- Email: [email protected]
Word macro viruses detected and eliminated
April 1996
package of managed intranet solutions. Included, initially, will be the MCI WebSite Services and MCI Enterprise Connect. Intranets, private Web-based Internet networks, accessible only within an enterprise, are used to connect employees and business partners to critical information. corporate lntranets are also used for file sharing, document transfers and establishing interactive bulletin boards within an organization. For further information, contact Andrew Lees, Microsoft Lfd on: -1-44 1734 27000 7.
PRODUCT NEWS Secure Internet payments A small company in the States reckons it can succeed where Visa and Mastercard have yet to succeed, reports The Toronto Sfar. The Oakville company, Switchtech Corp., is offering merchants a secure way to get paid for products sold on the Internet. Visa and Mastercard’s Secure Electronic Transactions Technology will not officially be available for another year. Switchtech Corp. has developed an encryption system merchants and customers can use to make transactions quickly and secretly. The company claims that its system will encrypt and verify transactions in seconds, while the cybershopper is online.lf an Internet merchant is hooked up with Switchtech, a shopper’s request to buy an item will be linked to the Website. A company’s customer will be sent a secure
01996 Elsevier Science Ltd
Network Security
form to fill out with a credit-card number. The encrypted information will zip back to Switchtech for verification and the transaction will be concluded, it is claimed, within seconds. Shoppers will then receive an electronic receipt for each purchase.
More security for Windows NT Security Dynamics Inc. Has developed a new software package which secures Windows NT Workstation and NT Server-based networks for local and remote users, reveals Computerworld. ACE/Client 2.0 gives users of Microsoft’s Windows NT Server and Windows NT workstation two levels of log-in and password authentication to help ensure secure local and remote network access. The product works with ACE/Server software and SecurlD token-security products and runs on industry-standard Unix platforms such as Sun Microsystems’ Sun OS, IBM’s AIX and Hewlett-Packard’s HP-UX. Users enter a six-digit personal identification number each time they access the network; a light emitting diode device then displays an access code that lets users log on. The technology provides more of an impediment to would-be hackers because the access code automatically changes every minute. ACE/Server and ACE/Client software lets end users and network administrators use standard Windows NT Workstation and Server commands and management utilities when
they in. Besides log authenticating the user’s identification, the package gives administrators an audit trail that records all access attempts. Security Dynamics has also released version 2.1 of its ACE/Server network security software product. New features include: support for additional TACACS functionality and support for more OS configurations. Version 2.1 now supports users of the enhanced TACACS+ and Extended TACACS capabilities, Cisco’s authentication service standards. Compatibility with these protocols allows network mangers to complement existing TACACS+ authorization and auditing features with the SecurlD and ACE/Server two-factor, one-time authentication technologies. This version now supports the majority of Unix-based operating systems, including SunOS ~4.1 .3, Solaris ~2.4, HP-UX ~10.0 and AIX ~4.14. For further information, contact John Batting, Security Dynamics on: +44 1734 795822.
Word macro viruses detected and eliminated Cheyenne’s InocuLAN 4.0 is among the first products to pass the NCSA’s new certification requirements, combining network management tools with a new artificial intelligencebased scanning engine. It can detect and cure, claims its manufacturers, virtually all known (and many unknown) viruses. These include Word Macro Viruses because of the
5
Network Security
product’s recently developed Macro Analyser. The product can automatically dial Cheyenne’s BBS, download software and virus signature updates, and distribute them to every server and workstation on the network. It can also unload itself from the server and then reload to take advantage of the latest updates. The ‘enforcement’ feature allows administrators to monitor InocuLAN’s use on the network. It can scan workstations to ensure the presence of a VxD, warning or logging out offenders. The product can also scan compressed files for viruses an important feature for Internet users as most files are downloaded from WWW and FTP sites in a compressed format. Other features include automatically generated customized alerts which can then be sent by E-mail, page, SNMP network broadcast, printed trouble ticket or automatically through the FAXserve. for further information, contact David Ball, Cheyenne Software on: +44 I737 775500.
REPORTS IDC annual survey reveals extent of insecurity Atoosa Savarnejad A survey of US companies has revealed that for a majority of companies, lack of security over the Internet is a very serious issue. While 89% of the companies polled said that they expected to implement strategies for using Internet technologies in intranets within the next 12 months, 54% said that they were worried
6
April 1996
about the lack of security of information exchanged over the Internet. The main worry in setting up intranets was the issue of keeping proprietary information confidential. ‘As companies use the Internet in their infrastructure, security becomes an issue”, said Gigi Wang, senior vice president at International Data Corporation in Framingham, Massachusetts, USA. Wang is in charge of writing the analysis of the survey which was partly conducted by IDC, Wang said that she was not surprised by the 54% figure because, although everybody polled was concerned about network security, much of the time, the worry could be overcome by the products out in the market, such as firewalls. “It’s right about what we expected both for Internet and intranet users”, Wang said. Security is always an issue, Wang said. But with security devices being built into servers and browsers, it is shifting focus and becoming more of a marketing issue rather than a technical issue. IDC, a research and marketing firm, in conjunction with Nehvork World magazine has conducted a survey of issues facing the top corporate networking world every year for the last four years. Issues include LANS, WANs, remote access servers, applications and security. ‘We wanted to take a snapshot of issues that were facing the networking world because they change every year”, Wang said. The annual telephone survey polled 500 US network users whose companies have
internetworked local area networks and wide area networks with annual expenditures of more than $5 billion and 1000 or more employees. A preview of the Network World 500 Internet study “Networking in the Cyber age” was released at the NetWorld+lnterop trade show earlier this month. The report will be out in May,
US company offers firewall challenge Atoosa Savarnejad All through May, a US company will give hackers a chance to test their brains, promising the first person to penetrate its firewall a USS 10 000 reward. Open from l-3 1 May, the $10 000 Firewall Challenge is an attempt by San Jose, California-based Network Engineering Technologies (NET) Inc. to assure the market of the impenetrability of its firewall product. “We believe nobody will be able to penetrate this because our security is very good”, said Chris Coley, vice president of engineering at NET. The problem with most firewalls today is that to add certain kinds of functions requires that a hole be punched into the firewall. But instead of punching holes through a firewall, NET uses technique called a multi-homing, which creates the illusion that the firewall is multiple machines. Each of the machines can be programmed to deal with a different host on the Internet. The competition is open globally to anyone except for
01996
Elsevier Science Ltd
package of managed intranet solutions. Included, initially, will be the MCI WebSite Services and MCI Enterprise Connect. Intranets, private Web-based Internet networks, accessible only within an enterprise, are used to connect employees and business partners to critical information. corporate lntranets are also used for file sharing, document transfers and establishing interactive bulletin boards within an organization. For further information, contact Andrew Lees, Microsoft Lfd on: -1-44 1734 27000 7.
PRODUCT NEWS Secure Internet payments A small company in the States reckons it can succeed where Visa and Mastercard have yet to succeed, reports The Toronto Sfar. The Oakville company, Switchtech Corp., is offering merchants a secure way to get paid for products sold on the Internet. Visa and Mastercard’s Secure Electronic Transactions Technology will not officially be available for another year. Switchtech Corp. has developed an encryption system merchants and customers can use to make transactions quickly and secretly. The company claims that its system will encrypt and verify transactions in seconds, while the cybershopper is online.lf an Internet merchant is hooked up with Switchtech, a shopper’s request to buy an item will be linked to the Website. A company’s customer will be sent a secure
01996 Elsevier Science Ltd
Network Security
form to fill out with a credit-card number. The encrypted information will zip back to Switchtech for verification and the transaction will be concluded, it is claimed, within seconds. Shoppers will then receive an electronic receipt for each purchase.
More security for Windows NT Security Dynamics Inc. Has developed a new software package which secures Windows NT Workstation and NT Server-based networks for local and remote users, reveals Computerworld. ACE/Client 2.0 gives users of Microsoft’s Windows NT Server and Windows NT workstation two levels of log-in and password authentication to help ensure secure local and remote network access. The product works with ACE/Server software and SecurlD token-security products and runs on industry-standard Unix platforms such as Sun Microsystems’ Sun OS, IBM’s AIX and Hewlett-Packard’s HP-UX. Users enter a six-digit personal identification number each time they access the network; a light emitting diode device then displays an access code that lets users log on. The technology provides more of an impediment to would-be hackers because the access code automatically changes every minute. ACE/Server and ACE/Client software lets end users and network administrators use standard Windows NT Workstation and Server commands and management utilities when
they in. Besides log authenticating the user’s identification, the package gives administrators an audit trail that records all access attempts. Security Dynamics has also released version 2.1 of its ACE/Server network security software product. New features include: support for additional TACACS functionality and support for more OS configurations. Version 2.1 now supports users of the enhanced TACACS+ and Extended TACACS capabilities, Cisco’s authentication service standards. Compatibility with these protocols allows network mangers to complement existing TACACS+ authorization and auditing features with the SecurlD and ACE/Server two-factor, one-time authentication technologies. This version now supports the majority of Unix-based operating systems, including SunOS ~4.1 .3, Solaris ~2.4, HP-UX ~10.0 and AIX ~4.14. For further information, contact John Batting, Security Dynamics on: +44 1734 795822.
Word macro viruses detected and eliminated Cheyenne’s InocuLAN 4.0 is among the first products to pass the NCSA’s new certification requirements, combining network management tools with a new artificial intelligencebased scanning engine. It can detect and cure, claims its manufacturers, virtually all known (and many unknown) viruses. These include Word Macro Viruses because of the
5
Network Security
product’s recently developed Macro Analyser. The product can automatically dial Cheyenne’s BBS, download software and virus signature updates, and distribute them to every server and workstation on the network. It can also unload itself from the server and then reload to take advantage of the latest updates. The ‘enforcement’ feature allows administrators to monitor InocuLAN’s use on the network. It can scan workstations to ensure the presence of a VxD, warning or logging out offenders. The product can also scan compressed files for viruses an important feature for Internet users as most files are downloaded from WWW and FTP sites in a compressed format. Other features include automatically generated customized alerts which can then be sent by E-mail, page, SNMP network broadcast, printed trouble ticket or automatically through the FAXserve. for further information, contact David Ball, Cheyenne Software on: +44 I737 775500.
REPORTS IDC annual survey reveals extent of insecurity Atoosa Savarnejad A survey of US companies has revealed that for a majority of companies, lack of security over the Internet is a very serious issue. While 89% of the companies polled said that they expected to implement strategies for using Internet technologies in intranets within the next 12 months, 54% said that they were worried
6
April 1996
about the lack of security of information exchanged over the Internet. The main worry in setting up intranets was the issue of keeping proprietary information confidential. ‘As companies use the Internet in their infrastructure, security becomes an issue”, said Gigi Wang, senior vice president at International Data Corporation in Framingham, Massachusetts, USA. Wang is in charge of writing the analysis of the survey which was partly conducted by IDC, Wang said that she was not surprised by the 54% figure because, although everybody polled was concerned about network security, much of the time, the worry could be overcome by the products out in the market, such as firewalls. “It’s right about what we expected both for Internet and intranet users”, Wang said. Security is always an issue, Wang said. But with security devices being built into servers and browsers, it is shifting focus and becoming more of a marketing issue rather than a technical issue. IDC, a research and marketing firm, in conjunction with Nehvork World magazine has conducted a survey of issues facing the top corporate networking world every year for the last four years. Issues include LANS, WANs, remote access servers, applications and security. ‘We wanted to take a snapshot of issues that were facing the networking world because they change every year”, Wang said. The annual telephone survey polled 500 US network users whose companies have
internetworked local area networks and wide area networks with annual expenditures of more than $5 billion and 1000 or more employees. A preview of the Network World 500 Internet study “Networking in the Cyber age” was released at the NetWorld+lnterop trade show earlier this month. The report will be out in May,
US company offers firewall challenge Atoosa Savarnejad All through May, a US company will give hackers a chance to test their brains, promising the first person to penetrate its firewall a USS 10 000 reward. Open from l-3 1 May, the $10 000 Firewall Challenge is an attempt by San Jose, California-based Network Engineering Technologies (NET) Inc. to assure the market of the impenetrability of its firewall product. “We believe nobody will be able to penetrate this because our security is very good”, said Chris Coley, vice president of engineering at NET. The problem with most firewalls today is that to add certain kinds of functions requires that a hole be punched into the firewall. But instead of punching holes through a firewall, NET uses technique called a multi-homing, which creates the illusion that the firewall is multiple machines. Each of the machines can be programmed to deal with a different host on the Internet. The competition is open globally to anyone except for
01996
Elsevier Science Ltd