Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


SecureWave Gets High Marks for Lock-Down Capabilities



 By: Andrew Garcia
2007-04-17
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Sanctuary 4.1 provides unparalleled control over user devices.

SecureWaves Sanctuary 4.1 is simply one of the most comprehensive security lockdown products eWeek Labs has seen to date, allowing an unparalleled granularity of control over user devices and settings.

While initial deployment can be complex, and ongoing policy management could definitely be better organized, Sanctuary 4.1s many capabilities will go a long way toward locking out mischief while clamping down on data.

We tested the Sanctuary Device Control flavor of Sanctuary 4.1, which provides device lockdown, encryption and in-depth reporting.

Resource Library:
SecureWave also offers Sanctuary Application Control, which is functionally akin to Bit9 Parity. Customers can get both products in the full Sanctuary suite.

The first thing we noticed about Sanctuary was the incredibly deep level of control it provides. Not only can Sanctuary control access to pretty much any device we could think of (including USB drives, CD/DVDs, PDAs and infrared or wireless networking ports, among many others), but it is also bus or connection aware. For example, we could create different access rules governing the use of wireless network adapters connected via USB and those connected via PCI.

We created policies in the Device Explorer panel, one of many configuration screens in the Sanctuary Management Console. (The console can be installed on any Windows machine throughout the network.)

The Device Explorer looks remarkably similar to Windows Device Manager, but underneath each listed device class are line items of the access policies rather than individual devices. For example, under the Removable Storage Devices class, we configured a series of rules, assigning different access privileges and requirements for Domain Administrators and for Domain Users, as well as different copy limits (how much data a user could transfer to this device) and shadow policies (reporting exactly what elements were transferred or accessed from the monitored device) for each group.

But this granularity can get confusing as the policy rules for every user and group are muddled together. We could pull up a report of the specific rules applied to a specific user or group, but we would prefer a more object-based approach to policy definition, where we could create policy templates that we could then apply to a user or groups. This could extend existing configurations to new groups or users as a company grows.

Sanctuarys reporting and logging capabilities are outstanding. Prepackaged reports allowed us to easily pull up a users or computers specific permissions, while the logs allowed us to track pretty much anything under the sun, including the number of times a user accessed a device and when; how much of a copy limit a user has usurped; or violated access permissions over a defined amount of time.

We particularly liked the audit log, which tracked Sanctuary itself, reporting what policy changes were made, by whom and when. Sanctuary also can be used to secure removable media devices with AES 256-bit encryption.

Administrators encrypt the USB device at a Sanctuary console, where they can also optionally assign the device to a specific user or group from Microsoft Active Directory. Using Sanctuarys centralized encryption features is much easier if there is a Microsoft Certificate Authority in the domain. Otherwise, administrators can push USB device encryption responsibilities out to the users.

When users try to access the encrypted drive, they must provide the encryption key (which administrators can export to the device directly or give to the user another way) and a password. However, Sanctuary does grant the ability to use an encrypted drive on an unprotected workstation—as long as the administrator enables Sanctuarys Easy Exchange feature, which loads a Secure Volume Browser and the encryption key on the encrypted drive. The user can then enter a password to unlock the device from machines not protected by Sanctuary.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: SecureWave Gets High Marks for Lock-Down Capabilities
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Andrew Garcia
 


xv㶲(@=Lzȶ֌eyZv:{MĘ"9In'{zYcS7]hɗN;i["PU( Aȹ3!]ל۔\sPç v$5wv]2i* d&@ jہ)}mk4 uB;;#|6S%߽w *s=NN5KԚLÆ|g&$Ʈl dkdp,FcwO5d{9B ~5[6m(GJr(ZB; ?*B4 \2ITߦuB)~{Te䆡;g? CKt/"(?c&c?9;|'fwgB(ƻFՉziZgdd vu=yͨ /B1r!f-BM*-M Dƞ4IC d#̒JKN`:rm3G^C]õ]Z.R͌eCwt=POMҷB($g >v?&?Q Ig%KaS+)Kk0~b[4Ip\.*!}= :ҍ}4 .j.9aM S /dRr-2QȲnMw3a[Mѡl7ZkuE9,},tr_,\h7F}sjw ? n8uh;ZCJy]J> Es|N}~N5y9vtx/ȯ;YHM~cDJ V,D-ԁNWP?? u5}(ĭ~W-hZIAvina[E4f™EU}dNhp"?[U&U}Y6f0ZiCA+WtW?c[ˠjq}zrtqݹ8]i?u}d't6 +?;VU'_ZUCp='^=zlrK,.iTW%ᇓeLCxy$Y.r6Cj ݖEB_*D\_/Rzhf5 t @CX&%{e":u PsƊf}t-Mn #dh&ͭFh- @ho*K>Lr &@Sk~$GM\5ņ])!edFS{۴/^$P!P샖_. jNՇTwEQS'=^f&/\RD3Al8{ÄWTwsQ iz\28>D]7kDm.-s5-wfcZVp3i[Wҿ]{[0*>cq4Y`A-. 8ǹ:on:j~b:|52o+r%(NMf[ԑplPòǔIz}y?g 6aϨ>|鎓z>:AGAtišwh4ϬP7h`C:ҋ;LZN;ݧn]=&tno/*AbG& ahh5 >Fm &>ql8d$n)s>sLn-0(5I#=ˋ0P6 = 2/?>aCxwݐH~OBt"AђF )4 g #X"K"'GA7gw$]Vi+RaD4T*nOu$wV*_*esRأXB YX/E_R23#CdɬaX91{MfT`"[ᛥDKak`F\jI$M#AIqLZۯ(CeEgO]6ˁ)ts#OΡ Gxljt0τ{8Ƿc˰`xҚhyNu!SB3A ~63:-ئ_,dk6q;2` M l4TfFfOhp }5lwnr ,{t?dcMEikJι/7)j`~Tn^ßf1_w\ճ&VAB glC(b'pCfiȜ^ftTRo?mM!tf:!{j-j&O[_&TYV0>2ei[FMj_>Oڹa3 %P$wS$l%U)z@4-}=_T<}: )e!\o N(>E TXäԺ)X[*( +{ҵg; Ң^^S48~|2^ۄ歨C`VA`Ng43aJ[6 ˾_GM{R^ /0ktg fjE)jB4'P/#[յ /S+wڶ{Ot]QG=XZ1B3`mpjZ GZ.L"fAqA029 +;fc2AA+p& >AkwYgȲJu'6$\]Rj)2LZ(6A`eLI^t@CFM@X G\d]`А(BrIa XWkP// 7]@&TAÊ?DNScO}.C+DÜU^oVSw/$ZTrCjvXVkqvJ.΃wq)4G @rg}~s`ћzř1FtYkJo/!^Rgw%UXY81f-10kE /ÊTU5 +i fR9!} ldA;X~\W4Uud¹`Qеa⢉!h;+4khý235R˥U;OPd[Ђwk-{BdEzԲG:*5P6*0{nGG$X1>̌k}P~sXoY :چHiw3 9f5Nk};`[%Jk欭x+,s Jb+ʹV(EcDExkC|6Œt8YTϘ'_߯X37(pO,УG'~7sO>Uc/|e2-tn1c%[œ[2|'@d)3NQ&grf>ja;9Qo@Hms10 ZH[^OI07$0|7[JEVK`uցDZ%y9HǞ1]]2Yޘyֱ4>ʐiӘG2gdYhVz\ w2|uMo 4y̔Qʃ",߸X̡֪g~hJJ]aQn6=IT\Q=@Q>M|ݤ1p Nu< {HZ2:n1RʵRM()BDD\NJZbmM lJq~XC τkx~E 6 2j=kR/ԕMOe%3Eq1쎸8DX=xd6 ѣ5Cv53up0Ns-4َ󬼇Vum4MtX"5J7eFV5XI0iuI+KZ =2aӣ>U}?*\&Iv3ҿ﩮 BGDo0|^% R#Zִ2hw ĶVU '}Di!`\Q+{),%~w9@` |ZUj rF22@BZNb.x<'߾b[D mp‚'T.n߂B'G+cI`GUI8x J*6/ȟ-1ݽ]=L _BQ`nо(&ц0pmOI@ NEw%]wם)ilw1N[9>oÏM1k0fhRbQ1fF<$FD/!B2.g^|}XhrslP5õhlCꏝ/a֭ Bf-.3bB!bNgCT䵴f[YUHO~'%6 XTzH0Hr倜b{~U߯Il{7s,#(`p'#9ʼS3a( GW .[ CvcNأ&k{?wynL xqf='so.(cǩm:;@DFP$w"B+QDK%ז9a>TAkv,3x\J}[<,'Mw[!'=r}EZgQW$ tD#(oZ7۸;.zʜ(=~!G&zE>qF.Z;ݷ͆ؓ9{Jǻoc Ǯv'ۻw}Zw[q*ApMG AgEϯ>q~sPMfC$ ;yJjwQأS0$&nUDvwwR  _Xpcd28Wr?L(f# w2@-X 3`Y=fN;O=(}IͫNq(e_Bl AWAgSFMt w]n!1hYpCxӔ׆3e)@L݇vEGl+괘vT;Ò3 nx˵dϱ\?S9%WCޮ8@wWڦmRg70I*ZI'͟%yҚi=W?MxE֩_Qb9fiYYn#Yb+n&N\ȯ_BF@mC 9$}a2P)kj>p5r7 -/G5BٳPe `@ DA}uQ)jz%F- ~öbZuz@8gh/?%h1t-srfRۙ&Xg2u|N\ϞO.o̹v㍤U+jE*Fܹw`.0D&6I0D&B2D){Ȉ RD'Фw=]s|+orR{.XEx3*RT"u]̋#7k i릸t mS}٬8p'YpL 8Aூ+JB^ޞ/M|9JWv 3%OVy%FrKJØ$HMҠ_[> "<&GnʓgɁ+T…h$nshum‹@ts9˥19E [ghTVtI7KM矠dجNbId;Tf(nŲDͲ%イ)*xŨ[,^ᰌ2oo8HEҋ9V9V9V9Vc^RJ;V}U-.+]Խ:&ե*Z]`jѻ8fC H+Ow>{O:&XGV#\|y6WcX@38sџ[!V:Z3x IxA8\\ܼ!}2!b mjoKzUN>0so5?8 v! ^? \y鳹>`ޓ:0akܙ/%u0Ծ_c4q@/ap XIm7 ApSXYh"|RՃ \˘ZV=Fۘ9-/.@"4@R᭗ =>ǿ!Uےd. y'75{7Yn%|ٖj*l8Sꠖ=qg ]">sį<.5#M.!ۙ ۯddG:wS<V\. Q\a\a\a\aV.մksEyi< 4ɜ.11'nJX _[\}mˤF6 KM/CxkK:4|k.}uxPk-[hJrK["< \y_ۇ^?K.kݾ `M&axܩUrX2 " (MJrܑ8ftGd/|+8fGQ;ot jk׷ jzCb\W\OSާ,UE]?pٗ58jnKTzԚ9_ۃjgA# F brds![n I$gg%:%9Y~k;Vug`JW X2a b%rn2 ټCa ͯ͝vz\^n^ mwk/Zo([vGNK6ůy2+|f*\O?D%Rڋ_T+ŷj 1.c2ڵK7 * - l߼3 ۩c,fER o Z!ߤLm_mauj^(j$/*Og-]J6eLb5pblC/؆_?  ZRˬkrEI3Ʊ);{Q^4cT1,,3dn{+LIy]ݽ]|Mu-EM _ .K{~i ʕ}K%Xm/'I,b'ruX,hILÑ@u}sTQfYk DtKkqxԴ|)7w- Lk2.N-£E~Oo|֊OZچYΞCmKl ЌBMwĭn zPdn@amIYx1K=M݆.b m0By uM|w#o?y%Su(,1@N|{yNxNtE)LőEG|-A$MDcঐ߃~x_UM:@fWR|#~U1sʉmONxJMq`/BXK,x{$ pqCvErzذj~rmwh>8E'=6i[ M]E a!/(/~aI{6&{ǘ$V9q}EMm&^W kQ $flZO'p.4XDJ Ň!&quQ%./)_V6LPEm.MEfIȢDE\1]Ք}ub? @,ttAk-c"K]ɖ1x~[/Mz'5aL5P;IU6'a|QB@*VH5isYOksM>؜>7-iM13X50yfB׵avD3e|W@O[fkhP♛U<֝UؓRc-*);,Ou,ME4I8˝z >tk 6fLµO9A*d 8IVSDcޥ\U"cMcZ~RQߡ,d^ +uMi fOPf; >G N4r'ǻDlaF3P}ӂ"Z{4ֱ:r敊V.իۺoߓzK5Ò) X3(х~-?"Ado( a|tP[ozp׳Ƈ/.jSx2#E ({{i ~Hkk cw6;QrBg vb"mkmnAjT["}Fh뛫u +K,-^`9Ud[h, ¨FJOaLwtcd)@$}/Hk4W"Yu?lg`HGLm5jJǛh-;Q25&1DxcLW<00t#PγjNT\֏pY|XC3 CLv/?VHE+oS[YS!_E_-7iv#:&6  ):E]БܟޔjmO*oIgO.c4}x}A6ڄyiǥ4Y~gMr+/ώ\ixc#ٌk3du rF@Yf!s;H]YUc `xF$!fw?:}?o>zxX2+-d=h:}GL7=a=Lnrn[ք ឰ 5"_&.K@6"))Ĵ0? &"cs6#|- ;\݋O#O%cZ|G"{X#&3)-+9;8!f_$ FKd#ET&}fA=`Aa~L­!~Rfjs# x_ڰf4`ynF"O c8; wSܕkوxdf,EףΛ]-GAGG71`p ?vS]!us x\fH֎<$Ѕ:x,@#!9ωKkS c 7úޛZF #}AaP8Z  +z+uT'I]WP)9CȮ KTU:|.Oa@\yݬf/ǯ[iJdR. ?h$@쌆=xɾx t0 c3brLufx ZiUMWAwAk]~>\/:Ba&hL/湾,Ǜ,# rz궙283M B*rKxu< /g%qx&(? E_VCĸҋSe0/LLNNOֆC|~ƋxYjy,Qz MPЦ?h Jc~ij4}V0.8SL~}< vn'(W}S::s/=IR<9k]T(RhK "S^9,.Ns'{'sg#q$]a芫-5nk ǤZuvņ^_BKHe^ٛLGP/<,Y}Mʱ 4rk 7[yDYII{2}tEi>r𞫫i@Lwe<-cENz).~QFxdB$dZ+mFDgcOD1KAF0w9ݧ,O;H_ẽxĿ-NÙݞރ轊r m.n+0 4` .nsOkz>sa"[~r^<^Ȭu5WlNA6KֈE>Yݩ7 xЧx.؅ ߊč,z %h00(\ߏ|rF>^֪p3lc}o >;}u:^>Cg>k'[*8y:S w߽,RK|c ,~(hع+j_髡j:pÅ̹H|3q X94l HGRiejRߑN0lFGDd1| ̈ɪ"+uw9 8]V*r `" *s>P`24UF` Ԋz!J1 4`֭tK1;BDO"OӉ7:fCWe",dƋ&æʗጽNۯDʑ $` pLB Psgq =u] XIm&<ZA0YǤK4l!Klɜ]k'b#'m/ÙZ#wJY&5$W!Z-7cUrߢQ-x-(B:=A>O 0 hJ/.ݳxIKQ,Vkk`Vep-c6O-5U,%O|wfɉ|!k;0BRhfNY7( 8[]^NȇA$4M " n#|@65`35xg4Ɲn)ÌkR8E| Ev͘&1 >Ih|1@u4b5V$G3x7X%05:%xlAfзLFB]%nrǶ;7% \ؓǀʞq\ق|8=;zlF"2 ]3CK~ Yx\ Hv2='V``53vǗԥ:D@z_L&)Ҵ`Qf}^(ul70H-;osҿLx EW& Oς)1*<&l7fV$0uocY|&>x*$""H "s{D|%ЄZsJdB2,'KY/ס)e4da9eoE52FXk[MA%c7u>KwonUv|>%Ͷ TF\gȌQ)xށAGR$Ma{-ăV v,˽X+==ASh<OWނEXI%2FmÜz)JJ)@rt:V*Hv&x*DԺ mQF޺%pm.;+C&bz:SAWݥ ,/2+E[zZ*nԕU`7g#~*VœA>h4M(_ْk0F-Hˍtf_d%\"d<l[ +"  KmӬ1s¥"UXJNRX,8.# kl=i3;]r$c%i#v|@ }(ۊnfT| %`GYU`ZKr 8ǩk[Vmx{ w}u+e!)1:f˟]lہQ#nHWTFM[¶":upxm;}k{&*l+k[؅nTxI;s__@>{z?}YzǸ[0rczzwY='8KiJ epCikZK (Dq] XâȖWITR6!;دD?8- ciĬ;acXJYF!& ?O80Ux|-h\l}[ݸtm˸0#Ÿrz,ɀ~U´Bd+KW̵1%X^5FElT$bB}AH~Ð!goh=5nBM]&DWK54Ƙb~0-X+0V_kASkLeU|t#GYEL`&;]+ N*t&vж?8acL 1L3,R.7Wv!;ZyƋ|_E>ODNű<<Sf}')VSL_X1_ܣ|:L+ .ƕEy_Sq||>o/]S,w1N[RI>Q}v,:~vڎ.3Jbq')nw> V{W XٺqKZ?}86=EKB] T>VurҹuM+_1dF[Wy &F{˳̆UZ*$gr09dv?,MMn3a-d