Category: Product

For more than a decade, the National Security Agency has worked on a way to use a computer’s operating-systems to control where software applications and their users can access data within IT environments. The agency succeeded years ago in creating such “mandatory access control” features for specialized operating systems, but very few users had the access or inclination to deploy them.

“Quality of (software) code is crucial to the security of this nation,” Dickie George, technical director of NSA’s Information Assurance Directorate, said Thursday at an SELinux symposium. George added that the directorate’s mission is to research and develop the technology and processes that industry can use to protect itself, and critical U.S. infrastructure, from cyberattacks.

Debian, Novell, and Red Hat, three major distributors of the Linux operating system, only have recently released their own packages built on version 2.6 that allow customers to take advantage of some SELinux features.

Red Hat’s mid-February release of Red Hat Enterprise Linux 4—based upon the SELinux-friendly version 2.6 kernel—is an attempt to marry high-level security features with the basic operating system, says Donald Fischer, senior product manager for Red Hat Enterprise Linux.

http://www.informationweek.com/story/showArticle.jhtml;jsessionid=5CWAFMGITIQIIQSNDBCCKH0CJUMEKJVN?articleID=60405086

The company is combining identity and access management tools with its existing eTrust products. This “security management architecture”, as CA calls it, enables employees to keep a single identity when logging into different applications.

“CA is committed to providing security solutions that simplify security management across all platforms — mainframe and distributed,” said Toby Weiss, senior vice-president of eTrust security management at CA, in a press statement.

CA has not released full details of how it will integrate these tools into eTrust products, but said it would provide a “common security backbone” across all network technologies. The company claims eTrust will use open standards such as SAML, Kerberos and SAF to enable interoperability between different platforms, applications and security mechanisms. Currently only two CA products have the identity-tracking capability — eTrust CA-ACF2 r8 and eTrust CA-Top Secret Security r8, but the company said it would be integrated into all eTrust products in the future.

Compliance regulations, such as Sarbanes Oxley, mean that some companies have to be able to produce audit trails for all their employees or be liable for fines and imprisonment. CA said this was a reason for its move.

http://news.zdnet.co.uk/internet/security/0,39020375,39189762,00.htm

Tristan Nitot, the president of Mozilla Europe, speaking at the Free and Open source Developers’ European Meeting (FOSDEM) in Brussels on Sunday, said that he knows “a few companies” that have deployed the Firefox browser or Thunderbird mail client across 100,000 seats.

Companies are often reluctant to publicise that they have migrated from Microsoft Internet Explorer or Outlook to the open source browser or email application, as they are concerned that this may damage their relationship with Microsoft, according to Nitot. “I know companies that are deploying Firefox or Thunderbird, but they aren’t talking about it as they don’t want to see an increase in their [Microsoft] Office licence price,” said Nitot.

In the past, senior Microsoft executives have tried to prevent high-profile migrations to desktop open source applications. In 2003 Steve Ballmer met the mayor of Munich to dissuade him from replacing Microsoft Windows and Office with Linux and OpenOffice.org, the open source operating system and productivity application.

“They start talking about it and suddenly Ballmer comes in and twists your arm until you cry.”

Although Nitot was unwilling to reveal the names of any companies that have deployed Firefox, he said the French government is seriously considering deploying the application. The French Ministry of Defence is spending ¬7m (£4.8m) to build its own secure version of Linux, while the French Ministry of Equipment has decided to migrate 1,500 Windows NT servers to Linux.

It is essential that Firefox makes inroads in the enterprise before Microsoft launches the next version of IE, according to Nitot.

Other important issues for companies are the availability of commercial support and the ability to lock down the application to restrict what employees can do.

http://www.zdnet.com.au/news/software/0,2000061733,39182987,00.htm

In mid-February, chairman Bill Gates promised a new version of IE before Longhorn ships, and said the new browser — which will concentrate on delivering additional security against such threats as phishing — would roll into beta this summer.

At that time, only Windows XP SP2 was mentioned as a supported OS.

According to the posting on the blog, IE 7 will also work on the 64-bit edition of XP (with the long title of “Windows XP Professional x64 Edition”) and the upcoming Windows Server 2003 Service Pack 1 (SP1).

About Windows 2000 support, Microsoft hasn’t budged from its previous position. “We have heard the requests for support of Windows 2000, but have nothing to announce at this time.”

On a related subject, the blog also made clear that a new version of Outlook Express, Microsoft’s for-free basic e-mail client, would not appear with IE7.

http://www.securitypipeline.com/news/60404527

The new open-standards framework, dubbed the eTrust Security Management Architecture, will be incorporated into channel-friendly toolkits from CA later this year, said to Bilhar Mann, vice president of product management for identity and access management.

Down the road, CA will extend this security backbone to all of its identity and access management products, Mann said.

By featuring a common security backbone that leverages open standards such as WS-Security, SAML, SPML, ISO-10181, Kerberos, X.509 and SAF, the new architecture enables interoperability between diverse platforms and security mechanisms. The new framework also will provide “intelligent decision processing,” a feature that enables security policies based on point of entry and other variables that may impact the attributes of a specific transaction, as well as “true accountability,” which ensures that a user’s identity is not lost in a transaction by delivering identity mapping across platform boundaries.

This latter technology, spawned from the nascent log management industry, delivers a complete audit of an identity or access transaction as it moves throughout an organization, and enables solution providers to help customers enforce platform-independent security policies.

http://www.crn.com/showArticle.jhtml?articleID=60404405&flatPage=true

Cisco officials declined to comment on unannounced products, but, according to sources, the module will come in a version that supports 802.11a/b/g and in a version that supports 802.11b/g only.

The module and its antennas will be sold separately as an upgrade or as a factory install for Cisco’s 18xx, 28xx and 38xx router lines.”We would be very excited to use wireless modules in routers and switches, especially at our branch offices,” said Todd Dierksheide, senior network engineer at Sovereign Bank, a Cisco customer in Reading, Pa.

“It would be easier to support than the current system of individual access points and should save money in maintenance.”The module lends credence to Cisco’s previously stated wireless plans for its Ethernet boxes.

In May, Cisco announced the Wireless LAN Services Module, code-named Screaming Eagle. WLSM is a Wi-Fi blade for the company’s Catalyst 6500 switches, and it competes with Wi-Fi switches from several startups. At the time of the WLSM launch, officials said additional modules for other switches would be forthcoming.But some factors had industry observers doubting Screaming Eagle would fly: Cisco’s lack of new announcements, its recent declaration of intent to acquire WLAN switch startup Airespace Inc., and the subsequent announcement that wireless networking business unit leader Bill Rossi will start a six-month leave of absence from Cisco in early March.Cisco announced in early February that Dave Leonard, vice president of engineering at Cisco, will take Rossi’s place.

But sources close to Airespace and Cisco said that Airespace CEO Brett Galloway will be sharing the post with Leonard once the acquisition is completed by early April.Cisco, before deciding to buy the company, was losing some major accounts to Airespace, which offers superior management software, according to experts, and a ground-up wireless switch that manages thin access points from a central point.Meanwhile, Cisco officials insist the Screaming Eagle strategy has never waned.

“It’s been our strategy from the beginning to integrate wireless into our wired infrastructure,” said Ann Sun, senior manager of wireless and mobility at Cisco. “We remain committed to introducing similar functionality on additional platforms.”Sources close to the company said Cisco will follow the router modules with modules that give wireless capability to Cisco’s low-end switches.Analysts say that despite the success of startups such as Airespace and its main competitor, Aruba Wireless Networks Inc., there is a definite place for Cisco’s module strategy – especially in branch offices that need a WAN connection.

“Branch offices with more than five employees and midsize enterprises will require a WAN port that can support a T-1/T-3 or E-1/E-3 connection,” said Rachna Ahlawat, an analyst at Gartner Inc., also in San Jose. “None of the wireless LAN [switch] vendors have a [T- or E-carrier] WAN port in their box today. Some vendors have introduced [small office/home office] routers with a DSL or cable as a WAN port, but this is not enough for branch offices.”