Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Four reasons to buy (and one reason to avoid) the Droid
Cisco MARS shuts out new third-party security devices
Verizon Droid buzz muted in Boston
Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
Cloud computing, virtualization proponents getting antsy
Data center start-up offers energy saving software
Vendors scrambling to fix bug in Net's security
Judge dismisses lawsuit challenging Gartner's Magic Quadrant
Boston Celtics clamp down on spam
Cloud computing inevitable? Not so fast, educator says
Blue Coat slashes staff, buys S7 services company
Apple seeks new sheriff to lock up iPhones
Google releases new search engine for e-commerce sites
Rackspace apologizes for cloud outage, prepares to issue service credits
Security /

Why do you want web access control anyway?

Related linksToday's breaking news
Send to a friendFeedback

By Steve Lewis, Steve Wilson and Martin D'Cruze
Network World, 05/28/01

Review: Web access control market offers many options | How we did it |
| What does it mean to be a user today? |
| To infinity and beyond... | Shoring up security | Scorecard and NetResults

The push for e-commerce has created a need for the ability to process transactions on the Internet securely. Two major elements of secure transactions are authorization (do you have access?) and authentication (can you prove you are who you say you are?).

To provide authorization and authentication in a company Web environment, administrators need to be able to manage a large number of user accounts and permissions associated with those accounts. A Web access control program lets businesses create centralized access control. Web access control products validate a user and then permit those users to access resources in the environment for which they have been granted permission.

Among our six vendors tested, we discovered two basic designs of Web access control programs. The first method we call the "plug-in" model, under which software plug-in programs are installed on each Web server to be protected by the product. With this model, all requests to the Web server must pass through the vendor plug-in and be validated by the Web access control system before being allowed access to the Web server resource. This requires a plug-in to be available for each brand of Web server you are running on your network.

The second Web access control model is the "proxy" model, which uses one or more proxy servers to regulate Web access. One proxy server can protect multiple Web servers but we would recommend at least two for redundancy. A proxy server is placed in front of your Web server, and intercepts all communication destined for the Web server. The proxy server must validate all requests before they are passed along to the Web server. Using this method you do not install any software on your back-end Web servers.

Securant's ClearTrust SecureControl has support for plug-ins and proxies. Securant provides proxy support using the Access Control Module component, which lets the program support all Web servers for which they do not have a plug-in. Oblix's NetPoint, Netegrity's SiteMinder, OpenNetwork's DirectorySmart and Entrust's getAccess use the plug-in method, while Symantec's Webthority was the only vendor that relied totally on the proxy authentication model.

There are benefits to the plug-in and proxy model. Using plug-ins means that for every Web server you wish to protect, you are required to install software on that server. If you have a platform for which the vendor does not supply a plug-in, you won't be able to protect that server.

The proxy approach does not rely on software installed directly on the Web server, it "proxies" all Web requests through one or more proxy servers, which then validates each request to the back-end Web servers.

RELATED LINKS

Related links

Lewis is an information assurance specialist working at the U.S. State Department. Wilson is a security engineer at GRC International, and D'Cruze is an optical engineer at Corvis. They can be reached at slewis@ex-pressnet.com, swilson@grci.com, and martin@dcruze.com, respectively.

Shoring up security
New security techniques include honeypots, decoys, air gaps, exit controls, self-healing tools and denial-of-service defenses.

Cover your apps
Your security plan may not be complete if you haven't protected your applications.

Review: Web access control market offers many options
Securant Technologies' product tops the list with its management tools and ties to Check Point firewall.

How we did it
An explanation of how our tests were conducted.

To infinity and beyond...
Newest upgrades to the products we tested.

What does it mean to be a user today?
Helpful explanations of some common terminology.

Interactive scorecard and NetResults: Web access control packages
Use our calculator to see what product would best suit your needs.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.