Identity 2.0 from Trusted Network Technologies Inc. is an appliance and software combination that effectively controls access to servers and applications while also providing a good way to record user access for auditing purposes.
Click here to read the full review of Identity 2.0.
2
Identity 2.0 from Trusted Network Technologies Inc. is an appliance and software combination that effectively controls access to servers and applications while also providing a good way to record user access for auditing purposes.
Version 2.0 of Identity, released in July, overcomes some weaknesses in previous iterations of the product. eWEEK Labs had some initial trouble integrating Microsoft Corp. Active Directory information using the Web-based I-Manager administrative component, but Identity 2.0 worked well overall. We recommend that IT managers consider it for controlling access to network segments that require audited access controls.
Identity 2.0 comprises a rather sophisticated firewall appliance called I-Gateway that sits in-line between users and server resources. Identity 2.0s Identity Driver software is installed on both user systems and servers, embedding unique identifying information in data packets sent to and from the protected systems. I-Manager acts as the control interface, and, during tests, we used it to enumerate users and network resources as well as to create security policies.
In concept, Identity 2.0 competes with other secure access control systems in that users who successfully authenticate with the I-Gateway are granted access to servers and resources as defined by the network security administrator. Although we arent aware of other products that use this particular combination of a hardware appliance and software to modify data packets, we dont think IT managers should shy away from the technology.
Trusted Network eliminated a number of initial product weaknesses in this version of Identity. We were happy to see that the I-Gateway device can now provide policy configuration and resource data with SNMP-based network management tools. Version 2.0 also let us create policies for groups of workstations and servers.
The reporting capabilities of Identity have always been impressive, and reporting in Version 2.0 covers I-Manager activity, including connections and policy assignments.
Even with these improvements, however, IT managers should be aware that implementing Identity 2.0 will require significant planning, testing and ongoing operational maintenance.
Identity 2.0 with the gigabit appliance with which we tested costs $15,000 for 100 users and $55,000 for an unlimited number of users. This pricing is relatively high, given that organizations will also require professional services to get Identity 2.0 up and running. Directory integration tasks will also add—perhaps significantly—to the startup costs associated with Identity 2.0.
I-Gateway is a 2U (3.5-inch) rackable system with a hardened version of Linux and a typical front-panel push-button layout. We got it up and running in just a few minutes.
A Trusted Network engineer helped guide us through the process of loading network, system and user information. We recommend that midsize and large organizations engage Trusted Networks professional services organization for the initial implementation of Identity 2.0.
Using Identity 2.0 means allocating operational resources to maintain YADS, or Yet Another Directory Synchronization. (The product works with any LDAP-compatible system.) We initially had difficulty getting the I-Manager interface to recognize our Active Directory information. The system easily and correctly imported user data from our Windows 2000 domain controller running on a Xeon-based IBM eServer 325, but repeated attempts to log in to the I-Manager system using credentials from Active Directory were unsuccessful. We had to reboot the Identity box before we were able to use our imported information.
After the reboot, we were able to perform several subsequent adds, changes and deletions to our user population in Active Directory with no problem whatsoever. Collecting information from a Computer Associates International Inc. LDAP-based instance of eTrust Directory worked without a hitch, so we chalked up our problems to possible oddities in the test infrastructure.
Next page: Evaluation Shortlist: Related Products.
Page 3
Check Point Software Technologies Ltd.s InterSpect family of appliances Enforces endpoint security while providing industry-leading attack protection (www.checkpoint.com)
Cisco Systems Inc.s Cisco Secure Access Control Server Controls user access across a broad range of Cisco network systems, including routers, firewalls and VOIP (voice over IP) technology (www.cisco.com)
Juniper Networks Inc.s NetScreen family of midsize and large firewall appliances Provides integrated, flexible firewall capabilities with policy-based management that can approximate some identity-based controls (www.junipernetworks.com)
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.