Browser-based RealSecure ICEcap Manager provides four account classifications: system admin, account admin, system user and account user. The two ICEcap admins have write access, while the ICEcap users have read-only access to the management interface. System admins and users can access any group, while account admins and users can access their specified groups only.
For creating application-control policies, ISS offers a utility program to generate the MD5 hashes. You load this client on a baseline machine, and then copy the resulting text file to the management server and import it. You can allow any and all programs with hashes known by the server and allow or deny specified programs. When an application is approved, so are its DLLs. The application list is grouped by product names as determined by the baseline scan, though some applications fall in odd places. For example, "Internet Explorer 6" is one category, but it refers only to ie6setup.exe. The real Internet Explorer falls into the "Microsoft Windows Operating System" group. There's no changing these groups; you must use whatever product name ICEcap assigns to an executable. You also can't move applications into different groups.
ICEcap generates top-notch reports, courtesy of Seagate Crystal Reports. Not only do you get bar graphs of top signatures, intruders, targets, and most frequent attacks, you can drill down in them. By clicking on an attack type, you can see who attacked your system and all other attacks from that node. A link to the ISS advice center provides more detailed information.
RealSecure Desktop Protector 3.5, starts at $6,800 for 100 clients. Internet Security Systems, (888) 901-7477, (404) 236-2600. www.iss.net
Securitae CMDS 2.2