One of the most difficult parts of setting web access control is figuring out just what level of access to provide. Often, its tempting to be too broad, rather than bringing authentication to a granular level, where it can be more efficient.
Camelot Information Technologies Ltd. has attempted to solve this problem by creating an access control system that learns how users access Web resources and helps administrators analyze this information to build tighter access control.
The ultimate goal is a system that handles all access control on the fly, although we dont think we would completely surrender this task to a learning algorithm. Luckily, Hark lets administrators turn off the automated access rules and also allows administrators to define standard rules-based authentication.
Hark 1.3, which shipped earlier this month, runs on a dedicated Windows 2000 Server system, which is hardened to the point of being like an appliance. It is priced at $9,490 for one server. Like many other access control products, Hark also uses agents that reside on the Web server and enforce the access control policies and also send information to the central analyzer, which runs the learning algorithms. Hark agents are currently available for Windows servers, NetWare and Solaris.
Although Hark proved to be a very capable access control system in eWeek Labs tests, we were surprised that Camelot chose Windows servers as the base for its system. The company does harden the system, but if the idea is to offer a highly secure product, it might have made more sense for Camelot to use a highly secure operating system such as OpenBSD. Nevertheless, in proper setups, this system should be isolated enough to not be the focus of attacks.
Information on Hark 1.3 can be found at www.camelot.com.