Network administrators burdened with secure remote access woes save time by using new security management software products SecureCRT 6.0 and SecureFX 6.0. By combining secure login and data transfer capabilities of Secure Shell (SSH) with a Windows terminal emulator, VanDyke Software's security tools have enterprise network administrators saying they can't work without it.
"My role involves building, configuring and maintaining a number of Unix-based servers, both physical and virtual, which support three faculties at the university at which I work," said Unix system administrator Aaron Howell of Queensland University of Technology. "SecureCRT is an integral part of my day-to-day work. In fact, without it, I couldn't do what I do."
The products were designed in light of a VanDyke-commissioned survey by Amplitude Research that asked 300 network and system administrators what keeps them up at night. The Fourth Annual Enterprise Security Survey findings showed 43% of them identified secure remote access as the No. 1 security management issue facing their networks. Thirty-one percent identified secure file transfer as an issue in 2007, compared with just 13% the previous year.
These statistics were reinforced by Yankee Group's research, which found that 60% of enterprises support widespread remote access (where 50% or more of enterprise employees work remotely).
"Increased employee productivity is the main driver behind the move to open up internal networks for anywhere access," said Phil Hochmuth, senior analyst of enterprise research in network security for Yankee Group. "SSL VPNs are emerging as the main tool enterprises use to provide this type of access."
The increase in the number of remote workers and the resulting need to administer secure remote access clients gave VanDyke Software reason to launch secure remote access client SecureCRT 6.0 and secure file transfer product SecureFX 6.0 on January 15, 2008.
Maureen Jett, product director at VanDyke Software, said network administrators can use the button bar to fire up applications quickly without navigating menus. "[They can] easily view the output of two sessions on the fly," she said. "They can use the new tab feature to send an active tab to a new SecureCRT window, clone the session in a new window, or drag and drop a tab between SecureCRT windows."
"[SecureCRT] temporarily caches the information, but only while you're connected to CRT," Jett said. "Once you exit CRT, all of the information gets wiped out [so as not to create any security issues]."
Network engineer Christopher Starcher uses the SecureCRT features mentioned above to cut admin tasks down tenfold: "I had to rely on a few different products to achieve the same result that I get from SecureCRT," he said. "And using SecureCRT's VBScript functionality, I can reduce the time required for many tasks by a rough factor of 10."
Nortel software developer Richard Sugg said that he sometimes has to go through several firewalls to reach end users/clients. If I have to create log files for each server, it's a pain ... just the file transfer would probably take about five to ten minutes, and sometimes you'd have to do that several times a day."
SecureCRT has now simplified that for him, Sugg said. "All I have to do is highlight the file and click the button."
"SecureCRT really simplifies a lot of the data-gathering I do on a daily basis," Starcher said. "Sure, there are other tools out there, but they are much more expensive and don't offer the configuration detail that SecureCRT offers."
Sugg used open source project Terraterm prior to SecureCRT. "It had some crude macros and scripting, but you could not expand the window, and that was very cumbersome," he said. "[With CRT], you can do full-screen editing and incredible scripting."
Network services manager/technical lead Ken Rearick had to use several programs to securely manage his Cisco devices: K95, Procomm Plus and open source product PuTTY. SecureCRT achieved the same results as these three programs combined, making the switch to CRT a bargain -- even over open source products.
Rearick stated: "Though clearly more expensive than free PuTTY, we were licensed for both Procomm and K95, and those products were, if I recall correctly, in the same price range."
"The price is definitely worth it," Starcher said. "The features were exactly what I was looking for, and it fit my specific requirements for the work I do on a daily basis. The support VanDyke provides is very prompt and extensive. I can't get that from free or open source alternatives."
"I find that SecureCRT is like PuTTY on steroids," Rearick said. "The addition of the button bar is fabulous and allows for quick config snippets. The one feature I have requested is the ability to log into multiple sessions at once. Since SSH is not scriptable (not sure if you want to script a log on due to security anyways) and we tend to have to log into quite a few devices at any given time, this would be a great feature. You won't get that from PuTTY."
Jett noted that a significant percentage of network administrators even went as far as buying SecureCRT and SecureFX out-of-pocket.
"Honestly, in my opinion, it's worth purchasing in any capacity," Starcher said.
"I chose to pay for SecureCRT because when I started with my current employer, it was very difficult to get software not supported by the central administration team installed on our machines, let alone actually paid for," Howell said. "The company standard was the commercial version of SSH 1 at the time, so I chose to bring my own SecureCRT in to use, and I've never looked back since."
"One of the things I admire about VanDyke is their willingness to go out of their way to improve their products' accessibility where needed," he said.
Howell had no problems setting up and using SecureCRT, but "there were some minor issues during the period that VanDyke was working with Freedom Scientific (makers of the JAWS screen reader), to improve the track-ability of the SecureCRT cursor by JAWS," he said. "However, these problems were tracked down and corrected very quickly." This quick correction was thanks to VanDyke's XP (agile) product developmental process.
Possibly the only issue with this product, then, is that not enough people know about it. Several analysts contacted for comment were unaware of the software.
"I wish more people knew about this," Sugg said. "I think if more people did, people would be beating down their door."