Access control software on tap from Neoteris

SUNNYVALE, CALIF. - Start-up Neoteris is parlaying Web-browser technology that protects online credit card sales into a simple, secure way for employees and business partners to access your network.

Neoteris makes proxy server hardware devices and software called EmployeeAccess and PartnerAccess that mediate Secure Sockets Layer (SSL) sessions between users on the Internet and LAN servers that are protected by a corporate firewall. SSL is 168-bit encryption developed by Netscape that is used to set up secure Internet links between Web browsers and Web servers, and is considered the security standard for Internet money transactions.

Remote users with Web browsers that support SSL, such as Netscape Navigator and Microsoft Internet Explorer, authenticate to the Neoteris server, which sits between a corporate firewall and the LAN. SSL or Secure HTTP traffic comes and goes to the Neoteris gear via TCP ports in the firewall. Authentication can be completed via existing Remote Authentication Dial-In User Service servers with links to Lightweight Directory Access Protocol, Windows Domain or Unix NIS directory servers.

To add or remove users, your network administrators grant or revoke rights on the Neoteris authentication server. Neoteris says this one-step method of enrolling and unenrolling authorized users is well-suited for quickly setting up and tearing down extranets that let business partners access your corporate resources.

No other products support secure remote access in this way, says Joel Conover, an analyst with Current Analysis. But service provider Aventail offers services based on similar technology.

In some respects, the Neoteris access scheme also resembles IP Security remote access VPNs, in which client software on remote PCs make secure IPSec links over the Internet to a VPN gateway at a corporate site.

But one key difference is that Neoteris' method doesn't require distributing a special software client to remote users. All the software they need comes with their Web browsers.

This makes the Neoteris gear better suited than VPN equipment to support remote users who primarily use remote access for reading their e-mail, says Tim Dorian, network security manager for 3Com, who is beta-testing Neoteris gear.

"With the VPN, there's always the issue of distributing clients, or if there are changes to VPN policies, then there's new software to distribute," Dorian says.

The Neoteris equipment also extends secure remote access to handhelds that are equipped with browsers, he says. For handhelds to work with VPN gear requires a separate client that is different from the clients used on PCs, creating more management complexity.

Dorian says the security of SSL is not an issue.

"If it's good enough for your online bank, it should be good enough to read your e-mail," he says.

Dorian says Neoteris' secure access is also good for pulling down files to local machines. Neoteris says its gear supports any Web-based application, and next year will support telnet sessions and terminal-emulation applications.

Neoteris gear does not support file sharing, so multiple users cannot access a file at the same time to collaborate, Conover says.

Neoteris EmployeeAccess costs $15,000 to $65,000, depending on the number of users, and PartnerAccess costs $30,000 to $100,000. They are available now.

Neoteris