Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Access Control

Caymas Systems' Caymas 318 Access Gateway v2.5.1

Caymas 318 Access Gateway v2.5.1
Caymas Systems
Price: Starts at $24,995


Caymas 318 Access Gateway v2.5.1
@exe As organizations extend their information resources, they're deploying a hodgepodge of security technologies to block attacks and prevent malicious or compromised users from gaining network access.

The Caymas 318 Access Gateway simplifies protection by combining access control, IDS/IPS, firewall capabilities, and endpoint and application security in one appliance. The appliance supports up to 500 concurrent users and 300 Mbps throughput (the high-end 525 model supports 2,500 users and 1 Gbps).

The Access Gateway uses granular policies to allow client machines (Windows 98/NT/2000/XP, SuSE Linux 8.2, or Macintosh OS X) flexible, identity-based access to remote, internal and extranet resources such as e-mail, applications (e.g., MS Terminal Server, HTTP, FTP) and files (CIFS/Samba and NFS) via SSL proxy or tunnel. IPSec is also supported.

Endpoint security policy enforcement includes checks for up-to-date AV signature files, properly configured and operating personal firewalls, and patch levels.

Exec Summary
up Granular access control
down Broad OS Support
down Endpoint Security Enforcement
down Manual Snort Updates
down No e-mail, pager alerts
down No Snort rule editing

Its IDS/IPS is Snort-based; signature matches can generate user-defined actions ranging from logging the event to disabling the account. However, existing threat rules and responses can't be edited; you have to delete them and create new ones. Also, signatures have to be manually updated.

The Access Gateway can cryptographically sign cookies and/or URLs. Rate limits can also be set to protect against DoS attacks.

Granular policies can define access rights to specific resources. Time-of-day limitations and per-method or file-extension qualifiers (e.g., "delete" HTTP method not allowed, .exe files prohibited) can also be enforced. The Access Gateway provides single sign-on to Web servers and file shares.

Security managers can easily create profiles and groups to define users, machines, and/or networks, and how they must authenticate--Active Direc-tory, local database, LDAP, RADIUS or RSA SecurID.

The Java management interface is complex but well designed. Documen-tation is excellent.

Organizations can enable detailed logging per user or resource (e.g., logins and logouts, resource accesses). Specific events, such as an attempt to access a denied resource, can be configured to generate an alarm and send an SNMP trap to a network management system, such as Hewlett-Packard's OpenView. We would have liked to have been able to directly generate e-mail and/or pager alerts.

The Access Gateway can generate a variety of useful reports, including system performance, resource activity summaries and user activity details, but they can only be exported to .csv files.

With its plug-and-play architecture, multiple authentication options, granular access control, strong security features and detailed reporting, the Access Gateway is a good choice to enforce secure access to business resources.


Dig Deeper on Network Access Control technologies

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.