Elemental Compliance System 1.1 leverages the end point
The days of simply providing a user name and password for network access surely are numbered. Pursuing the new grail of policy-based access control, the ECS (Elemental Compliance System) Version 1.1 is a server-based system that uses small Java agents on Windows, Red Hat Linux, and Sun Solaris hosts to collect system information and to monitor and control all computer access on the network. Based on the details of the access policy, the agent may allow a computer to connect to a group of hosts while denying connections to others.
ECS knows all about each system the agent is installed on. There are literally hundreds of attributes an ECS agent reports back to the server for classification. ECS agents not only run integrity checks on hosts and enforce client-side configuration policies, but also provide a mechanism for managing hosts not running the agent, gathering information about unmanaged hosts and dynamically placing them into an “unknown” group. Managed hosts will then either allow or deny connections from the unknown computers based on the defined “unknown hosts” policy.
I tested this feature recently by deploying the ECS agent on two Windows Server 2003 servers and attempting to connect to both from another PC with valid domain credentials. Because my PC was unknown to ECS and the unknown host policy was to deny all connection attempts, I was completely blocked from my servers.
The ECS server allows you to express policies that govern host configurations and all communications among hosts throughout the network; controlling rogues represents just a small slice of what this innovative product can do. I’ll plumb the depths of ECS’s capabilities in an upcoming review.
Elemental Compliance System V.1.1
Cost: Starts at approximately $100,000
Availability: May 17, 2005
Microsoft buried a Get Windows 10 ad generator inside this month's Internet Explorer security patch for...
Hot or not? From the Web to the motherboard to the training ground, get the scoop on what's in and...
Microsoft’s 'Fall Update' promised to put the finishing touches on Windows 10 -- it doesn’t
Stop procrastinating and make the switch from SHA-1 to SHA-2. You may already be getting errors -- and...
What is blindingly obvious to many is still something new to many others, reflecting the reality of how...
Cloud migrations often expose a decades-old architectural decision that can require expensive rework ...
Memcached is sometimes more efficient, but Redis is almost always the better choice