The only truly secure computer is one that's unplugged and buried in a hole 6 feet deep -- or so it's been said. Unfortunately, you can't disconnect and bury your servers to keep them safe. You can, however, move access control from the user domain to the device domain. Anyone can punch in a user name and password and gain access to a secure resource, but if a device must be checked out and approved in order to connect to a host, you're in control of who accesses your network.
There are a number of efforts under way to move the security management burden from enterprise resources to the connected devices. Companies such as Cisco and Sygate have differing methods of accomplishing end-point and network access management, but neither goes as far as Elementary Security's ECS (Elemental Compliance System).
ECS wraps metered network access control with granular policy management and exceptional reporting. Although ECS relies heavily on software agents deployed on "known" PCs and servers, it still enforces policies on PCs not running its agent by limiting or denying connections to hosts that do.
ECS isn't intended for small networks; it's a full-blown enterprise system that requires enterprise-level infrastructure. It also requires Oracle 10g as its database engine, although the company is considering supporting IBM DB2.
In my test, I was more than impressed by how well ECS does its job. I was able to view the overall security health of some of my lab servers and to locate ones that weren't up-to-date with Microsoft patches. To test the enforcement aspect of ECS, I created a directive that blocked access from a host that was found running a particular executable. When the program was running, I could not connect to any protected servers until I shut down the offending application.
Secret agent man
ECS is an agent-driven system. In this release, ECS manages as many as 4,000 agent-installed hosts and will track as many as 30,000 unknown hosts.
Agents collect and report to the server very detailed information about the hosts on which they're running. That information includes OS and patch level, IP and MAC (media access control) addresses, CPU, hardware manufacturer, anti-virus status, whether the host is a laptop or a wireless device, and even if it's running services such as DNS, mail, or Web. The agents also look for user-defined attributes such as running processes. Based on all this (and other) information, ECS automatically places the host into one or more groups, which are collections of hosts that share a common criterion.
Admins bundle policies with groups to create directives, the long arm of the ECS enforcement arm. For example, I created a policy based on an existing NSA Windows XP security policy and deployed it to my Windows XP hosts group as a new directive. The system comes with a large list of built-in policies, and administrators can build their own based on existing rules or policies or from scratch.
The agents have a built-in packet filter, which is key to enforcing directives on the hosts. Depending on the host's group affiliation and the directives in place, the packet filter prevents communication with other hosts or a specific group of hosts. For example, a PC in the Accounting group could have a directive that prevents any communication with hosts in the Wireless group.
| Test Center Scorecard | |||||||
|---|---|---|---|---|---|---|---|
 |  |  |  |  |  |  | |
| 25% | 20% | 20% | 15% | 10% | 10% | ||
| Elemental Compliance System 1.1 | 10 | 9 | 9 | 9 | 9 | 9 |
9.3
Excellent
|
Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »
Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »
This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »
2 Recommendations
