Caymas 318 Access Gateway v2.5.1
Price: Starts at $24,995
As organizations extend their information resources, they're deploying a hodgepodge of security technologies to block attacks and prevent malicious or compromised users from gaining network access.
The Caymas 318 Access Gateway simplifies protection by combining access control, IDS/IPS, firewall capabilities, and endpoint and application security in one appliance. The appliance supports up to 500 concurrent users and 300 Mbps throughput (the high-end 525 model supports 2,500 users and 1 Gbps).
The Access Gateway uses granular policies to allow client machines (Windows 98/NT/2000/XP, SuSE Linux 8.2, or Macintosh OS X) flexible, identity-based access to remote, internal and extranet resources such as e-mail, applications (e.g., MS Terminal Server, HTTP, FTP) and files (CIFS/Samba and NFS) via SSL proxy or tunnel. IPSec is also supported.
Endpoint security policy enforcement includes checks for up-to-date AV signature files, properly configured and operating personal firewalls, and patch levels.
Its IDS/IPS is Snort-based; signature matches can generate user-defined actions ranging from logging the event to disabling the account. However, existing threat rules and responses can't be edited; you have to delete them and create new ones. Also, signatures have to be manually updated.
The Access Gateway can cryptographically sign cookies and/or URLs. Rate limits can also be set to protect against DoS attacks.
Granular policies can define access rights to specific resources. Time-of-day limitations and per-method or file-extension qualifiers (e.g., "delete" HTTP method not allowed, .exe files prohibited) can also be enforced. The Access Gateway provides single sign-on to Web servers and file shares.
Security managers can easily create profiles and groups to define users, machines, and/or networks, and how they must authenticate--Active Direc-tory, local database, LDAP, RADIUS or RSA SecurID.
The Java management interface is complex but well designed. Documen-tation is excellent.
Organizations can enable detailed logging per user or resource (e.g., logins and logouts, resource accesses). Specific events, such as an attempt to access a denied resource, can be configured to generate an alarm and send an SNMP trap to a network management system, such as Hewlett-Packard's OpenView. We would have liked to have been able to directly generate e-mail and/or pager alerts.
The Access Gateway can generate a variety of useful reports, including system performance, resource activity summaries and user activity details, but they can only be exported to .csv files.
With its plug-and-play architecture, multiple authentication options, granular access control, strong security features and detailed reporting, the Access Gateway is a good choice to enforce secure access to business resources.
Reviewed by Information Security technical editor Steven Weil. This review originally appeared in the June issue of Information Security magazine.
Dig Deeper on Web Authentication and Access Control