With version 3.0 of its CyberGatekeeper LAN suite, InfoExpress Inc. brings excellent network access control technology to wireless networks. Organizations looking to control network access will find CGLAN a compelling purchase—provided CGLAN works with their equipment.
Click here to read the full review of CyberGatekeeper LAN.
2
With version 3.0 of its CyberGatekeeper LAN suite, InfoExpress Inc. brings excellent network access control technology to wireless networks. Organizations looking to control network access will find CGLAN a compelling purchase—provided CGLAN works with their equipment.
Starting at $9,995, CGLAN 3.0 includes the 1U (1.75-inch) CyberGatekeeper Server hardware appliance, the Policy Manager software component and a license for 50 simultaneous endpoints. A 500-user package costs $24,995.
The major problem with CGLAN, which shipped last month, is its lack of supported hardware platforms. At this time, CGLAN works only in conjunction with switches from Cisco Systems Inc. and Nortel Networks Ltd. on the wired side, and Airespace Inc. switches for wireless connectivity. Wed particularly like to see InfoExpress extend its Cisco support to include Aironet wireless products.
CGLAN taps Airespaces flexible ACL (access control list) capabilities to unobtrusively quarantine hosts found to be out of compliance with defined policy. CGLAN requires an agent to be installed on all hosts that want access to the network. InfoExpress provides agent applications for Windows- and Linux-based hosts, plus a Web-based agent for easier deployment, but at the time of testing, only the Windows application worked with the wireless module.
Each agent is preconfigured with the IP address of the CGLAN server, so the appliance need not be installed in-line with traffic. This meant we did not need to rearchitect our network—a big plus, despite the hassle of deploying an agent across the enterprise.
We tested CGLAN with an Airespace 4012 WLAN (wireless LAN) Switch (sold separately, priced from $12,000) and an Airespace 1200 Access Point ($400).
From the CyberGatekeeper Policy Manager, which we loaded on a Windows XP workstation, we defined a simple policy to check for up-to-date anti-virus and desktop firewall applications, then uploaded the policy to the CGLAN Server. Because CGLAN is agent-based, it can dig deeply into the host operating system, allowing administrators to write tests that search for active processes and unapproved applications and find missing patches.
Administrators configure each Basic Test to enforce a single applications parameters; multiple Basic Tests can be chained into a Compound Test for more complex rule sets. Organizing these tests can get complicated , but InfoExpress support Web site supplies many templates for common applications.
When clients first connect to the WLAN, the 4012 WLAN Switch assigns restricted access per the default ACL. The CGLAN agent then downloads the policy from the CGLAN Server and scans the host for compliance. If the host passes muster, CGLAN notifies the 4012 WLAN Switch, which allows network access to the client. The agent continues to scan throughout the session, automatically quarantining hosts that fall out of compliance with the policy.
CGLAN also provides a handy notification option that displays a pop-up on the host when it falls out of compliance. The pop-up can be configured to explain why access was terminated and can point to Web-based remediation servers with up-to-date patches or virus definitions.
Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.
Check out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.
Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page