- Email: [email protected]
Virus protection for mobile phones and handheld computers
news also discuss how to guarantee E-commerce security and how to combat Internet fraud and viruses with international laws.
Banking on network security basics Following Barclays’ recent security problems, a consumer group has stated that high street banks need to get back to IT basics in order to deliver secure online banking services. In the UK, the Consumer’s Association has called for banks to pay more attention to basic software testing and observe data protection legislation, rather than set up new bodies to tackle Internet security. According to Alan Stevens, head of digital services at the Consumer’s Association, “There are some very good regulations and laws in place that apply to UK Internet banks. It is not a case of putting new regulations in place. Companies have to make sure that their own back-office systems are secure and that they use normal rules of IT development.” Barclays is still testing its upgraded online banking service and has not given a date for when it will be re-installed. The bank blamed the security glitch on a software code error in the upgraded site.
Online shopping hindered by security fears A new study carried out by the National Consumer Council
(NCC) in the UK has revealed that a lack of confidence in online security is hindering the expansion of Internet shopping. It has been reported in Computer Weekly that the Council found that currently only 3% of the British public shop online. The report found that customers are concerned with revealing credit card details online, the lack of opportunity to check goods before paying and the risk of fraudulent suppliers. The report also revealed that Internet users are more worried about shopping online than people who do not use the Internet. While 35% of adults think the Internet is the most risky place to shop, among Internet users that figure rises to 50%.
unauthorized access. Using a VPN is a method of ensuring the encryption of data as well as the use of certificates to validate the identity of the person with whom you wish to communicate. This information is kept up-to-date by the inclusion of a complete certificate management facility to include organizing revocation lists. Safeguard is going one step further by using global cross-certification via standard interfaces which they have developed. This demonstrates two levels of security action in order to ensure a safe intranet connection. For further information, contact Paul McDermott, Utimaco Software on tel: +44 1442 230 030; E-mail: [email protected]
COMPANY NEWS
Ultimo secures insurance group DBV-Winterthur, a division of the Credit Suisse group, is to use the Internet to connect its regional offices to their Wiesbaden headquarters. This involves 3500 PCs processing quotations and contracts via the Internet. The data that this involves will primarily be protected by Ultimo Systems Safeguard VPN and Safeguard PKI. The use of Public Key Infrastructure (PKI) in corporate security infrastructures is becoming more widespread. It allows a user-friendly security service while ensuring a reliable and uniform service to users. Virtual Private Networks (VPNs) will protect data from both the Internet and the corporate network from
Bolero.net and WISekey join forces WISekey, a widely recognized and trusted scalable Public Key Infrastructure (PKI) provider has joined forces with bolero.net who facilitate global E-commerce platform structures. The two companies plan to make their PKIs interoperable so that WISekey can provide certification services for bolero.net. This expands Bolero’s enrolment potential while improving the efficiency of secure communications with international trade in general. As far as the subscribers are concerned, this means that they have increased functionality for secure paperless trading on a global trade environment.
For further information, contact Markus Leutert on tel: +41 22 929 56 56; E-mail: [email protected].
PRODUCT NEWS
Virus protection for mobile phones and handheld computers F-Secure Corp. has announced the availability of an anti-virus product which can run directly on the majority of the latest generation of Internetenabled mobile phones, personal organizers and handheld computers to protect them from computer viruses. F-Secure AntiVirus for EOPC incorporates FSecure’s Mobile Scanner Technology and advanced wireless features. The new software runs on the Symbian EOPC platform which is designed specifically to allow mobile phones and handheld devices to run programs and provide Internet access. F-Secure claims that its new product is the only one to offer on-the-fly, real-time protection against binary viruses, script language viruses, Trojan horses and E-mail viruses. According to Risto Siilasmaa from F-Secure Corp., “Information must be protected where it’s created, stored and processed. Since these new platforms will take that information everywhere the user goes, the security protection must follow. FSecure Anti-Virus is the first native solution to protect these systems against malicious code.”
5
news For further information, visit the F-Secure Wireless Security Center website at: http://www. F-Secure.com/wireless/
Secure E-mail technology unveiled 5GM has announced the launch of 5GM-Mail which, the company claims, will allow users around the world to send sensitive and important documents over the Internet in the knowledge that they will be safe, secure and that receipt will be undisputed. The key features of 5GMMail are: • Authenticity — the mail message is of undisputed origin. • Integrity — 5GM-Mail shows that the message has not been altered. • Non-repudiation — the sender can have confidence that the message has been received by the intended recipient. • Security — encryption ensures the privacy and integrity of the message. • Proof of delivery — confirmation of E-mail and attached documents, archived on both servers, as it has been sent to the recipient. • The only E-mail software to comply with BSI DISC PD 5000;1999 — the international standard on the legal admissibility of electronic commerce, giving further weight of evidence that an E-mail has been sent and received. For further information, visit http://www.5GM.com or call +44 20 8422 5227. 6
Plug-and-play VPN security box Netstuff has integrated selected products by Nokia, Check Point and Acotec to offer an off-the-shelf solution for VPNs in the form of the VPN Security Box. Netstuff feels that by combining the various companies’ components an optimum solution has been reached where the know-how of each participating company is used to full advantage. Nokia provides the hardware, which includes a router with appropriate connections for the company-internal network and to the provider. This system is called VPN 210. The VPN Security Box integrates a Check Point Firewall and an encryption and decryption module. Acotec’s Remote Client Manager takes care of the automatic configuration of the access software on the module user’s PC. To prevent any attacks on the Internet connection, the product utilizes, in addition to the Check Point Firewall, client/server authentication in conjunction with Network Address Translation to achieve protection against both internal and external unauthorized network access. Also, all data transferred between the stations are encrypted. In this way, one single VPN Security Box serves to replace several encryption, authentication and routing devices. In a nutshell the product offers: • Connection of field offices via the Internet (VPNs). • Easy access to company
resources, also by mobile users or from a branch office. • Encrypted data transfer. • Integrated firewall and routing. • Central administration of access software from mobile user’s PC. • Automatic installation of the access software via web download, For further information, visit www.netstuff.de
AES IP hardware encryptor introduced Zaxus has introduced Datacryptor 2000 IP, an IP encryptor that can be softupgraded in place for the Advanced Encryption Standard (AES). The company hopes that its new product responds to the demand for increased IP security. Datacryptor 2000 uses Triple DES as standard and, in addition, the unit accepts customized/national algorithms without costly hardware upgrades. Using Field Programmable Gate Array (FPGA) technology to achieve hardware speed with the advantage of software-like flexibility, the product facilitates the migration to new algorithms, including the upcoming AES, guaranteeing users the availability of a soft-loadable AES algorithm when the standard is published. Allowing security to be brought as close to the host as the customer requires, the Datacryptor 2000 IP may be installed between the sub-network to be protected. IP packets are encapsulated, ensuring the confidentiality of the
payload as well as the source and destination addresses, while tunnelling through the IP network to up to 1000 concurrent encrypted destinations without degradation of service. Zaxus has also introduced a new WebSentry PCI security module offering system integrators a solution to providing the cryptographic functionality necessary to support both the Secure Sockets Layer (SSL) and the Secure Electronic Transaction (SET) standards. The product is available with a PCI interface for PC/server installation or with an Ethernet interface for standalone use covering both merchant and acquirer bank (payment gateway) applications. The WebSentry E-commerce solution provides the infrastructure to accommodate the widest range of throughput requirements of merchants, acquirer banks and electronic fund transfer (EFT) network processors in SSL or SET environments. It also meets the mandatory requirements of highly secure hardware security imposed on acquirer bank platforms. It is also possible to upgrade the software inside the WebSentry units to cater for future enhancements to the cryptographic standards without the need for hardware replacement. The product is not limited to Internet-based E-commerce applications. It provides generic public key infrastructure functionality to meet the demands of most applications where security is required — possibly involving key generation, digital signatures or encryption. The product’s modules are housed in tamper-resistant and tamper-evident modules. In addition, no plaintext keys are
Banking on network security basics Following Barclays’ recent security problems, a consumer group has stated that high street banks need to get back to IT basics in order to deliver secure online banking services. In the UK, the Consumer’s Association has called for banks to pay more attention to basic software testing and observe data protection legislation, rather than set up new bodies to tackle Internet security. According to Alan Stevens, head of digital services at the Consumer’s Association, “There are some very good regulations and laws in place that apply to UK Internet banks. It is not a case of putting new regulations in place. Companies have to make sure that their own back-office systems are secure and that they use normal rules of IT development.” Barclays is still testing its upgraded online banking service and has not given a date for when it will be re-installed. The bank blamed the security glitch on a software code error in the upgraded site.
Online shopping hindered by security fears A new study carried out by the National Consumer Council
(NCC) in the UK has revealed that a lack of confidence in online security is hindering the expansion of Internet shopping. It has been reported in Computer Weekly that the Council found that currently only 3% of the British public shop online. The report found that customers are concerned with revealing credit card details online, the lack of opportunity to check goods before paying and the risk of fraudulent suppliers. The report also revealed that Internet users are more worried about shopping online than people who do not use the Internet. While 35% of adults think the Internet is the most risky place to shop, among Internet users that figure rises to 50%.
unauthorized access. Using a VPN is a method of ensuring the encryption of data as well as the use of certificates to validate the identity of the person with whom you wish to communicate. This information is kept up-to-date by the inclusion of a complete certificate management facility to include organizing revocation lists. Safeguard is going one step further by using global cross-certification via standard interfaces which they have developed. This demonstrates two levels of security action in order to ensure a safe intranet connection. For further information, contact Paul McDermott, Utimaco Software on tel: +44 1442 230 030; E-mail: [email protected]
COMPANY NEWS
Ultimo secures insurance group DBV-Winterthur, a division of the Credit Suisse group, is to use the Internet to connect its regional offices to their Wiesbaden headquarters. This involves 3500 PCs processing quotations and contracts via the Internet. The data that this involves will primarily be protected by Ultimo Systems Safeguard VPN and Safeguard PKI. The use of Public Key Infrastructure (PKI) in corporate security infrastructures is becoming more widespread. It allows a user-friendly security service while ensuring a reliable and uniform service to users. Virtual Private Networks (VPNs) will protect data from both the Internet and the corporate network from
Bolero.net and WISekey join forces WISekey, a widely recognized and trusted scalable Public Key Infrastructure (PKI) provider has joined forces with bolero.net who facilitate global E-commerce platform structures. The two companies plan to make their PKIs interoperable so that WISekey can provide certification services for bolero.net. This expands Bolero’s enrolment potential while improving the efficiency of secure communications with international trade in general. As far as the subscribers are concerned, this means that they have increased functionality for secure paperless trading on a global trade environment.
For further information, contact Markus Leutert on tel: +41 22 929 56 56; E-mail: [email protected].
PRODUCT NEWS
Virus protection for mobile phones and handheld computers F-Secure Corp. has announced the availability of an anti-virus product which can run directly on the majority of the latest generation of Internetenabled mobile phones, personal organizers and handheld computers to protect them from computer viruses. F-Secure AntiVirus for EOPC incorporates FSecure’s Mobile Scanner Technology and advanced wireless features. The new software runs on the Symbian EOPC platform which is designed specifically to allow mobile phones and handheld devices to run programs and provide Internet access. F-Secure claims that its new product is the only one to offer on-the-fly, real-time protection against binary viruses, script language viruses, Trojan horses and E-mail viruses. According to Risto Siilasmaa from F-Secure Corp., “Information must be protected where it’s created, stored and processed. Since these new platforms will take that information everywhere the user goes, the security protection must follow. FSecure Anti-Virus is the first native solution to protect these systems against malicious code.”
5
news For further information, visit the F-Secure Wireless Security Center website at: http://www. F-Secure.com/wireless/
Secure E-mail technology unveiled 5GM has announced the launch of 5GM-Mail which, the company claims, will allow users around the world to send sensitive and important documents over the Internet in the knowledge that they will be safe, secure and that receipt will be undisputed. The key features of 5GMMail are: • Authenticity — the mail message is of undisputed origin. • Integrity — 5GM-Mail shows that the message has not been altered. • Non-repudiation — the sender can have confidence that the message has been received by the intended recipient. • Security — encryption ensures the privacy and integrity of the message. • Proof of delivery — confirmation of E-mail and attached documents, archived on both servers, as it has been sent to the recipient. • The only E-mail software to comply with BSI DISC PD 5000;1999 — the international standard on the legal admissibility of electronic commerce, giving further weight of evidence that an E-mail has been sent and received. For further information, visit http://www.5GM.com or call +44 20 8422 5227. 6
Plug-and-play VPN security box Netstuff has integrated selected products by Nokia, Check Point and Acotec to offer an off-the-shelf solution for VPNs in the form of the VPN Security Box. Netstuff feels that by combining the various companies’ components an optimum solution has been reached where the know-how of each participating company is used to full advantage. Nokia provides the hardware, which includes a router with appropriate connections for the company-internal network and to the provider. This system is called VPN 210. The VPN Security Box integrates a Check Point Firewall and an encryption and decryption module. Acotec’s Remote Client Manager takes care of the automatic configuration of the access software on the module user’s PC. To prevent any attacks on the Internet connection, the product utilizes, in addition to the Check Point Firewall, client/server authentication in conjunction with Network Address Translation to achieve protection against both internal and external unauthorized network access. Also, all data transferred between the stations are encrypted. In this way, one single VPN Security Box serves to replace several encryption, authentication and routing devices. In a nutshell the product offers: • Connection of field offices via the Internet (VPNs). • Easy access to company
resources, also by mobile users or from a branch office. • Encrypted data transfer. • Integrated firewall and routing. • Central administration of access software from mobile user’s PC. • Automatic installation of the access software via web download, For further information, visit www.netstuff.de
AES IP hardware encryptor introduced Zaxus has introduced Datacryptor 2000 IP, an IP encryptor that can be softupgraded in place for the Advanced Encryption Standard (AES). The company hopes that its new product responds to the demand for increased IP security. Datacryptor 2000 uses Triple DES as standard and, in addition, the unit accepts customized/national algorithms without costly hardware upgrades. Using Field Programmable Gate Array (FPGA) technology to achieve hardware speed with the advantage of software-like flexibility, the product facilitates the migration to new algorithms, including the upcoming AES, guaranteeing users the availability of a soft-loadable AES algorithm when the standard is published. Allowing security to be brought as close to the host as the customer requires, the Datacryptor 2000 IP may be installed between the sub-network to be protected. IP packets are encapsulated, ensuring the confidentiality of the
payload as well as the source and destination addresses, while tunnelling through the IP network to up to 1000 concurrent encrypted destinations without degradation of service. Zaxus has also introduced a new WebSentry PCI security module offering system integrators a solution to providing the cryptographic functionality necessary to support both the Secure Sockets Layer (SSL) and the Secure Electronic Transaction (SET) standards. The product is available with a PCI interface for PC/server installation or with an Ethernet interface for standalone use covering both merchant and acquirer bank (payment gateway) applications. The WebSentry E-commerce solution provides the infrastructure to accommodate the widest range of throughput requirements of merchants, acquirer banks and electronic fund transfer (EFT) network processors in SSL or SET environments. It also meets the mandatory requirements of highly secure hardware security imposed on acquirer bank platforms. It is also possible to upgrade the software inside the WebSentry units to cater for future enhancements to the cryptographic standards without the need for hardware replacement. The product is not limited to Internet-based E-commerce applications. It provides generic public key infrastructure functionality to meet the demands of most applications where security is required — possibly involving key generation, digital signatures or encryption. The product’s modules are housed in tamper-resistant and tamper-evident modules. In addition, no plaintext keys are