Price: $4,950 Starter Kit
(lock and 10 keys, or two locks)
KoolSpan's SecurEdge is a remarkably versatile and innovative product for securing connectivity. Using this single security platform, you can secure remote user access, VoIP and Wi-Fi, transparently bridge branch offices to your headquarters, and encrypt connections across some or all of your network.
Bottom line: This is one product that can relieve the need to purchase and manage disparate point products (and can allow KoolSpan to compete in multiple markets with a single stroke).
SecurEdge's versatility lies in its application of 256-bit AES encryption at layer 2, which allows it to encrypt all traffic even if it uses non-IP protocols. Smart card technology is embedded in user USB tokens and lock devices to secure network segments. The smart card technology allows SecurEdge to create secure connections without the need to transfer user credentials between the key and lock. Point-to-point connections can be secured with a SecurEdge lock on each end.
We installed SecurEdge devices several different ways in our test lab, and were impressed by their ease of use and security. We first tried the remote access product, and it was configured and running in just minutes. The remote access solution features a lock on your network and USB smart card keys that are given to your users.
Key configuration is simple; it requires inserting a master key to use the management software, and then inserting a client key for configuring your external IP address. Configuring the lock is just as easy--it only requires forwarding a single port to the lock with a static or DHCP IP address.
Client software installation was also a snap. The user inserts his USB key, which the client automatically detects, prompting for the PIN (on first use, it requires you to change it). The keys can be configured to lock users out after a defined number of failed attempts to enter the correct PIN. SecurEdge only supports Windows clients, but KoolSpan plans Linux and Mac OS X rollouts later this year.
Network-to-network bridging worked like a charm, as well. We bridged two lab networks using two SecurEdge locks in a matter of minutes. In practice, you could have a parent at your main location and a child at a branch office, or provide an encrypted connection between networks in the same location.
We configured the parent lock, gave it a local address and forwarded a single port to it. The child lock is configured with your external address. The lock's external interface is plugged into a router or modem; the internal interface is plugged into the remote bridged network. The child automatically starts communicating with its parent as soon as it's plugged in. After a successful connection, your remote child network is seamlessly communicating with the parent network. As far as remote office users are concerned, they're on the network.
KoolSpan's SecurEdge redefines ease of use for VPN, network bridging and other applications. It's a good solution whether you are an SMB looking for a secure and easy way to work remotely, or have a large, distributed enterprise network, where it will help decrease network and remote access management, as well as provide encryption on the network backbone or secure highly sensitive machines.
About the author
Brent Huston is a technical editor for Information Security magazine.
This review orginally appeared in the April 2006 edition of Information Security magazine.