home news blogs forums events research newsletter whitepapers careers


Network Computing Network Computing Powered by InformationWeek Business Technology Network
InformationWeek 500 Conference -- September 14-16, 2008 Registed Today!

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |
APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers



Security
R E V I E W  
Hip Check

  October 21, 2002
  By Mike Fratto


>> continued from previous page

Okena StormWatch 3.0 & StormFront 2.0
TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
flame author Flame the author
 
  In this article
arrow
Introduction
arrow
What We Really Want
arrow
Okena StormWatch 3.0 & StormFront 2.0
arrow
Other Products Reviewed
arrow
How We Tested
arrow
Report Card

StormWatch takes our Editor's Choice because of the breadth and depth of its configurable options. The more options, the tighter you can lock down applications and services, which is what these products are all about. Add in stack-buffer-overflow protection, a robust policy-definition system, multiagent management, including policy and software updates, detailed logging and auditing, and tiered management, and you're looking at one powerfully HIP product. But Okena should be feeling the heat from Argus on the Unix front and CA on both Unix and Windows because these vendors offer user-based, in addition to host-based, access control. Additionally, Okena's lack of support for Linux is shortsighted.

Servers that are protected by StormWatch are grouped, and one or more policies are applied to the group. For example, the default groups for both Unix and Windows have policies that protect critical system resources common to the platform and the StormWatch files. If you want to protect IIS also, you simply add that policy to the default group.


StormWatch is focused on protecting system resources, and its policies are defined according to what resources applications can access and how they can access them. Policies are defined per application and contain rules that allow or deny access to resources or groups of resources. In the case of StormWatch, system resources can be files, registry keys, network addresses, network services or COM objects. Groups of resources are defined in resource sets and may contain fully qualified definitions, such as "c:\winnt\system32\ cmd.exe," that match just that file, or they may contain wild cards like "**\winnt\system*\*," with file names matching *.dll, which matches anything on any drive, in the path beginning with \winnt\system, and finally matching any DLL file in that path. The other object types, of course, would have their own syntax and wild-card definitions.

Application classes are similar to resource sets, except that they define the executable files that are used by an application. Application classes can be defined using the resource sets: For example, the system applications class is defined using the system executable file-resource set. Policies can take one of three paths when a rule triggers: allow the action, deny the action or query the user for permission to run. Finally, application classes, resource sets and actions are used in the policies to define the resources an application may or may not access. Rules are ordered automatically by StormWatch and are processed from the top of the list down. Actions are taken on the first match.

Determining the resources an application needs is a complicated business. For example, applications open and close files and network ports dynamically during run time. Less frequently used resources, such as registry keys, may be activated only once. When profiling an application, it's important to fully exercise the application from start-up, through every possible action, and then shut down, logging every access. The process of building the rules then begins. Unlike the other products that allow custom-policy building, Okena has a product--StormFront--that monitors and logs an application's activity and then builds a policy. You review the policy, make changes and corrections as necessary, apply the policy and test it. You keep testing and tweaking the policy until it is properly configured. StormFront automates the bulk of the resource discovery and all that is left are minor adjustments--how much adjusting you do depends on the application you're profiling. StormFront is necessarily very literal when building a policy. When we profiled the SSH server, the policy allowed only read/write access to the directory the user logged into. Of course, we had to broaden that access.



Software Features

Click here to enlarge

While flexibility equals complexity, the StormWatch manager is well-thought-out and offers easy access to all relevant details. If you are examining a policy, you can click a link to see which groups it is applied to. You can move through policy elements easily via dialog pop-ups and drop-down menus. The logging is very detailed, including links to the event details and to the rule that triggered the log entry. The log is filterable, and can include or exclude events based on event text. There is also a separate audit log detailing administrative events.

Okena has set the bar high with its robust policy development, decent discovery tools, easy-to-use management and detailed logging. If the company would support a wider variety of OSs and include user-based access control, StormWatch would be truly cooking. We expect big things from this product in the years to come.

Okena StormWatch 3.0, $1,800 per server, $85 per desktop; StormFront 2.0, $220 per server and $10 per desktop, Okena, (781) 209-3200. www.okena.com


start top  What We Really Want Other Products Reviewed 





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch


Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo Jitter
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet Evolution
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space
App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights