LANDesk Software Inc.s LANDesk Security Suite 8.6 is a much more significant release than the version number implies. IT managers who are looking for a way to scan end-user systems for both correct configuration and the presence of malware should add LANDesk Security Suite to their list of possible options.
Click here to read the full review of LANDesk Security Suite 8.6.
2
LANDesk Software Inc.s LANDesk Security Suite 8.6 is a much more significant release than the version number implies. IT managers who are looking for a way to scan end-user systems for both correct configuration and the presence of malware should add LANDesk Security Suite to their list of possible options.
Released in August, LANDesk Security Suite 8.6 is competitively priced, with a license fee of $59 per seat, plus $29 per seat per year thereafter in subscription fees for security and patch content updates from LANDesk.
By comparison, hardware-based products such as Vernier Networks Inc.s EdgeWall 7000 Rx family have slightly higher initial costs but can integrate with existing security infrastructure such as RADIUS servers and directory tools and do a more thorough job of securing network-level access.
All products, including LANDesk Security Suite 8.6, want to play nice with Cisco Systems Inc.s NAC (Network Admission Control) infrastructure because NAC equipment is widely used in larger enterprises. Ciscos Clean Access products are competitive in some ways with LANDesks Trusted Access now included in LANDesk Security Suite 8.6, yet LANDesk offers a detailed guide for implementing LANDesk Security Suite 8.6 in a Cisco NAC infrastructure.
Considering the fluidity of the network security perimeter (if such a perimeter still exists), theres plenty of room in the enterprise for LANDesk Security Suite 8.6 and other access control products.
IT shops that are already using LANDesk Management Suite or some other LANDesk product will likely find that the time needed for product deployment is significantly reduced by using familiar LANDesk tools to deploy the new security functions. However, even organizations that already have a LANDesk implementation should be advised that the new Trusted Access functionality requires that all end-user devices already installed with an older LANDesk agent must be upgraded.
eWEEK Labs tests show that IT managers could easily spend weeks and even a month or more deploying LANDesk Security Suite 8.6. This is not significantly different from other tools that use a combination of network access control and end-user device management to keep viruses and spyware at bay.
The Trusted Access functionality requires extensive setup and works either in LANDesk-only mode or in conjunction with Ciscos NAC-compliant gear. We tested the LANDesk-only mode, which uses DHCP (Dynamic Host Configuration Protocol) to control client access to the protected network.
LANDesk Trusted Access adds a layer of security to the protected network by preventing vulnerable or corrupted end-user devices from gaining network access. This is a tall order, and it took a lot of infrastructure setup and tweaking to get all the LANDesk components working correctly.
We used VMware Inc.s ESX Server to create virtual servers, which helped a lot in our tests. We recommend that IT managers use VMwares tools to create a test lab where the complex components can be more easily tested.
Next Page: A four-server set-up.
A four
-server set-up”>
We installed LANDesk Security Suite 8.6 on one virtual server and on three other servers running Microsoft Corp.s Windows Server 2003. We used one of these servers as a normal DHCP server; one as a LANDesk Security Suite 8.6 posture validation server; one as a remediation server; and, finally, one as a LANDesk DHCP server. Companies can assign several functions to a single server for testing LANDesk prior to widescale deployment, but we found it much easier to allocate functions to separate servers.
In our tests, the LANDesk DHCP server acted as the network access control point that brokered device admittance to our protected network. Although it was finicky to set up, the whole thing did eventually work as promised. LANDesk Security Suite 8.6 ably downloaded security content, including patches and vulnerability and spyware definitions, as well as a wide variety of anti-virus and firewall configuration definitions.
This information comprised the threat definitions, and we were able to create policies that allowed or denied end-user device access to our networks based on these definitions.
We configured security policies that specified the required patch level and configuration of anti-virus programs, plus a variety of other factors, including firewall configuration and checks for spyware on end-user systems. The results of the policy check were examined, along with the length of time since the last scan of the end-user device. If the end-user device passed the posture check, then LANDesk ensured that all other authorizations and user authentications were correct and then the end-user device was admitted to our test network.
Tons of tinkering
It almost goes without saying that we did a lot of tweaking on our way to the forum. For one thing, it took a lot of time and effort to get personal firewall and anti-virus programs configured to allow the extensive communication that often occurred between the LANDesk agent and the control servers. There are configuration examples for Trend Micro Inc., Symantec Corp.s Norton and McAfee Inc. anti-virus products, and LANDesk Security Suite 8.6 works with a wide variety of other anti-virus tools.
It was a simple matter to configure our Windows XP firewall rules to allow proper operation of the LANDesk agent, but IT managers should take into account the amount of time and IT resources that will likely be needed to make changes to large numbers of end-user systems.
Fortunately, LANDesk Security Suite 8.6 can enable and configure Windows XP Service Pack 2 firewalls. We used the new functionality to make quick work of changing the firewall settings on our Windows XP clients.
Probably our biggest problems involved the quarantine and remediation server. It actually turned out to be a relatively easy matter to determine which end-user devices had configuration or security validation problems, such as out-of-date virus definitions. But it was another matter entirely to set up remediation procedures so that needed patches were correctly sent to our test systems.
The main lesson learned was that IT managers will likely be able to automate much of the remediation process after working out deployment kinks with a few test systems first.
Labs Technical Director Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Next page: Evaluation Shortlist: Related Products.
Page 5
Evaluation Shortlist
Altiris Inc.s Quarantine Solution and Security Expressions Supports Cisco NAC and audits devices before allowing network access (www.altiris.com)
Cisco Systems Inc.s Clean Access Network Admission Control software and hardware package that detects, isolates and cleans compromised systems before they access the network (www.cisco.com)
Vernier Networks Inc.s EdgeWall 7000 Rx A hardware appliance that performs many of the same functions in LANDesk but also supports VPNs (www.verniernetworks.com)
