- Email: [email protected]
NCSA supports new TIS ForceField
March 7997
Network Security
Without SurfinShield Xtra, any user of Netscape Navigator(TM) or Internet Explorer(TM) may be unknowingly allowing hostile applets into the desktop. Unlike which are applets, Java somewhat restrained by an initial layer of protection through the Java Security Manager, the signed code of ActiveX applets can enter the desktop without any security check and can perform virtually any task the user himself might perform. “With SurfinShield Xtra, there is finally a way to access the ActiveX realm of the Internet with improved protection from hostile ActiveX attacks. SurfinShield Xtra adds a layer of security to ActiveX and places decisions about its activities in the hands of desktop users,” said Shlomo Touboul. CEO of Finjan Software. Finjan has stated its commitment to keeping ahead of the threat and will introduce new capabilities that plug up modern security holes before they can be fully exploited. Finjan’s SurfinShield Xtra expands Finjan’s Java security expertise to the realm of ActiveX, and claims to be the first Internet security solution to offer dual Java and ActiveX security. Finjan Software Java and ActiveX protect solutions security enterprise and stand-alone computer resources from hostile applets. SurfinShield works at the desktop level to protect local computer resources from hostile Java and ActiveX attacks. Finjan’s (patent pending) “Surfin” technology protects resources at the corporate gateway. The Finjan Java Security Alliance is supported by the top six firewall vendors who use SurfinGate applet content scanning as a base technology for their firewall products.
4
Dynumics has launched ACE/Server Access Manager, a protocol independent, authentication. authorization and accounting solution fur customers of its ACE/Server security platform. The aim of the product is to provide customers with enhanced security solutions for accounting data and remote access. The product, which supports TACACS+ and RADIUS protocols (standards far network authentication and authortzation). will allow interoperubilitywith remote access servers and third pa* security packages. It can selectively require end users to ~~th~~~~u~~ wi~~.~a-fa~~~f authentication tokens and ACE/Server netv+ork soeurHy softwure Security
for further informafion on Finjan security producfs visif the Web site at: htfp://www. finjarxom. Roy Szweda
NCSA supports new TIS ForceField Trusted Information Systems Inc. (TIS), Glenwood. MD, USA, has launched a new Web server called product security ForceField. In support of the launch, the US National Computer Security Association (NCSA) said, “In the past, the Web server has been considered the ‘sacrificial lamb’, put in harm’s way on the Internet side of a firewall. But Web managers want security solutions specifically designed to protect Web servers. TIS seems to have responded to this need with their ForceField product.” Said Dr Peter Tippett, NCSA like “Products President, ForceField will up the ante of Web server security, helping to increase overall confidence in networked transactions, We are happy to see solutions being security developed to address the unique needs of web servers. ”
The new product uses technology from TIS’ Gauntlet firewall to protect the server platform from unauthorized tampering, while continuing to allow the performance, resource reallocation and anonymous access that make a publicly accessible Web server valuable. Among the security measures taken when ForceField is installed: l
Systems Operating Hardening: can prevent most commonWeb server attacks,
l
Integrity Checking: provides the means to ensure the operating system has not been compromised.
l
Access Restrictions: prevent all but authorized users from altering contents or entering administrative areas of the Web server,
l
Smoke Alarms: provide vital anyone information on seeking to penetrate the Web server.
An administrative Interface allows the Web master to easily configure the Web server’s security options. Configuration
01997
Elsevier Science Ltd
March
7 997
Network Security
can also include a strong authentication process, so that a site’s Web master, working remotely, can have access to the underlying HTML files. TIS describes ForceField as a “first-of-its-kind product”, it uses the Company’s Gauntlet firewall technology to protect sensitive data without compromising the high level of performance required of a Web server. “For the first time, Web site administrators can protect their servers from multiple threats by installing a single product”, according to Harvey Weiss, the TIS Commercial Division president. for further informafion, contact Stacey Fairbairn, T/S, on: + 1 301 947-7 727; E-mail: sef@fis. corn. Roy Szweda
IBM launches SecureWay Atoosa Savarnejad IBM has just launched a SecureWay Key Management Framework which will make it possible for various security offerings to work together while solving Washington’s proposed key recovery crypt0 plan. IBM’s SecureWay Key Management Framework will provide for adoption of new and existing key recovery technologies without dlsturbrng existing cryptographic and other security functions and operations. It does so by isolating applications from the unique properties of a specific key recovery implementation.
01997
Elsevier
Science
Ltd
IBM’s Framework consists of software that provides a layer of isolation between applications on top of the framework and specific implementations of services or mechanisms on the bottom. Applications can access the service desired by using a standard API. Service provider implementations that support the service provider interface can be plugged into the framework without changes to the applications. The SecureWay Key Management Framework enables applications that use cryptography to set up a key recovery environment that is not dependent upon any one provider’s implementation of key recovery. The framework also ensures that key recovery cannot be bypassed and that a complete key recovery environment is set up before any encrypted communication takes place. The first endorsers of this are Nortel, RSA Data Security and Trusted Information Systems. The framework functions include identifying and registering the various service provider implementations, maintaining and storing information about the current state of the environment, providing a mapping or transformation that enables interoperation of heterogeneous environments, and checking to make sure that the service provider implementations have not been tampered with. Late lasr year, Hewlett-Packard, jolned by Intel, Microsoft and other partners, rolled out its International Cryptographic Framework, a hardware-based encryption technique for transmitting electronic files over the Internet and across international borders. The technology offers flexibility that allows it to be used
internationally. ICF cryptographic units, which support keys of any length, won government export approval because they are disabled until a device called a “policy activation token” switches them on again. The token, either a downloadable software module or a smartcard, triggers application algorithms. ICF doesn’t resolve the controversy over Washington’s proposed key-recovery crypt0 plan that requires a set of keys to be turned over to a third party
eTrust to roll out in second quarter Atoosa Savarnejad A global initiative for establishing consumer confidence in electronic information exchange is set to be rolled out in the second quarter of this year. Backed by the Electronic Frontier Foundation and CommerceNet, eTrust, which is striving to be the pioneer in ensuring consumer confidence and trust in electronic interactions, will dispense its seals of approval to particiapating Web sites which must follow a strict set of privacy guidelines set up by eTrust. The programme IS in pilot testing at the moment with 35 Web sites. It expects to have about 100 sites participate by the pilot trial’s end. eTrust will primarily focus on protecting consumer privacy on the Internet. “Privacy is a matter of informed consent. You can click on a page with the seal on it and you know what the privacy policies are,” said Andrew Boyer, product manager for eTrust. Companies or organizations participating in the eTrust programme will apply for one or
5
Network Security
Without SurfinShield Xtra, any user of Netscape Navigator(TM) or Internet Explorer(TM) may be unknowingly allowing hostile applets into the desktop. Unlike which are applets, Java somewhat restrained by an initial layer of protection through the Java Security Manager, the signed code of ActiveX applets can enter the desktop without any security check and can perform virtually any task the user himself might perform. “With SurfinShield Xtra, there is finally a way to access the ActiveX realm of the Internet with improved protection from hostile ActiveX attacks. SurfinShield Xtra adds a layer of security to ActiveX and places decisions about its activities in the hands of desktop users,” said Shlomo Touboul. CEO of Finjan Software. Finjan has stated its commitment to keeping ahead of the threat and will introduce new capabilities that plug up modern security holes before they can be fully exploited. Finjan’s SurfinShield Xtra expands Finjan’s Java security expertise to the realm of ActiveX, and claims to be the first Internet security solution to offer dual Java and ActiveX security. Finjan Software Java and ActiveX protect solutions security enterprise and stand-alone computer resources from hostile applets. SurfinShield works at the desktop level to protect local computer resources from hostile Java and ActiveX attacks. Finjan’s (patent pending) “Surfin” technology protects resources at the corporate gateway. The Finjan Java Security Alliance is supported by the top six firewall vendors who use SurfinGate applet content scanning as a base technology for their firewall products.
4
Dynumics has launched ACE/Server Access Manager, a protocol independent, authentication. authorization and accounting solution fur customers of its ACE/Server security platform. The aim of the product is to provide customers with enhanced security solutions for accounting data and remote access. The product, which supports TACACS+ and RADIUS protocols (standards far network authentication and authortzation). will allow interoperubilitywith remote access servers and third pa* security packages. It can selectively require end users to ~~th~~~~u~~ wi~~.~a-fa~~~f authentication tokens and ACE/Server netv+ork soeurHy softwure Security
for further informafion on Finjan security producfs visif the Web site at: htfp://www. finjarxom. Roy Szweda
NCSA supports new TIS ForceField Trusted Information Systems Inc. (TIS), Glenwood. MD, USA, has launched a new Web server called product security ForceField. In support of the launch, the US National Computer Security Association (NCSA) said, “In the past, the Web server has been considered the ‘sacrificial lamb’, put in harm’s way on the Internet side of a firewall. But Web managers want security solutions specifically designed to protect Web servers. TIS seems to have responded to this need with their ForceField product.” Said Dr Peter Tippett, NCSA like “Products President, ForceField will up the ante of Web server security, helping to increase overall confidence in networked transactions, We are happy to see solutions being security developed to address the unique needs of web servers. ”
The new product uses technology from TIS’ Gauntlet firewall to protect the server platform from unauthorized tampering, while continuing to allow the performance, resource reallocation and anonymous access that make a publicly accessible Web server valuable. Among the security measures taken when ForceField is installed: l
Systems Operating Hardening: can prevent most commonWeb server attacks,
l
Integrity Checking: provides the means to ensure the operating system has not been compromised.
l
Access Restrictions: prevent all but authorized users from altering contents or entering administrative areas of the Web server,
l
Smoke Alarms: provide vital anyone information on seeking to penetrate the Web server.
An administrative Interface allows the Web master to easily configure the Web server’s security options. Configuration
01997
Elsevier Science Ltd
March
7 997
Network Security
can also include a strong authentication process, so that a site’s Web master, working remotely, can have access to the underlying HTML files. TIS describes ForceField as a “first-of-its-kind product”, it uses the Company’s Gauntlet firewall technology to protect sensitive data without compromising the high level of performance required of a Web server. “For the first time, Web site administrators can protect their servers from multiple threats by installing a single product”, according to Harvey Weiss, the TIS Commercial Division president. for further informafion, contact Stacey Fairbairn, T/S, on: + 1 301 947-7 727; E-mail: sef@fis. corn. Roy Szweda
IBM launches SecureWay Atoosa Savarnejad IBM has just launched a SecureWay Key Management Framework which will make it possible for various security offerings to work together while solving Washington’s proposed key recovery crypt0 plan. IBM’s SecureWay Key Management Framework will provide for adoption of new and existing key recovery technologies without dlsturbrng existing cryptographic and other security functions and operations. It does so by isolating applications from the unique properties of a specific key recovery implementation.
01997
Elsevier
Science
Ltd
IBM’s Framework consists of software that provides a layer of isolation between applications on top of the framework and specific implementations of services or mechanisms on the bottom. Applications can access the service desired by using a standard API. Service provider implementations that support the service provider interface can be plugged into the framework without changes to the applications. The SecureWay Key Management Framework enables applications that use cryptography to set up a key recovery environment that is not dependent upon any one provider’s implementation of key recovery. The framework also ensures that key recovery cannot be bypassed and that a complete key recovery environment is set up before any encrypted communication takes place. The first endorsers of this are Nortel, RSA Data Security and Trusted Information Systems. The framework functions include identifying and registering the various service provider implementations, maintaining and storing information about the current state of the environment, providing a mapping or transformation that enables interoperation of heterogeneous environments, and checking to make sure that the service provider implementations have not been tampered with. Late lasr year, Hewlett-Packard, jolned by Intel, Microsoft and other partners, rolled out its International Cryptographic Framework, a hardware-based encryption technique for transmitting electronic files over the Internet and across international borders. The technology offers flexibility that allows it to be used
internationally. ICF cryptographic units, which support keys of any length, won government export approval because they are disabled until a device called a “policy activation token” switches them on again. The token, either a downloadable software module or a smartcard, triggers application algorithms. ICF doesn’t resolve the controversy over Washington’s proposed key-recovery crypt0 plan that requires a set of keys to be turned over to a third party
eTrust to roll out in second quarter Atoosa Savarnejad A global initiative for establishing consumer confidence in electronic information exchange is set to be rolled out in the second quarter of this year. Backed by the Electronic Frontier Foundation and CommerceNet, eTrust, which is striving to be the pioneer in ensuring consumer confidence and trust in electronic interactions, will dispense its seals of approval to particiapating Web sites which must follow a strict set of privacy guidelines set up by eTrust. The programme IS in pilot testing at the moment with 35 Web sites. It expects to have about 100 sites participate by the pilot trial’s end. eTrust will primarily focus on protecting consumer privacy on the Internet. “Privacy is a matter of informed consent. You can click on a page with the seal on it and you know what the privacy policies are,” said Andrew Boyer, product manager for eTrust. Companies or organizations participating in the eTrust programme will apply for one or
5