Neoteris Access 3000 magically secures your connections.
- By James Carrion
When you think of providing secure access to your organization’s data
resources, you probably envision a virtual private network (VPN) using
traditional VPN protocols, such as PPTP and L2TP, or setting up a hardened
Web server in a demilitarized zone (DMZ). With a VPN solution, you have
to configure the client and the server (as well as a plethora of other
network devices, such as your firewall and authentication server) to ensure
a secure end-to-end solution.
Neoteris claims its Access line of Instant Virtual Extranet (IVE) appliances
is a simplified solution to secure remote access needs. The Access 3000
is, essentially, a network appliance designed to provide secure client
access to your organization’s resource servers without having to configure
any custom hardware or software on either client or company networks.
You need just two basic pieces: the Access 3000 between the Internet and
your corporate network and an Internet browser that supports Secure Sockets
Layer (SSL) at the client.
The Neoteris installation is simple: Rack-mount the appliance, connect
the provided cable between the onboard serial port and your computer,
then run a terminal emulation program to configure the basic settings
for network connectivity. Then plug in one cable from the Access 3000
to your internal network and another cable to the external network.
To secure access to the device, configure access control lists by IP
address range, and then configure a list of Windows or Web resources to
which users will be allowed or denied access. For example, if I don’t
want users to be able to access the CORPORATE PLANS share on Server1,
I can add to the denied Windows resource list the \\Server1\CORPORATEPLANS
UNC path. Or if I don’t want users to access www.abcorp.local, I can deny
users access to that URL.
The Access 3000 can be configured to require SSL version 3 or allow SSL
version 2, as well as require 120-bit or 40-bit security. You can also
configure an NTP server for time synchronization. I configured the Access
3000 to pass all authentication requests to my Windows 2000 Active Directory
Server, although it also supports passing requests to LDAP/NIS/ACE/RADIUS
servers. The downside to using a backend authentication server is that
you still have to create local user accounts manually on the Access 3000
that match the user names on the authentication server, as the admin console
doesn’t have the ability to browse a list of users from your existing
directory service. On the flip side, you can import users into the Access
3000 database from a delimited file.
Bookmarks can be configured to Unix shares, Web URLs and Windows shared
folder resources (CIFS and SMB); these bookmarks become links on the built-in
Web site. Alternatively, users can type in a Web URL from the user access
page or browse the Windows network for shared resources dynamically, just
as they would through Network Neighborhood. You can even configure the
Access 3000 as a WINS client so users can browse across subnets. Windows,
Web and Unix resource access is built into the Access 3000; optional support
can be purchased for secure Outlook and Lotus Notes clients, secure access
to IMAP/POP/SMTP servers, Secure Terminal (Telnet and SSH), client certificates,
group logins and so on.
|Access 3000 offers a simple way to mediate secure
client access to your organization’s resource servers.
The Access 3000 has excellent reporting functionality and can be configured
to log to a local log file, which can then be archived automatically to
a remote FTP serve or directly to a SYSLOG server.
When a user connects to the Access 3000 built-in Web server, they’re
prompted for logon credentials. After authentication, the client loads
the home page of the built-in Web server, which is customized with your
company logo, welcome message and associated bookmarks. As an alternative,
users can be redirected to an internal company Web server that will provide
portal access to corporate resources. From login to logout, all access
is secured via the SSL protocol, either through a self-signed or commercial
Certificate Authority-issued SSL server certificate. The only firewall
configuration needed is to open up ports 80 and 443 and, if using the
secure IMAP/POP/SMTP option, the proper server side ports for those protocols.
If budget isn’t an issue, forget setting up complicated VPNs and hardened
Web servers. Instead, get an Access 3000 and simplify your secure remote-access
configuration. Customers or employees can access corporate resources securely
from anywhere, with no client configuration required. The Access 3000
setup is simple, and administration through the browser-based admin console
is a breeze. Keep in mind, however, that it’s an expensive appliance.
Although large to midsize businesses may not blink an eye, especially
when it comes to something as important as network security, many small
businesses will probably opt for cheaper off-the-shelf components.
James Carrion, MCM R2 Directory, MCITP, MCSE, MCT, CCNA, CISSP has worked as a computer consultant and technical instructor for the past 16 years. He’s the owner of and principal instructor for MountainView Systems, LLC, which specializes in accelerated Microsoft Certification training.