- Email: [email protected]
Cisco adds security features to network system
NetWare 4.1 is secure even without C2, the rating further assures users that multiple third-party products are able to plug into a “secure, trusted computing environment.”
virus, followed by Form, Stealth.B, AntiEXE, Michelangelo, Stoned, Satan Bug Natas, V-Sign, NoInt and NYB.
As companies networks become more entwined with the ‘global network’, it is becoming more important to be confident of security at a local level. “If you were to do a standalone workstation evaluation, once you stick in a NIC, you’ve invalidated that rating”, Clare said.
The company said that, regardless of what company’s product they use, users need to update their anti-virus software frequently, because the proliferation of viruses means that after three months most anti-virus software can intercept and destroy only 60-70% of viruses.
The C2 rating, Clare said, will be another “checklist” item for users when they are making a NOS purchase decision. “The real customer value is when people make a purchase decision [and see the C2 rating] is that it makes them feel warm and fuzzy inside”, Clare said. “But it’s not a make or break decision.”
Peter Tippett, president of the NCSA, said that since 1992, when the Michelangelo virus first put the fear of viruses into the public, the pesky programs have exploded in number. “The problem is three times worse than when Michelangelo came around”, Tippett said. “We can now say there are 6000 different computer viruses. Five years ago, there were less than lOO.“Tippett estimated that destructive viruses will cost corporate America over $1 billion in damage and lost time in 1995.
Viruses Get a Day of Their Own Chris Bucholtz emphasize the need for users to protect their computers T oagainst viruses, a group of US security software producers and online groups launched a 20-day anti-virus campaign beginning with ‘Virus Awareness Day’ on September 8. The national event, sponsored by anti-virus product developer members of the National Computer Security Association, included a toll-free phone-in support service to help remedy user problems, an virus assortment of trial copies of security applications that could be downloaded from CompuServe, and online forums intended to educate users about how viruses work, what sort of damage they can do and how to avoid them.
“users need to update their anti-virus software frequently”
The effort came at a time when viruses were beginning to creep back into the news. While the Microsoft Word Macro virus captured front-page headlines, other viruses are more common and much easier to contract. Symantec, which makes the Norton AntiVirus family of software, reported that Monkey is the most prevalent
10
Cisco Adds Security Features to Network System Chris Bucholtz eisco Systems has introduced a new internetworking uoperating system with security features that the company says will help prevent tampering with networks. Cisco’s Internetworking Operating System (IOS), which went on the market in September, will include new firewalls, encryption, access management, route authentication and IP access control list violation logging to provide protection to network data and keep track of those who attempt to misuse the network.
“include new firewalls, encryption, access management, route authentication and IP access control list violation logging”
Computer Fraud 81 Security October 1995 0 1995 Elsevier Science Ltd
SECURITY REPORTS The route authentication portion of Cisco’s security system is based around the Terminal Access Controller Access Control System (TACACS), technology originally designed for the US defence department and licensed from Security Dynamics Inc. This component centrally validates the identity of users before they can gain access to a router or access server. The TACACS system can be used to challenge network users with a number of questions, such as mother’s maiden name, home address or phone number, before granting access. After a user is authorized for access, the system checks the name against a listing of the networks that particular user is permitted to access. The accounting component of TACACS can keep track of access by employees for a security audit or to keep track of billing. The system can also accommodate third-party token card access systems for increased access security. For transmissions across WANs, 10s uses Kerberos secret-key technology licensed from Cylink Corp. This secret-key approach requires the use of a Kerberos server to provide storage for keys. The client portion of Kerberos is integrated within 10s in the access servers. The 10s system also allows administrators to establish up to 16 ‘privilege levels’, which can be used to limit access to specific components of the network. The new operating system is available for AppleTalk, Vines and Novell IPX environments.
Standards Advisory Group Looks into Security Chris Bucholtz
prevent what it calls the electronic hijacking of online T oinformation, an BO-member multi-disciplined group in the US called the Information Infrastructure Standards Panel (IISP) is working to establish preventative standards before, its statement says, criminals and hackers make off with assets worth billion of dollars. The IISP is under the umbrella of the American National Standards Institute (ANSI). Its membership includes 30 companies, 40 industry and standards organizations, and 10 government agencies, including the
Computer Fraud & Security 0 1995 Elsevier Science Ltd
October 1995
US Federal Communications Commission and the US State Department. The IISP is investigating methods of encryption and other security techniques to keep data from being appropriated from networks, said Mr R.M. “Chick” Hayden, ANSI Director of Information Infrastructure Programs. “We’re not a police force”, Hayden said. “Our effort is in being sure the software companies and other people who create intellectual property can be confident in using the infrastructure.” The organization targets electronic copyright violations as well as more technical hacking activities.
“IISP is
investigating methods of encryption and other security techniques to keep data from being appropriated from networks”
Mr Hayden said that the IISP had made recommendations on “about 30 standards proposals” for security standards since the organization was founded in 1994, although none as yet have been enacted. The organization also with deals interoperability issues concerning security in the computer, telephone, broadcasting industries.
cable, satellite,
cellular and
The IISP tries to identify areas of interoperability and checks for existing security standards. Should a standard not exist, the panel submits the need for a standard to formal standards bodies for development. “In the past, a lot of these industries haven’t had to cross-communicate”, said Mr Hayden. “The computer companies have always communicated pretty well, but cable, broadcast and satellite folks have operated on their own turf with their own sets of regulations, and without much interconnection. Obviously, that must change.”
News/Reports Comment Contributions or comments for the news or Security Reports sections would be welcomed by the Editor and should be sent to the editorial address given on the back of this issue.
11
virus, followed by Form, Stealth.B, AntiEXE, Michelangelo, Stoned, Satan Bug Natas, V-Sign, NoInt and NYB.
As companies networks become more entwined with the ‘global network’, it is becoming more important to be confident of security at a local level. “If you were to do a standalone workstation evaluation, once you stick in a NIC, you’ve invalidated that rating”, Clare said.
The company said that, regardless of what company’s product they use, users need to update their anti-virus software frequently, because the proliferation of viruses means that after three months most anti-virus software can intercept and destroy only 60-70% of viruses.
The C2 rating, Clare said, will be another “checklist” item for users when they are making a NOS purchase decision. “The real customer value is when people make a purchase decision [and see the C2 rating] is that it makes them feel warm and fuzzy inside”, Clare said. “But it’s not a make or break decision.”
Peter Tippett, president of the NCSA, said that since 1992, when the Michelangelo virus first put the fear of viruses into the public, the pesky programs have exploded in number. “The problem is three times worse than when Michelangelo came around”, Tippett said. “We can now say there are 6000 different computer viruses. Five years ago, there were less than lOO.“Tippett estimated that destructive viruses will cost corporate America over $1 billion in damage and lost time in 1995.
Viruses Get a Day of Their Own Chris Bucholtz emphasize the need for users to protect their computers T oagainst viruses, a group of US security software producers and online groups launched a 20-day anti-virus campaign beginning with ‘Virus Awareness Day’ on September 8. The national event, sponsored by anti-virus product developer members of the National Computer Security Association, included a toll-free phone-in support service to help remedy user problems, an virus assortment of trial copies of security applications that could be downloaded from CompuServe, and online forums intended to educate users about how viruses work, what sort of damage they can do and how to avoid them.
“users need to update their anti-virus software frequently”
The effort came at a time when viruses were beginning to creep back into the news. While the Microsoft Word Macro virus captured front-page headlines, other viruses are more common and much easier to contract. Symantec, which makes the Norton AntiVirus family of software, reported that Monkey is the most prevalent
10
Cisco Adds Security Features to Network System Chris Bucholtz eisco Systems has introduced a new internetworking uoperating system with security features that the company says will help prevent tampering with networks. Cisco’s Internetworking Operating System (IOS), which went on the market in September, will include new firewalls, encryption, access management, route authentication and IP access control list violation logging to provide protection to network data and keep track of those who attempt to misuse the network.
“include new firewalls, encryption, access management, route authentication and IP access control list violation logging”
Computer Fraud 81 Security October 1995 0 1995 Elsevier Science Ltd
SECURITY REPORTS The route authentication portion of Cisco’s security system is based around the Terminal Access Controller Access Control System (TACACS), technology originally designed for the US defence department and licensed from Security Dynamics Inc. This component centrally validates the identity of users before they can gain access to a router or access server. The TACACS system can be used to challenge network users with a number of questions, such as mother’s maiden name, home address or phone number, before granting access. After a user is authorized for access, the system checks the name against a listing of the networks that particular user is permitted to access. The accounting component of TACACS can keep track of access by employees for a security audit or to keep track of billing. The system can also accommodate third-party token card access systems for increased access security. For transmissions across WANs, 10s uses Kerberos secret-key technology licensed from Cylink Corp. This secret-key approach requires the use of a Kerberos server to provide storage for keys. The client portion of Kerberos is integrated within 10s in the access servers. The 10s system also allows administrators to establish up to 16 ‘privilege levels’, which can be used to limit access to specific components of the network. The new operating system is available for AppleTalk, Vines and Novell IPX environments.
Standards Advisory Group Looks into Security Chris Bucholtz
prevent what it calls the electronic hijacking of online T oinformation, an BO-member multi-disciplined group in the US called the Information Infrastructure Standards Panel (IISP) is working to establish preventative standards before, its statement says, criminals and hackers make off with assets worth billion of dollars. The IISP is under the umbrella of the American National Standards Institute (ANSI). Its membership includes 30 companies, 40 industry and standards organizations, and 10 government agencies, including the
Computer Fraud & Security 0 1995 Elsevier Science Ltd
October 1995
US Federal Communications Commission and the US State Department. The IISP is investigating methods of encryption and other security techniques to keep data from being appropriated from networks, said Mr R.M. “Chick” Hayden, ANSI Director of Information Infrastructure Programs. “We’re not a police force”, Hayden said. “Our effort is in being sure the software companies and other people who create intellectual property can be confident in using the infrastructure.” The organization targets electronic copyright violations as well as more technical hacking activities.
“IISP is
investigating methods of encryption and other security techniques to keep data from being appropriated from networks”
Mr Hayden said that the IISP had made recommendations on “about 30 standards proposals” for security standards since the organization was founded in 1994, although none as yet have been enacted. The organization also with deals interoperability issues concerning security in the computer, telephone, broadcasting industries.
cable, satellite,
cellular and
The IISP tries to identify areas of interoperability and checks for existing security standards. Should a standard not exist, the panel submits the need for a standard to formal standards bodies for development. “In the past, a lot of these industries haven’t had to cross-communicate”, said Mr Hayden. “The computer companies have always communicated pretty well, but cable, broadcast and satellite folks have operated on their own turf with their own sets of regulations, and without much interconnection. Obviously, that must change.”
News/Reports Comment Contributions or comments for the news or Security Reports sections would be welcomed by the Editor and should be sent to the editorial address given on the back of this issue.
11