Review: Plugging All The Holes

Today's desktop and notebook computers offer excellent options for sharing data with colleagues, especially with the abundance of ports available on the systems. It's not uncommon to find multiple USB or FireWire ports on a typical PC.

But while great for connectivity, the ports also make it all too easy to connect unauthorized devices and steal data. Most anyone can walk up to a network PC and plug in a USB key drive.What's worse, the PC user many never know the system was compromised.

As with most security problems, the solution comes in the form of control. Safend, a Philadelphia-based company that specializes in controlling end points, offers a full-featured solution with its Safend Protector 3.1, an application that is designed to control all end points on a network. It monitors realtime traffic and applies customized, highly granular security policies to all physical, wireless and storage interfaces.

CRN Test Center engineers installed the product on a Windows Server 2003 system that was configured with Active Directory and connected to a network of five Windows XP-based PCs. We found installation easy with a setup wizard guiding most of the tasks.

Solution providers will find the product offers control over physical interfaces such as USB, FireWire, PCMCIA, secure digital, parallel, serial and modem connections. Pretty much any physical connection can be controlled using the product.

Safend also offers complete control over storage devices, including CD/DVD drives, removable media and tape drives. The final piece of the puzzle comes from the product's ability to control wireless communications, such as Bluetooth, Wi-Fi and infrared.

Combining control of physical ports, storage and wireless interfaces brings full end-point security to any system on the network. The software also encrypts data to keep everything safe from prying eyes and packet sniffers.

The product is built around three primary components: the Protector Management Server, Protector Client and Protector Management Console.

The Protector Management Server is a self-managed application that stores policies and is accessed via IIS. The server also collects logs from clients, enables client management and communicates with Active Directory for policy distribution. The Protector Client protects and monitors the end points in the organization and reports on port activity. The Protector Management Console gives administrators the ability to manage clients, define policies, view logs and administer the system.

Test Center engineers were able to access the Protector Management Console from systems both inside and outside the network. The console interface and policy wizards proved to be very easy to work with, although a good understanding of policy impact is needed to effectively control user access.

Test Center engineers found that Safend further eases use by incorporating calls to Active Directory into the console, avoiding the need for two separate consoles. That proves to be a real time-saver.

The ability to control access to data is achieved by pairing Safend's policies with the product's control of the IP stack. Solution providers create granular policies to control who can do what with the data on the network. Those policies are used to control a client application running on the end-point system. That client application works at the kernel level and acts as a protocol inspection engine that analyzes in realtime all inbound and outbound communication interfaces for a given device. The engine examines all seven protocol layers—from the physical to the application layer.

NEXT: The Bottom Line