Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Motorola, Woot 'fess up to reselling uncleared Xoom tablets
How NOT to get a job 101: Hack Marriott, extort execs for work
FAQ about the VeriSign data breaches
Why the House spectrum bill should be ditched: Q&A with Reed Hundt
Google finally scans malware-ridden Android Market
Lawsuit raises questions about email privacy at work
The future of hypervisors
Vendors show voice call hand-off between LTE, 3G networks
VeriSign admits multiple hacks in 2010, keeps details under wraps
Facebook ripe for ridicule as it suffers outage a day after IPO filing
TD Bank gets social for better business
IT salaries rise, bonuses get bigger
Before Facebook: How other recent dot-com IPOs have fared
Obama web site crushed by Republicans' when it comes to download speeds
FBI busts software copyright fugitive who fled to Pakistan
/

Why do you want web access control anyway?

Related linksToday's breaking news
Send to a friendFeedback

By Steve Lewis, Steve Wilson and Martin D'Cruze
Network World, 05/28/01

Review: Web access control market offers many options | How we did it |
| What does it mean to be a user today? |
| To infinity and beyond... | Shoring up security | Scorecard and NetResults

The push for e-commerce has created a need for the ability to process transactions on the Internet securely. Two major elements of secure transactions are authorization (do you have access?) and authentication (can you prove you are who you say you are?).

To provide authorization and authentication in a company Web environment, administrators need to be able to manage a large number of user accounts and permissions associated with those accounts. A Web access control program lets businesses create centralized access control. Web access control products validate a user and then permit those users to access resources in the environment for which they have been granted permission.

Among our six vendors tested, we discovered two basic designs of Web access control programs. The first method we call the "plug-in" model, under which software plug-in programs are installed on each Web server to be protected by the product. With this model, all requests to the Web server must pass through the vendor plug-in and be validated by the Web access control system before being allowed access to the Web server resource. This requires a plug-in to be available for each brand of Web server you are running on your network.

The second Web access control model is the "proxy" model, which uses one or more proxy servers to regulate Web access. One proxy server can protect multiple Web servers but we would recommend at least two for redundancy. A proxy server is placed in front of your Web server, and intercepts all communication destined for the Web server. The proxy server must validate all requests before they are passed along to the Web server. Using this method you do not install any software on your back-end Web servers.

Securant's ClearTrust SecureControl has support for plug-ins and proxies. Securant provides proxy support using the Access Control Module component, which lets the program support all Web servers for which they do not have a plug-in. Oblix's NetPoint, Netegrity's SiteMinder, OpenNetwork's DirectorySmart and Entrust's getAccess use the plug-in method, while Symantec's Webthority was the only vendor that relied totally on the proxy authentication model.

There are benefits to the plug-in and proxy model. Using plug-ins means that for every Web server you wish to protect, you are required to install software on that server. If you have a platform for which the vendor does not supply a plug-in, you won't be able to protect that server.

The proxy approach does not rely on software installed directly on the Web server, it "proxies" all Web requests through one or more proxy servers, which then validates each request to the back-end Web servers.

RELATED LINKS

Related links

Lewis is an information assurance specialist working at the U.S. State Department. Wilson is a security engineer at GRC International, and D'Cruze is an optical engineer at Corvis. They can be reached at slewis@ex-pressnet.com, swilson@grci.com, and martin@dcruze.com, respectively.

Shoring up security
New security techniques include honeypots, decoys, air gaps, exit controls, self-healing tools and denial-of-service defenses.

Cover your apps
Your security plan may not be complete if you haven't protected your applications.

Review: Web access control market offers many options
Securant Technologies' product tops the list with its management tools and ties to Check Point firewall.

How we did it
An explanation of how our tests were conducted.

To infinity and beyond...
Newest upgrades to the products we tested.

What does it mean to be a user today?
Helpful explanations of some common terminology.

Interactive scorecard and NetResults: Web access control packages
Use our calculator to see what product would best suit your needs.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.