SSL VPNs made simple
The enKoo-3000 meets the remote access needs of smaller shops
One unique feature found in enKoo is a host program called Beam that runs on your Windows desktop and allows you to control your PC remotely via a Web browser. Installation of the Beam host component is done from enKoo-3000’s Web portal, and you must have local administrative privileges on your PC to install it. Also, all Beam hosts must be on the same local subnet as the enKoo appliance. I tested this by installing Beam on a PC located at my home office. When I tried to access it from my test lab over an IPSec VPN (different subnets), I discovered that it was not listed as an available resource. On other PCs local to the appliance, Beam worked well without any real problems.
I had no trouble accessing file shares on any of my Windows servers and desktops even across domains -- support for Unix shares is also built-in. As with other enKoo services, a Java applet is pushed to your browser on access. If you use Internet Explorer to authenticate to the appliance, the enKoo will try to reuse your credentials when accessing other Windows resources. I found this to be hit-and-miss; I had to re-enter my user name and password on more than one occasion to reach a file share.
On the plus side, I limited file access at the resource level, all the way down to a single file. Here the enKoo-3000 allows for users to be placed in groups and rights to be assigned to the group as a whole. Unfortunately, this feature is available only for file level resources and not for any other service.
Another complaint I have is that the Java applet that provides access to Terminal Services and Secure Application Connector rewrites the Windows’ Hosts file to include local loopback addresses for enKoo-protected resources. The Java applet listens for requests made to the resources on the local loopback address and redirects the traffic to the enKoo appliance. The upside is that the Hosts edits are automatically maintained by the Java applet and the entries are destroyed when the applet closes. The Hosts file modifications did not trigger any alerts or warnings from my PC’s anti-spyware software.
The enKoo appliance does not check the integrity of client systems -- such as whether anti-virus software is running and is updated with the latest signatures -- before allowing users to connect. If you need end-point security scanning, you will have to look elsewhere. Also, you cannot specify the strength of SSL encryption; the enKoo is hard-set to support only 128-bit ciphers.
Logging and reporting is available in the system, with various filtering capabilities to help narrow down what you seek. Syslog support is not in this release, nor is SNMP support.
The enKoo-3000 does not offer all of the features that a very large company would need, but it hits the mark for smaller shops, providing secure yet easy-to-administer remote access. When LDAP and Active Directory support are added and the wrinkles in the Web Apps connector get ironed out, the enKoo-3000 will begin to encroach on the territory now owned by the Aventails and the Junipers of the world.