The days of simply providing a user name and password for network access surely are numbered. Pursuing the new grail of policy-based access control, the ECS (Elemental Compliance System) Version 1.1 is a server-based system that uses small Java agents on Windows, Red Hat Linux, and Sun Solaris hosts to collect system information and to monitor and control all computer access on the network. Based on the details of the access policy, the agent may allow a computer to connect to a group of hosts while denying connections to others.
ECS knows all about each system the agent is installed on. There are literally hundreds of attributes an ECS agent reports back to the server for classification. ECS agents not only run integrity checks on hosts and enforce client-side configuration policies, but also provide a mechanism for managing hosts not running the agent, gathering information about unmanaged hosts and dynamically placing them into an “unknown” group. Managed hosts will then either allow or deny connections from the unknown computers based on the defined “unknown hosts” policy.
I tested this feature recently by deploying the ECS agent on two Windows Server 2003 servers and attempting to connect to both from another PC with valid domain credentials. Because my PC was unknown to ECS and the unknown host policy was to deny all connection attempts, I was completely blocked from my servers.
The ECS server allows you to express policies that govern host configurations and all communications among hosts throughout the network; controlling rogues represents just a small slice of what this innovative product can do. I’ll plumb the depths of ECS’s capabilities in an upcoming review.
Elemental Compliance System V.1.1
Cost: Starts at approximately $100,000
Availability: May 17, 2005
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Angular 3 will have better tooling and will generate less code; Google also is promising a new major...
With no new Tuesday surprises, here's your opportunity to catch up on the latest updates for Microsoft
The creator of C++ sees concepts in generic programming as key to more efficient, reliable code
A port of the popular Torch library, PyTorch offers a comfortable coding option for Pythonistas
Code signing has its limits. Starting in April, if the JAR file is signed with MD5, Oracle will treat...