| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 | ||||
 |
|
|||
 | ||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
 NEWSRemote workers armed with CyberArmor By Mandy Andress, For InfoWorld Test Center August 29, 2000 The growth of distributed networks, spurred by the need to support multiple branch offices and a rapid rise in telecommuting, has opened enterprises to more network vulnerabilities than ever before. This trend will only continue.
A new suite from InfoExpress, CyberArmor Personal Firewall 1.1, is designed to protect the end-user system while allowing centralized policy management. The dynamic, granular security policy capabilities of CyberArmor make it a perfect fit for enterprise security, earning it a score of Very Good. CyberArmor consists of four components: Policy Manager, CyberArmor, CyberServer, and CyberConsole. Only two of these components, Policy Manager and CyberArmor, are required for functionality, but the remaining components allow administrators to update, install and monitor the system while giving them enough warning to react to attacks or suspicious behavior. We recommend installing the additional components because they add the features and functionality that make this product ideal for the enterprise environment. Policy Manager lets administrators create and edit security profiles, configure run-time settings for users, and create self-extracting CyberArmor installers with predefined security policies. These security policies can control network or system actions through defined profiles. Network profiles specify what network activity is allowed in and out of the user's system, with the default policy set to allow traffic to pass through the firewall. System profiles specify which system operations can be performed on the user's system. For example, a system profile can be configured to prevent e-mail attachments with specific extensions or even specific file names from being executed, which should help prevent the spread of viruses. These policies have very granular settings, making it easy to incorporate CyberArmor in even the most complex security infrastructure. CyberArmor is the client program installed on end-user systems. The executable is created by an administrator through the Policy Manager program. Administrators can then push automatic policy updates to systems via an HTTP server, meaning no user action is required. Giving its notice CyberArmor also can report suspicious activity to a server residing on the back end. When the system boots up, the application launches and runs in the background, monitoring traffic at both the application and individual packet level. CyberServer receives notifications from CyberArmor when suspicious activities occur or when routine updates have been configured by the administrator. CyberServer runs on Windows NT as a service and records notifications in a database. CyberArmor can be configured to report only specific activity back to the CyberServer, and the communications can be encrypted. But the encryption is based only on an encryption key created by the administrator who configures the policy and must be the same key for all systems. This method of security is less than robust; it wouldn't take much for a malicious hacker to crack the code. Additionally, allowing such notifications to be exchanged via the Internet opens another hole in the corporate firewall, thereby increasing security risks. With these drawbacks in mind, whether or not to use CyberArmor's notification capability is a judgment call that each administrator will have to make. We would like to see an improved communication mechanism between CyberArmor and CyberServer, such as SSL (Secure Sockets Layer), in future versions, . As administrators use Policy Manager to configure multiple security policies, CyberArmor scans these policies and detects them through administrator-defined triggers, which need to be active on the end-user's system. The default Pre-Filter profile is always active and protects the system against numerous attacks predefined in the application. An Internet Filter, a VPN Filter, and a Corporate Network Filter can all be configured with different security settings catered specifically for the access required by each network connection. CyberConsole allows administrators to examine the CyberServer database to see what is occurring on remote systems and to generate reports. CyberConsole reads the database and tracks which incidents administrators have processed already. This allows them to see what is occurring on end-user systems and catch attacks while they are in progress, protecting the company from the possible loss of valuable sensitive and proprietary information. One problem we encountered in our testing of the CyberArmor suite was with services did not respond on the same port as the initial request. This tool uses a state table to track incoming and outgoing requests but only for those communications that use the initial port throughout the process, such as HTTP on port 80. The most frequently used service with this problem is FTP. InfoExpress has included special rules for FTP servers to fix this problem, but other services, such as NetMeeting, will not work in this release. You should carefully examine what services your company uses to ensure CyberArmor will support them and will provide your end-users with the functionality they expect. CyberArmor provides a way to secure end-user systems in a distributed environment. It is well-suited for protecting individual systems with remote access to the internal corporate network as well as for an additional layer of security systems directly connected to the corporate network. The tremendous granularity supported in security policy configuration and its ease-of-use would benefit corporate security solutions.  Return to the End-user firewall package. Mandy Andress is chief security officer for Evant ( www.evant.net ) and president of ArcSec Technologies ( www.arcsec.com ). She can be reached at mandy@arcsec.com.
 RELATED SUBJECTS  SecuritySPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
