Hands On: NetSwift iGate Security Appliance Takes New Approach

The trouble is, you have plenty of choices in terms of approaches. You can set up VPNs for everyone, but that involves making sure the connections will work across various firewalls. You can set up a remote dial-in server, but that means you need enough ports. You can add your partners to your own LDAP or Active Directory entries, but that could mean a lot of work, and keeping them separate from your internal users isn't easy. You could marry your Web server to a database and password-protect particular areas of your Web site, but that is dicey if the passwords become public.

You could use an appliance.

What a great idea. However, there are lots of different security appliances: firewalls, Web servers, intrusion-alert systems and the like. A different take is Rainbow Technologies' Netswift iGate box. The iGate is fairly unique in that it offers a way to connect authorized clients to protected Web resources. It also is a way to improve SSL operations because it offloads these protocols from the Web server itself -- something that takes up a big chunk of Web processing power. You don't need to run SSL on a Web server because the iGate is taking care of the security apparatus. And VARs can craft all sorts of solutions from it that can save their clients bunches of dough.

The appliance works with individualized USB-based hardware keys called iKeys that contain most of the crypto information for each external user. These users fire up their browsers, download some small software that provides the authentication routines, and insert their keys into their PC's USB port (one drawback -- only Windows clients are supported). After typing their PIN, they are connected to the appropriate internal Web server that their access rights allow. No muss, no fuss, and no elaborate crypto infrastructure to maintain. While you can use the iGate with user names and passwords without the keys, I wouldn't recommend it. The hardware key makes it so much easier. The company calls this "reduced sign-on."

id
unit-1659132512259
type
Sponsored post

Of course, if you already have put together this elaborate crypto infrastructure for your clients, the iGate may not be an attractive choice. The hardware keys aren't cheap -- at around $50 per unit in quantity, the dollars can add up. But they do avoid assembling a messy series of software products, such as buying SSL certificates for your Web and database servers, and getting VPN credentials for your users. This assemblage can easily cost more than a bunch of iKeys. Rainbow also makes it easier for corporations to assemble different external applications pools so that conflicting user groups don't get into each other's networked applications. That is the good news.

Setup of the iGate took about two hours, and most of that time was fooling around with getting the right version of the Java Virtual Machine installed on my Windows XP desktop (thanks to Microsoft for making that chore). Once set up, access to my Windows IIS Web server was blocked for nonauthenticated users and allowed for the authenticated ones. The iGate operates in two different modes: The simplest is called one-arm mode, whereby the unit is just another network node. The more sophisticated and secure mode is called IP mode, which activates separate LAN and WAN Ethernet interfaces on the front of the box. In this mode, the iGate can be placed outside of the normal LAN traffic pattern, isolating the Web applications traffic.

You can fine-tune the iGate as carefully as you'd like. It can protect entire domains, particular directories, and anything in between. For solution providers who are looking to deploy external Web applications securely, the product deserves a closer look.

Company: Rainbow Technologies

URL: www.rainbow.com

Product: Netswift iGate box

Cost: $16,995 plus per-user fees

VARability: ***

Key features: Hardware-based authentication and fine-tuned access controls for intranet and extranet applications.

Pros: