Entercept Upgrade Padlocks Servers

For those who are hard-core about locking down servers, Network Associates Inc.s Entercept 4.0 is a softball-size padlock.

The updated intrusion prevention system, which started shipping last month, provides kernel-level security protection for Windows, Solaris and, new with this version, HP-UX. The administrative complexity can be high, but Entercepts security benefits are definitely worth the effort.

Entercept is reasonably priced at $1,295 for the Standard Edition, $1,595 for the Web Edition, $2,995 for the Database Edition, and $3,295 for the Web and Database Edition. At least one $4,995 management server is required. eWEEK Labs tested all four versions of the product on four Windows 2000 servers.

The biggest change in Entercept 4.0 is its new management console (see screen) and management server infrastructure, something that users with more than a handful of deployed servers will find valuable. The management infrastructure uses a three-tier design and now supports multiple remote consoles. Previously, the management tools were accessible only directly from the management servers console. It also has a new, role-based management permission system. Filtering and sorting logs is also simpler than in the previous, 2.5 release. (There was no Version 3.)

Deep integration with the operating system lets Entercept enforce mandatory access controls (a hallmark of trusted operating systems) and enables Entercept 4.0 to provide systemwide buffer overflow prevention.

With this power comes impressive control over exactly which local system resources can be accessed by which processes. Control extends to machine name, user identity, process used, and file or registry key accessed. For security-sensitive environments, this kind of control is priceless.

Unfortunately, Entercept does not provide network traffic controls such as allowed IP ports or authorized destination IP addresses.

Administrators will also need to do considerable fine-tuning to make sure their systems function as expected with the software installed because the default settings are extremely tight.

Entercept is particular about the environments it supports and is most compatible with Microsoft Corp. shops. The Web Edition is only for Internet Information Services on Windows; The Apache Software Foundations Apache HTTP Server on Solaris; or Sun Microsystems Inc.s Netscape Enterprise, iPlanet or Sun ONE Web servers on Solaris. The Database Edition supports only SQL Server (on Windows, of course). Oracle Corp.s Oracle database and Linux are not supported.

Organizations looking for powerful host-based security tools should also investigate Cisco Systems Inc.s Cisco Security Agent (formerly Okena Inc.s StormWatch) for its Windows client system protection and for its included network firewall, although it lacks the protocol-level intrusion detection and prevention features that Entercept provides.

West Coast Technical Director Timothy Dyck can be reached at timothy_dyck@ziffdavis.com.

Executive Summary

: Entercept 4.0″>

Executive Summary: Entercept 4.0

Entercept provides fine-grained security for server operating systems. The combination of kernel- and protocol-level attack detection and prevention provides organizations with a powerful way to keep servers secure, even when not all patches have been applied. Prices start at $1,295. More information can be found at www.entercept.com/products.

(+) Provides kernel-level access control mechanisms and protocol filters for HTTP and Microsoft SQL Server traffic; new console and management infrastructure is more scalable than before; provides precise control over security policies.

(-) Limited platform support; tuning the system to allow normal operation of programs after initial installation can be a painstaking process; no built-in network firewall features.

EVALUATION SHORT LIST

• Argus Systems Group Inc.s PitBull Protector for IIS
• Ciscos Cisco Security Agent (formerly Okenas StormWatch)
• WatchGuard Technologies Inc.s ServerLock