e-DMZ Security eGuardPost review
Providing remote access to critical systems within the corporate network is often part and parcel of the support process. But where administrative access is required, businesses need to know security is watertight. In many cases, detailed audit trails are also essential, as companies – particularly those that outsource support to third parties – need to know and be able to document exactly what occurred during any remote session.
Offered as a simple appliance-based solution, the eGuardPost from e-DMZ Security delivers stiff security measures and is specifically aimed at managing and auditing Windows RDP (remote desktop protocol) and Unix/Linix SSH (secure shell) sessions. The system supports a number of scenarios, but essentially sits in front of protected resources, acting as a secure gateway between these devices and the remote user. The system comprises a well-specified all-Supermicro 1U mini-rack server. Local administrative access is isolated to one of its integrated Gigabit Ethernet ports, but all remote access comes through the CyberGuard SG630 firewall/VPN PCI controller card, which provides a single Fast Ethernet port.
e-DMZ’s PAR (password auto repository) provides password management that’s good enough for regulatory compliance. It can take over password administration, generation and notification for all critical systems, and data on the SATA hard disk is encrypted to AES256 standards. The PAR is managed from a separate web console and can provide dual control systems of notification and can also control user access to specific passwords. eGuardPost sits on top of PAR and delivers authenticated and encrypted access for users running RDP and SSH sessions.
During testing, we found the appliance easy to configure. You set up PAR and then move over to the simple and intuitive eGuardPost web interface. All managed systems need to be declared to the appliance first, after which you can select user accounts and groups, and then associate them with different systems. Each user has a local system account linked to their eGuardPost account, making it easy to determine what they can actually do when they access a system.
When a user logs on to the appliance, it uses their eGuardPost credentials to determine which host systems they can connect to and the levels of access they’re allowed. We tested this by securing RDP sessions to a Windows Server 2003 domain controller. Once connected to the system, we were presented with an encrypted remote session. Four main user levels are available, but requesters start on the bottom rung since sessions are granted only once they’ve been permitted by a designated approver. You can also have users with dual requester/approver roles, while the ISA (information security administrator) sits at the top of the ladder and is in full command.
We were impressed with the auditing facilities, as the appliance automatically records every RDP or SSH session. You select a session from the reporting section and sit back and watch every move the remote user made. Pause and play are the only controls currently available, but e-DMZ intends to implement controls such as fast-forward and rewind.
Securing remote access doesn’t get much easier than the eGuardPost method, and you get the bonus of strong administrative password management. The recording facilities are also good and allow a complete audit trail of all remote sessions to be easily maintained.