Vernier Unites Security

 
 
By Cameron Sturdevant  |  Posted 2005-10-17
 
 
 

Vernier Unites Security


Vernier Networks Inc.s EdgeWall 7000 Rx is an effective network access management appliance that slips into disparate network authentication and authorization infrastructures to bring unity and greater security to midsize and large enterprises.



Click here to read the full review of EdgeWall 7000 Rx.

2


Vernier Networks Inc.s EdgeWall 7000 Rx is an effective network access management appliance that slips into disparate network authentication and authorization infrastructures to bring unity and greater security to midsize and large enterprises.

The EdgeWall 7000 Rx appliance, which started shipping this month, is a 1U (1.75-inch) rack-mountable appliance that includes Vernier 7000 Rx remote access software. The product is priced starting at $19,000 for as many as 1,000 users.

How can you avert identity crisis? Click here to read more.

The EdgeWall 7000 Rx smoothly integrated into eWEEK Labs test network. Because integration isnt a big deal, the most important question for IT managers evaluating the EdgeWall 7000 Rx should be: "Is network access currently insecure enough to warrant the addition of a wide-scope product to our overall management mix?"

In this regard, our tests show that the EdgeWall 7000 Rx is certainly worthy of consideration. It is an effective solution for keeping worms, viruses, and unauthorized and incorrectly configured devices off the protected network.

The EdgeWall 7000 Rx holds its own against rivals and cooperates with evolving network access control tools such as Cisco Systems Inc.s Network Admission Control, Microsoft Corp.s Network Access Protection (slated for future Windows operating system releases, including Vista) and specifications from The Trusted Computing Group.

Our tests revealed that the EdgeWall 7000 Rx could even lead to some unexpected improvements in network productivity by consolidating some hard-to-process access control rules in the EdgeWall appliance. This certainly beats having to track policy rules and the procedures for fine-tuning those rules across a fleet of firewalls, VPN concentrators, routers and other network infrastructure devices.

Although the EdgeWall 7000 Rxs cleanly designed Web-based interface is straightforward to use, IT managers will likely need to spend at least several weeks adjusting user rights, threat filters, security policies and network integration parameters to ensure smooth overall operation.

In tests, the appliance did an outstanding job of restricting end-user access to only the network resources to which they have been granted permission. The EdgeWall 7000 Rxs focus on granting access control at the network, rather than application, layer makes it especially useful as a remote-user control device. It makes all this happen by taking on users and end-user devices at the point of entry into the network, the log-on.

With its release of the EdgeWall 7000 Rx package, Vernier enters the NAM (network access management) arena. Ensuring that remote end-user devices are correctly configured with anti-virus software is one of the most common uses for NAM technology and was one of the first tests we ran against the EdgeWall 7000 Rx. This test yielded impressive results, ensuring that all end-user machines conformed to our anti-virus policies.

Before installing the EdgeWall 7000 Rx, we provisioned a laptop for remote-user access to our protected network. The network contained a fair number of applications and network resources that would typically need to be available to a remote user, including e-mail, a portal and several shared network drives.

We connected to the protected network with no problem using Windows Server 2003 Enterprise Edition running Microsofts Routing and Remote Access service, which provides VPN connectivity. In this test, most of the network infrastructure was created using VMware Inc.s ESX Server.

Everything went along fine in the test until we allowed the end user to surf to a couple of gambling and other less savory sites, thereby causing the laptop to pick up a nice collection of spyware. We also loaded several test mail messages with viruslike payloads that we often use for preliminary tests at eWEEK Labs.

Because the test device connected across an encrypted, secure VPN tunnel to our protected network, all the perimeter defense systems failed to detect or stop the malware on our remote users system. Without much effort—mostly because our test network is very tightly controlled and not running production applications—we were able to use VMware to reset our environment to a known good state.

We then installed the EdgeWall 7000 Rx. Administration occurs in a Web-based console that can be accessed as Super Admin, Network Admin (the credentials most operators would be assigned) or Policy Admin. We think this is a good start, but we would also like to see greater administrator control over handing out rights. One example would be to limit the existing Network Admin role to logical parameters (such as "all mail servers" or "any resource in Atlanta").

Although we think the clean interface is well-laid-out, there is just no getting around the fact that IT managers will have to spend a significant amount of time working with the EdgeWall 7000 Rx to properly configure the device. Our test scenario used only one EdgeWall 7000 Rx, but had we used more, policies would have been distributed to all the devices from a Vernier Control Server, which, in our case, was installed on the same appliance upon which the EdgeWall 7000 Rx was installed.

The Control Server considerably reduces management tasks, but the user interface has seven tabs with a total of more than 15 submenus that pretty much all have to be configured for proper product operation. Even after the EdgeWall 7000 Rx is in place, IT managers will have to return to the Control Server to make adjustments any time a network security element such as an authentication server or a directory host is changed.

To be clear, the EdgeWall 7000 Rx fit neatly into our network and integrated nicely with our existing network systems. We easily configured the appliance to be a client of a Funk Software Inc. Steel-Belted Radius user authentication system. We also configured the EdgeWall 7000 Rx to tap user information from a variety of other sources, such as a Microsoft Active Directory, to authenticate and authorize users on our test network. No test user was able to access unauthorized network resources during our tests.

The EdgeWall 7000 Rx also lets companies set up a remediation center to which clients can be shunted if they fail the requirements for network admission, such as lacking current anti-virus protection or other required software as defined by the IT administrator. We created a remediation Web site where remote users were sent if they didnt have the correct version of Symantec Corp. anti-virus definition files loaded. The site we created allowed users to authenticate to a secure site to retrieve up-to-date definition files.

After following directions to run the anti-virus scan, users were admitted to the network.

After working with the EdgeWall 7000 Rx appliance for several weeks, the hassles of administrative fiddling were ultimately outweighed by the extensive control the device allowed us to exercise over our network

Next page: Evaluation Shortlist: Related Products.

Page 3


Evaluation Shortlist

Caymas Systems Inc.s Identity-Driven Access Gateway It isnt a head-to-head competitor, but it is certainly a good remote access control product that provides many of the same capabilities found in the EdgeWall 7000 Rx (www.caymas.com)

Ciscos Clean Access Network Admission Control appliance A result of Ciscos Perfigo acquisition (www.cisco.com/en/US/products/ps6128/index.html) perimeter.

Labs Technical Director Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.

Rocket Fuel