production network; it's a much more efficient network access control method than relying on an agent. StillSecure can also be deployed as an inline gateway, using its firewall to control network access.

All of the tested products except Senforce have a failover capability to assure 24/7 uptime. All provide LDAP support, which enhances enterprise scalability.

InfoExpress' wide range of client support offers a distinct advantage for heterogeneous environments.

This was first published in March 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: