Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Spotlight on the incident response hot seat."

Download it now to read this article plus other related content.

Guarding the Guardians
Insecure security products can open new holes in your defense as they try to close others. A number of these products have security issues, such as Web server vulnerabilities, generally due to their host OS. We used a number of vulnerability scanners, Web crawlers, password crackers and disk editors to smoke out potential problems. In all cases, the vendor had already issued patches to correct the situation.

StillSecure and Sygate showed fairly standard Web server holes--directory traversal, directory listing disclosure and information disclosure--that allow unauthorized access to data. Check Point and InfoExpress provided the best security of the products; we couldn't penetrate their policy servers or subvert their endpoints. Each vendor responded quickly to the discovered vulnerabilities.

Our tests revealed some serious security weaknesses in ENDFORCE. For example, its RADIUS secret key was in plaintext on the server. More disconcerting was its staff's attitude that server security was a platform OS issue--not their problem, end of story. ENDFORCE does nothing to secure its policy server, although it provides a substantial documentation for securing Windows-based installation.

Senforce has similar problems with its database passwords being in plaintext and only provides documentation for its application security. But, at least it was responsive and said it would address these issues.

The other four vendors have active

    Requires Free Membership to View

security testing programs. They use tools such as Nessus and Nmap to scan their products for vulnerabilities, and they make a conscious effort to secure their own architecture, regardless of server platform.

Almost Ready for Prime Time
Overall, endpoint security remains a promising technology that will continue to draw attention. All six tested products provide effective compliance monitoring and control; the differentiators are in the details. How easy are they to manage? What client OSes do they support? Can they thwart zero-day attacks? Do their installation and management capabilities lower TOC? For remote access protection, the answer is most assuredly yes. This is a controllable area of the network and usually fairly small.

Check Point's Integrity had a clear edge in a relatively tight field, scoring solidly almost across the board. Sygate's Secure Enterprise is a mature and solid product. InfoExpress, with CyberGatekeeper's switch-based enforcement, may be in the best position of any of the vendors to integrate with the various network-based admission control initiatives. StillSecure's SafeAccess, with its clientless architecture and addition of an agent option, is also a sound choice. Senforce's Endpoint Security Suite has some work to do to stand toe-to-toe with competing products. But all will effectively monitor and enforce endpoint security policy compliance, including ENDFORCE's ENDFORCE Enterprise, despite its obvious growing pains.

Once they smooth out the rough edges in design, WAN link communications, administration and reporting, these tools will be ready for wide-scale deployments. They're tantalizingly close to the mark and, within two years, should become nearly as ubiquitous as antivirus software.

Report Card Making the Grade

This was first published in March 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: