Home > Security News > Review: eGuardPost a B+ overall
Security News:
EMAIL THIS LICENSING & REPRINTS

Review: eGuardPost a B+ overall

By Steven Weil, Contributing Writer
09 Mar 2007 | Information Security magazine

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Focus: Access control
Product: eGuardPost
Vendor: e-DMZ Security
Pricing: Starts at $12,500 for five concurrent sessions

Secure remote vendor and system administrator access to information systems is a critical business requirement for many organizations, but it can be a challenge to manage and audit. While VPNs are fine for most users, they can require client software and don't offer the level of audit and forensic capabilities demanded by regulatory requirements and high-security environments. eGuardPost is a hardened appliance that can be used to secure, manage and audit these sensitive connections.

Policy control: B+
eGuardPost allows security managers to apply granular access controls to remote connections. The appliance comes bundled with Security's Password Auto Repository (PAR), e-DMZ's flagship product, which securely stores and manages administrative passwords.

We were able to successfully create multiple users and enforce a variety of access controls on them.

Once users log in via HTTPS and are authenticated via RSA Security's SecurID, Secure Computing's Safe-Word or LDAP (or against user accounts created and stored on eGuardPost), eGuardPost determines what type of remote access they are allowed and which systems they can connect to. Security managers can assign specific roles (e.g., requester, approver, auditor and administrator) to remote users.

eGuardPost can be configured to automatically log in specific users; it retrieves the necessary password from the local or a remote PAR. The password is never shown to, or known by, the remote user.

Security managers can also require that certain remote connection requests be approved by one or more designated persons. Connection requests and approvals can be sent to a ticketing system.

Configuration and management: B
Configuration is straightforward and easy thanks to excellent documentation. The appliance is managed via HTTPS. The management interface is well designed and mostly easy to navigate.

Systems to be managed are defined, users are created, and the security manager determines which users have what type of remote access to which systems. You can even limit access to specified time periods, which will be very useful for vendors and contractors, as well as admins assigned to particular tasks. Systems and users can be placed into and managed as groups.

Users do not need to install any software; eGuardPost proxies all remote connections. It can establish connections to systems via Telnet, Windows Terminal Server, SSH, VNC and X5250.

Reporting: B
eGuardPost's forensics capabilities are unique, offering VCR-like recording and playback of every mouse, keyboard and screen action during a remote session. We conducted multiple remote sessions via eGuardPost then watched their recordings; each was flawlessly presented. eGuardPost can automatically move recorded sessions to designated archives.

eGuardPost can produce detailed reports of user rights and activities, security alerts, firewall events, database events and Web server events. Reports can only be exported to Excel and some of them are a bit cryptic. The appliance supports SNMP and syslog.

Effectiveness: B+
We found eGuardPost to be a very effective product, correctly and efficiently managing and auditing all of the many remote connections we sent through it. eGuardPost is carefully hardened, with an embedded firewall and hard drive encrypted with 256-bit AES. Our security scans of the appliance found no vulnerabilities.

Verdict
eGuardPost is a well-designed and highly capable product that meets an important need. It has strong security and great forensics capabilities.

Testing methodology
Our test network included a Windows XP laptop, an unmanaged switch and three Windows 2003 Web, FTP and domain controller servers.

This review originally appeared in the March 2007 edition of Information Security magazine.

Sound Off! -   Be the first to post a message to Sound Off!


Tags: User ProvisioningNetwork Access Control BasicsVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts