Whether you’re facing down script kiddies or experienced Web vandals, the threat of hack attempts on your business has never been greater.
Broadband solutions, such as cable modems and DSL lines, are providing branch office and home office end-users with inexpensive, always-on access. However, this also creates an opportunity for hackers to use these remote connections to gain a way in to your enterprise at large.
Secure Desktop 2.0 from Sybergen Networks Inc. is an affordable product designed to patch holes in your TCP/IP Ethernet-based network security through packet-level monitoring and alerting. As the name implies, Secure Desktop protects end-users at the most remote parts of your enterprise and closes the door to unauthorized use of your company’s network.
Unlike a traditional firewall that acts as a sentry at the front door of your entire network, Secure Desktop deploys into the background on the end-user’s workstation, filtering and blocking incoming and outgoing packet data. Upon detecting unwelcome access, Secure Desktop can shut down network accessibility to minimize damage or exposure of sensitive resources.
Secure Desktop performed well on LAN-based tests that I conducted under Windows 95 and Windows NT. However, the existence of several bugs, poor reporting and analysis capabilities, no dial-up monitoring for Windows NT, and a rudimentary interface compared to other products – such as BlackICE Defender from NetworkIce -hold Secure Desktop to a score of no higher than Good.
However, Secure Desktop’s reporting capabilities are still better than those offered in McAfee’s ConSeal, and Secure Desktop requires less technical expertise than ConSeal to exact protection – an important consideration for novice users.
Easy installation
Secure Desktop installed easily; it required no configuration changes or user intervention as it examined my system, correctly sniffed out my network interface card and dial-up connection, and verified that TCP/IP was running.
Once Secure Desktop was installed, I was able to quickly fix my security policy objectives from the included presets, allowing a range of objectives from maximum to no security. Further, each preset could be customized to meet my requirements. The incoming and outgoing packet-based security could be enabled or disabled by port number, protocol type, IP address or time of day.
Additionally, security can be set for any application attempting to access the network. Secure Desktop’s Learning Mode traps an application’s first-time access attempt, allowing you to grant or disallow passage. The feature also helps speed detection of outgoing traffic that may be originating from Trojan horse applications already infecting your system.
Upon detecting an intrusion, Secure Desktop fires off e-mail alerts, notifying you of suspicious activity. Unfortunately, the e-mail notification sends ill-formed SMTP headers, which make the messages arrive with blank Subject and Sender fields, thus limiting filtering or automation efforts.
Secure Desktop’s heads-up visual alert indicates the presence of any unexpected packet traffic. Unfortunately, because the graphic encumbers too much desktop real estate, has no audible alert and does not provide an active system tray icon, most users will be relegated to using the log files to locate instances where security has been compromised.
Lackluster reporting
Secure Desktop is adept at tracking and logging packet data to help determine the source of an attack. The resulting log data contains time of day and port status as well as originating and destination IP addresses, and it also highlights any suspicious activity.
However, the reporting facility lacks any means of easy analysis. The unwieldy raw data files cannot be exported, and the absence of even a simple search or sort capability make attempts to locate explicit information rather cumbersome.
The interface could also benefit from better detail, such as the number of bytes transferred, packet trapping and analysis, or even a Whois lookup to help identify the origin of an attack. For all its deficiencies, though, the log files provide the necessary data to help track down any malicious intrusions.
Security audit
Secure Desktop offers a security audit to expose potentially hazardous holes in your existing security. The audit is hosted from Sybergen’s Web site and launches a remote sweep of your machine to reveal open ports, protocols, and the status of each. I was disappointed to find that the capability of setting these audit scans to occur at regular intervals, as Sybergen had advertised, had not yet been implemented.
For large-scale workgroup environments, Sybergen offers additional components that can be purchased to improve administrative capabilities. Tools such as the Sybergen Management Server offer centralized management of security policies as well as network monitoring and analysis, and the Sybergen Access Server can be integrated for bandwidth management and support of virtual private networks.
Because this product is geared toward novice audiences, I feel the bugs, missing features and limited troubleshooting guidance could lull users into a false sense of security.
All told, Sybergen’s Secure Desktop 2.0 did a good job at locking down network access and at logging traffic. The low investment price and high degree of flexibility also make this a palatable investment.
Borck ([email protected]) is director of IS at Industrial Art & Science in Connecticut.
Review box:
Sybergen Secure Desktop 2.0
Platforms: Windows 9x, 2000 and NT 4.0
Cost: US$29.95; US$1,199 per 50 users
Pros: Low cost; easy setup; flexible customization; e-mail alerts
Cons: Poor reporting and analysis; still buggy; missing some features; no name lookup support; limited to Windows
