CyberSecurity Institute

MXtreme 5.0 is specifically designed with increased performance to better protect an organization’s e-mail infrastructure against attacks that can bring down a corporate e-mail system in real time.

E-mail is business critical and time sensitive, so any delays in processing due to volume spikes or increasing volumes are unacceptable,” said Tim Leisman, CEO, “MXtreme 5.0 performance enhancements translate to significant added value because they can process increasing e-mail volumes without changing their current infrastructure.”

BorderWare has more closely integrated MXtreme into corporate directory services to improve its ability to provide real-time directory lookups. This allows any updates to the directory to be automatically recognized by MXtreme 5.0, removing the need to update disparate systems on a continuous basis.

Mxtreme 5.0 also adds Objectionable Content Filtering, an end user-manageable list that can be customized to meet the specific needs of any organization.

The rules can also be applied to both inbound and outbound messages in order to stop unwanted content from entering an organization and prohibiting sensitive information from leaving an organization.

Also included is the ability to customize the lists in accordance with specific compliance requirements such as HIPAA, Sarbanes Oxley and PIPEDA.

Finally, BorderWare has upgraded the administrator and user interfaces to be easier to use.

http://www.messagingpipeline.com/showArticle.jhtml?articleID=162100577

Juniper, which is expected to make the announcement at the Interop show in Las Vegas, will also outline a broad network security framework that it plans to fill out over the next few years.

The framework planned by Juniper gives IT managers a potential alternative to Cisco’s emerging Network Admission Control (NAC) technology and the Network Access Protection offering that Microsoft Corp. is developing.

Overall, the move to integrate security functions into the network layer is a good thing, said Hugh McArthur, director of information systems security at Online Resources Corp., a Chantilly, Va.-based online bill-processing firm. The security functions being delivered at the network layer also need to mature more before many users will feel confident enough to enable the automated responses to network threats and attacks that the technologies support, said Eric Beasley, senior network manager at Baker Hill Corp. in Carmel, Ind.

David Flynn, vice president of products for Juniper’s security tools and network-access routers, acknowledged that completely delivering on the Enterprise Infranet vision will be a multiyear process.

Another key difference is that Cisco is integrating the security into its networking equipment, while Juniper is offering its tools as an “overlay solution” designed to work with a mix of network gear, said Robert Whiteley, an analyst at Forrester Research Inc.

http://www.computerworld.com/networkingtopics/networking/story/0,10801,101450,00.html

“We made the decision that the things we were doing wouldn’t just be in Longhorn and that we needed to get them into the hands of the current installed base as well. IE 7 is down-level to [Windows] XP, even though somewhat of a superset of it is the browser in Longhorn,” said Microsoft Chairman and Chief Software Architect Bill Gates in an interview at WinHEC here last week.

In Longhorn, IE will run in its own protected space, thus isolating it from other parts of the operating system.

But even before Longhorn hits, Microsoft is adding several security enhancements to IE 7.0, which is due in beta this summer. The newest version of the browser will have technology to prevent cross-domain scripting, and the default mode will be one with a reduced privilege level to help prevent attackers from using IE as a stepping-off point for other attacks.

Version 7.0 may also include integration with Microsoft’s nascent anti-spyware technology, which is in beta.

“But, if you consider that IE is probably one of the most-used products and has the most access to untrusted systems on the Internet, it kind of makes some sense to almost have IE behave like a bastion host,” Robert said.

Matthew Patton, a network security engineer in Arlington, Va., said he does not believe Microsoft’s moves will be very effective. “Cross-domain scripting, for example, is a problem local to IE, and isolating IE from the operating system doesn’t change anything in that regard,” Patton said.

The Redmond, Wash., software maker is entering the third decade of Windows computing, which really became pervasive in its second decade with the release of Windows 95.

Virtualization is another key technology for Microsoft, and the company will be building that support into Windows, making sure the emulation is “very, very efficient,” Gates said. Microsoft must be careful that the VM does not become a security weakness through which an attacker could insert a VM under the operating system, negating Windows’ security protections, Gates said. “So the operating system will have to become enabled to be able to look down and have what’s called a chain of trust where it looks if it is a trustworthy [VM] running on trustworthy hardware.”

http://www.eweek.com/article2/0,1759,1791107,00.asp?kc=EWRSS03119TX1K0000594

While this capability exists in some products, the Trusted Network Connect (TNC) specification is the first attempt to define an open standard for it.

Some consortium members, including Funk Software, HP and iPass, will show how the specification works through software interoperability demonstrations over an HP ProCurve Switch-based LAN.

“Interoperability is important to minimize the ways we have to do this, which today requires custom development with anti-virus vendors and others,” says Barbara Nelson, director of advanced technology at iPass, which makes software called Endpoint Policy Management to check desktops for missing anti-virus and software patches. At this week’s demonstration, iPass plans to show how its desktop Endpoint Policy Management software can collect TNC-related information about anti-virus and patch updates on a desktop.

Paul Crandell, network security program manager at HP, says TCG will work to further develop the basic TNC architecture so that more-complex policy decisions associated with remediation can be enforced through network equipment.

Dan Ratner, director of product management at Meetinghouse, says the company expects to include TNC in its Aegis client and server authentication products by the fourth quarter.

http://www.networkworld.com/news/2005/050205-trusted-computing.html