Permeo oversees application access
Poor installation, documentation are the downfall for otherwise effective Application Security GatewayFollow @infoworld
Permeo’s Application Security Gateway gives enterprise managers the means to provide pinpoint control over how internal users access external networks and how remote users access the network. With Permeo ASG, you no longer have to worry about whether users are running auctions on eBay or visiting porn sites. It also means that your applications can’t be hijacked to send sensitive data to places it shouldn’t go.
I found Permeo ASG to be effective and reasonably straightforward to manage — when it was finally up and running. Even with on-site support from factory engineers, it took three tries before we could get Permeo’s software implemented and functioning properly.
Exacerbating the situation, Permeo’s documentation is thin and inadequate. You’ll need to have your support staff well trained in maintaining and operating ASG if you plan to make this product the vital part of enterprise security it’s designed to be. Even then, staffers will probably need to keep Permeo’s support number taped to their phones.
I installed the Permeo Applications Security Gateway on an IBM x335 server running Red Hat Linux version 9. As shipped, the ASG only works with Solaris or Red Hat Linux. The company says ASG will work with SuSE Linux with a few modifications, but fails to document those modifications. You will also need to load the server software manually.
The Permeo ASG sits between your network and the firewall leading to the outside, where it will allow only approved traffic from authenticated applications to reach the Internet. Users must access those authenticated applications from one of two Permeo clients; if they use an unauthenticated version of the app, they won’t be able to access the relevant data or network beyond the ASG.
Although you can manage the ASG server from the console using the Web browser, it’s just as easy to use any browser-equipped client. ASG allows you to be extremely specific in what you allow network users to access. If the destination isn’t on a user’s list, the packets will never pass beyond the ASG.
Because you can be so specific in the limits of Internet access, you need to familiarize yourself with the Web sites you’re accessing. Not only will you have to provide a top-level Web address, for example, but you’ll also have to provide the details of any subsequent domain change, something that happens fairly often. Despite having to update these addresses, the specificity is worth the effort — you can even restrict users to certain pages within a given Web site.
Permeo ASG uses an agent to provide authentication between the ASG server and the client machine. The Permeo Clientless Agent, a Web site on the Permeo server, controls which applications are allowed access to outside networks. Apps placed in the Clientless Agent can go beyond the ASG’s boundaries; if an app isn’t listed, it can’t access the outside world, and listed apps can only go where Permeo says they can go.
For example, placing Microsoft Internet Explorer in the Clientless Agent Web site allows users to browse the Web with full access. Users can still browse sites on their local network with their local version of IE, but they won’t be able to reach anything beyond the ASG machine without first going to the Clientless Agent and running the application from that site.