Neoteris secures LAN access with SSL

  • Tim Greene (Computerworld)
  • 01 November, 2001 08:32

Start-up Neoteris Inc. is parlaying Web-browser technology that protects online credit card sales into a simple, secure way for employees and business partners to access your network.

Neoteris makes proxy server hardware devices and software called EmployeeAccess and PartnerAccess that mediate Secure Sockets Layer (SSL) sessions between users on the Internet and LAN servers that are protected by a corporate firewall. SSL is 168-bit encryption developed by Netscape that is used to set up secure Internet links between Web browsers and Web servers, and is considered the security standard for Internet money transactions.

Remote users with Web browsers that support SSL, such as Netscape Communications Corp. Navigator and Microsoft Corp. Internet Explorer, authenticate to the Neoteris server, which sits between a corporate firewall and the LAN. SSL or Secure HTTP traffic comes and goes to the Neoteris gear via TCP ports in the firewall. Authentication can be completed via existing Remote Authentication Dial-In User Service servers with links to Lightweight Directory Access Protocol, Windows Domain or Unix NIS directory servers.

To add or remove users, your network administrators grant or revoke rights on the Neoteris authentication server. Neoteris says this one-step method of enrolling and unenrolling authorized users is well-suited for quickly setting up and tearing down extranets that let business partners access your corporate resources.

No other vendors make products that support secure remote access in this way, says Joel Conover, an analyst with Current Analysis Inc. But service provider Aventail Corp. offers a service based on similar technology.

In some respects, the Neoteris access scheme also resembles IP Security remote access VPNs, in which client software on remote PCs make secure IP Security links over the Internet to a VPN gateway at a corporate site.

But one key difference is that Neoteris' method doesn't require distributing a special software client to remote users. All the software they need comes with their Web browsers.

This makes the Neoteris gear better suited than VPN equipment to support remote users who primarily use remote access for reading their e-mail, says Tim Dorian, network security manager for 3Com, who is beta-testing Neoteris gear.

"With the VPN, there's always the issue of distributing clients, or if there are changes to VPN policies, then there's new software to distribute," Dorian says.

The Neoteris equipment also extends secure remote access to handhelds that are equipped with browsers, he says. For handhelds to work with VPN gear requires a separate client that is different from the clients used on PCs, creating more management complexity.

Dorian says the security of SSL is not an issue. "If it's good enough for your online bank, it should be good enough to read your e-mail," he says.

Dorian says Neoteris' secure access is also good for pulling down files to local machines. Neoteris says its gear supports any Web-based application, and next year will support telnet sessions and terminal-emulation applications.

Neoteris gear does not support file sharing, so multiple users cannot access the same file at the same time to collaborate, Conover says. "Any application not IP-enabled will be a problem, as will anything with SNA," he says.

Neoteris was founded in June 2001 and is headed by the co-founders of Healtheon/WebMD, Jim Clark and Kittu Kolluri, who are now Neoteris' chairman and CEO, respectively. The company has private funding and venture funding from The Barksdale Group totaling US$5 million.

Neoteris EmployeeAccess costs $15,000 to $65,000, depending on the number of users, and PartnerAccess costs $30,000 to $100,000. They are available now.