SQL Server Magazine

DeviceWall 4.0
Centennial Software's DeviceWall 4.0 protects endpoints from access by portable devices and media that plug into USB and FireWire ports, LPT and COM ports, floppy drives, and CD-ROM/DVD drives. Device-Wall can also manage Wi-Fi, Bluetooth, and infrared wireless connections.

Before you can install DeviceWall, Microsoft IIS and Web Distributed Authoring and Versioning (WebDAV) must be installed and enabled on the DeviceWall server. If SQL Server isn't already installed, DeviceWall automatically installs an instance of Microsoft SQL Server Desktop Engine (MSDE). The IIS and WebDAV requirement is a bit of a drawback because of the additional installation and configuration that you must do if you don't already have IIS with WebDAV running.

DeviceWall uses the same idea of a central console as do the other products reviewed. You deploy the DeviceWall agent to client computers through the DeviceWall Control Center console. As Figure 2 shows, the console also lets you define policies that specify how users and their devices can interact with network computers. The console is clean and easy to use. Reports on the log data are built into the console interface, which makes them easy to find and run.

DeviceWall offers more robust user permissions than the other two products by including an explicit Deny permission that overrides other permissions. However, DeviceWall doesn't let you group like computers together for the purposes of applying a set of appropriate permissions. You apply permissions by user only, so a user who has permission to attach a USB storage device to a laptop will have the same permission on a server, which might not be appropriate.

I used a variety of devices to try to subvert DeviceWall's security, but I was blocked every time. DeviceWall includes an option to not notify users when device access is blocked, a useful feature for discreet access monitoring.

DeviceWall supports more-specific device profiles than the other two products. While GFI EndPointSecurity includes a device profile called PDA, DeviceWall includes separate profiles for Pocket PC, Palm OS, BlackBerry, and smart phones. This is a nice feature for organizations that have standard types and brands of external devices and want to block nonstandard devices. DeviceWall also lets you create new device profiles, another good feature for organizations that have standardized on certain devices or want to.

One of DeviceWall's most interesting features is the Temporary Access Tool. When a user isn't connected to the network and wants temporary access to a device that's ordinarily blocked, the user launches the Temporary Access Tool. The user receives a code and calls the administrator, who then generates a response code for the user. After the user types in the correct response code, he can access the device until he logs out. For a company with many mobile users, this is an extremely useful feature.

Another interesting feature of DeviceWall, which I didn't test, is the ability to encrypt data copied onto a flash drive using 256-bit AES and Blowfish ciphers. DeviceWall 4.5, which became available after I performed my tests, adds logging of data moved between portable devices and the network, an improved temporary device access capability, and support for the Apache Web server.

Prev. page     1 [2] 3     next page