The latest version of SecureSmart, Perfigo Inc.s WLAN security and management suite, bolsters its already-impressive gateway security and management services with the CleanMachines module. Administrators looking for patch and anti-virus remediation of their wireless-enabled clients will benefit greatly from CleanMachines much-needed layer of client policy enforcement—once it is fully implemented.
The Perfigo SecureSmart solution, which is available now, consists of two software components. The $11,990 SecureSmart Server sits at the border of the wired and wireless networks, offering firewall inspection, user-dependent access management and encryption services for the wireless LAN. The $12,490 SmartManager, a central configuration system, pushes access and configuration policy to all SecureSmart servers, managed access points, and it includes integrated and pass-through user authentication services.
The SecureSmart suite is based on a hardened Linux kernel and can be installed on almost any x86-based server, including Sun Microsystems Inc.s Sun Fire V60x/V65x. In eWEEK Labs tests, we installed SecureSmart Server and SmartManager on a pair of Dell Inc. PowerEdge 650 servers.
SmartManagers powerful policy creation tools define access rights based on group membership. Users and groups may be configured through SmartManagers internal user database or via an uplink to Windows domain, RADIUS (Remote Authentication Dial-In User Service) or LDAP authentication mechanisms.
In tests, it was a snap to configure a tiered access policy where unauthenticated guests have Internet access for Web and e-mail traffic only, authenticated users have full Internet access plus local file-sharing and intranet privileges, and administrators have total access to everything.
SecureSmart with CleanMachines
Perfigos $32,500 SecureSmart provides capable wireless network security and management capabilities in addition to flexible client vulnerability and remediation services. The optional CleanMachines access point management module is unique among wireless gateways, providing a useful method of maintaining access point policies—but only on Cisco Systems Inc. or Proxim Corp. gear.
EVALUATION SHORT LIST
During tests, however, we ran across interface irregularities with SmartManager. Specifically, the access policy editor requires administrators to fully delete address ranges instead of simply editing them, and the internal user database password field gives away the length of the password, albeit covered by asterisks.
The SecureSmart suite distinguishes itself from competing products from rival WLAN gateway vendors Vernier Networks Inc., Bluesocket Inc. and ReefEdge Inc. by offering an access point management module (at $7,990 for 100 access points)—although for a limited range of points.
Using the SmartManager control screens, administrators can easily view and push radio cell parameters, network names, security settings and firmware revisions to access points individually or by applying templates to groups. In tests, these capabilities worked well, provided SNMP management was fully enabled on the access point before deployment.
However, SecureSmart lacks the in-depth access point reporting, alerting and automatic configuration enforcement capabilities that come with stand-alone wireless management systems from AirWave Wireless Inc. or Wavelink Corp.
We tested a late-beta version of the CleanMachines module, which is available now as an $8,000 add-on to SecureSmart. We found CleanMachines feature set isnt fully baked, but the module did show a lot of promise. After a wireless client authenticates to SmartManager, the user is redirected to a quarantine zone (a customer-controlled Web page with links to the latest patches and anti-virus updates) before he or she is given access to the rest of the network.
A network-based Nessus vulnerability scan, performed by SecureSmart Server, checks the client for known weaknesses and open ports and submits an assessment to a user, allowing the user to identify required patches. Perfigo provides a few Nessus plug-ins (mainly regarding the Windows remote- procedure-call flaws that led to the Blaster worm and its ilk), and administrators can add their own plug-ins.
Perfigo could stand to beef up CleanMachines central logging capabilities by giving administrators greater trending insight into the vulnerabilities on the WLAN. The CleanMachines beta relied on the honor system, requiring users to certify that their systems patches and anti-virus ware are up-to-date before allowing them out of the quarantine zone.
But the CleanMachines-enabled version of the SecureSmart client, released at the end of last month, takes protection a step further, performing local client scans to identify outdated anti-virus definitions and incorrectly installed patches, thereby requiring current protection rather than taking the users word for it. (The new client was not available in time for our review.)
Aside from CleanMachines functionality, the SecureSmart client, which is priced at $2,800 for 100 users, features encryption services and capabilities for detecting rogue access points.
Discuss this in the eWEEK forum.