The Secure Access Management System from
Data Track Technology

Administrators are faced with some serious security issues when providing their engineers with remote access in order to allow them to support network devices. In most cases they'll require full access to configurations and where these are business critical devices, it makes it doubly important that only the right users have permissions.

The Secure Access Management System (SAMS) tightens security by centralising authentication management for multiple devices and applications. Essentially, it's offering a SSO (single sign-on) solution where support staff are asked to provide one set of credentials and SAMS permits access only to those devices that each user is permitted to see. Furthermore, as SAMS maintains the actual username and password lists for each device in its database, you can also control exactly what level of access each user is allowed.

We found SAMS simple to deploy in the lab as it only consists of three main components. A SQL Server stores the device application usernames along with passwords, and these are accessed via a standard IIS web server. Support team members simply point their browser at the server and provide their SAMS credentials. In return they are presented with those devices and applications they have been granted permission for.

After selecting a device, the SAMS connection manager component takes

over and facilitates the link to that device while creating a full audit record. The beauty of this solution is that users only know the address of the SAMS server. They will not know the IP address of the device or the actual login credentials that are used to access that device and, in the case of a modem connection, will not know its phone number either.

A single administrative console is used to configure SAMS and you can start by creating device groups which are used to determine access for SAMS administration. This is a useful feature as you could, for example, permit certain administrators to configure remote support access to network switches and routers, whilst allowing others to only access your web servers.

Device types are templates that contain global parameters and Data Track provides a number of predefined models for devices such as Cisco routers as well as web and Windows servers. We created a new device type for the lab's HP ProCurve switches which defined the service types, permitted access methods and the protocols to use. For the latter you have a good choice as support includes HTTP(S), Telnet, VNC, PCAnywhere, FTP, SSH and ASCII. For testing, we created a selection of connections which included web and Telnet access to our HP switches, RDP and FTP for our Windows servers and a web connection to our backup

servers, all again with a full audit record.

When engineers first access the SAMS web server, they download a small protocol handler utility from the logon screen and then provide their SAMS credentials. Once authenticated, all the devices and services they are permitted to access are displayed, and clicking on their connect icon is all they need to do as the relevant connection application is loaded and logged in, ready for use. SAMS has many benefits as it's not unknown for companies to hand out spreadsheets to their engineers listing device access credentials, and they often don't change the passwords. If an engineer leaves the company their access is completely revoked by simply deleting their details from the SAMS database.

During testing we found SAMS clearly capable of providing strong centralised access management. Companies maintaining multiple network devices will find SAMS can ease the burden considerably through its improved but simple to use control. It takes all the guesswork and unnecessary risk out of vital access control. NC

Product: SAMS
Supplier: Data Track Technology plc
Tel: 01425 270333
Web site:www.datatrackplc.com/sams
Price: Up to 100 connections, £16,400 excluding VAT