CyberSecurity Institute

Available only to solution providers in McAfee’s SecurityAlliance partner program, the new Partner Security Service gives solution providers a more flexible contract under which to work and offers expanded upselling opportunities, the partners said.

Based on the latest McAfee Managed VirusScan technology, the new service is a revised take on McAfee’s VirusScan ASaP, which has long prompted complaints from partners.

Dave Roberts, McAfee’s senior vice president of channels for North America, described the new service as “ideal” for businesses with limited IT expertise or personnel. “This service enables our channel partners to become managed service providers,” he said.

The Partner Security Service features a Web-based policy configuration tool that enables solution providers to manage multiple customers, schedule on-demand security scans and push out new capabilities, Roberts said.

“This new service takes care of everything for them and makes us look like geniuses.”

http://www.informationweek.com/story/showArticle.jhtml;jsessionid=5CWAFMGITIQIIQSNDBCCKH0CJUMEKJVN?articleID=60405775

For more than a decade, the National Security Agency has worked on a way to use a computer’s operating-systems to control where software applications and their users can access data within IT environments. The agency succeeded years ago in creating such “mandatory access control” features for specialized operating systems, but very few users had the access or inclination to deploy them.

“Quality of (software) code is crucial to the security of this nation,” Dickie George, technical director of NSA’s Information Assurance Directorate, said Thursday at an SELinux symposium. George added that the directorate’s mission is to research and develop the technology and processes that industry can use to protect itself, and critical U.S. infrastructure, from cyberattacks.

Debian, Novell, and Red Hat, three major distributors of the Linux operating system, only have recently released their own packages built on version 2.6 that allow customers to take advantage of some SELinux features.

Red Hat’s mid-February release of Red Hat Enterprise Linux 4—based upon the SELinux-friendly version 2.6 kernel—is an attempt to marry high-level security features with the basic operating system, says Donald Fischer, senior product manager for Red Hat Enterprise Linux.

http://www.informationweek.com/story/showArticle.jhtml;jsessionid=5CWAFMGITIQIIQSNDBCCKH0CJUMEKJVN?articleID=60405086

Tristan Nitot, the president of Mozilla Europe, speaking at the Free and Open source Developers’ European Meeting (FOSDEM) in Brussels on Sunday, said that he knows “a few companies” that have deployed the Firefox browser or Thunderbird mail client across 100,000 seats.

Companies are often reluctant to publicise that they have migrated from Microsoft Internet Explorer or Outlook to the open source browser or email application, as they are concerned that this may damage their relationship with Microsoft, according to Nitot. “I know companies that are deploying Firefox or Thunderbird, but they aren’t talking about it as they don’t want to see an increase in their [Microsoft] Office licence price,” said Nitot.

In the past, senior Microsoft executives have tried to prevent high-profile migrations to desktop open source applications. In 2003 Steve Ballmer met the mayor of Munich to dissuade him from replacing Microsoft Windows and Office with Linux and OpenOffice.org, the open source operating system and productivity application.

“They start talking about it and suddenly Ballmer comes in and twists your arm until you cry.”

Although Nitot was unwilling to reveal the names of any companies that have deployed Firefox, he said the French government is seriously considering deploying the application. The French Ministry of Defence is spending ¬7m (£4.8m) to build its own secure version of Linux, while the French Ministry of Equipment has decided to migrate 1,500 Windows NT servers to Linux.

It is essential that Firefox makes inroads in the enterprise before Microsoft launches the next version of IE, according to Nitot.

Other important issues for companies are the availability of commercial support and the ability to lock down the application to restrict what employees can do.

http://www.zdnet.com.au/news/software/0,2000061733,39182987,00.htm

The company is combining identity and access management tools with its existing eTrust products. This “security management architecture”, as CA calls it, enables employees to keep a single identity when logging into different applications.

“CA is committed to providing security solutions that simplify security management across all platforms — mainframe and distributed,” said Toby Weiss, senior vice-president of eTrust security management at CA, in a press statement.

CA has not released full details of how it will integrate these tools into eTrust products, but said it would provide a “common security backbone” across all network technologies. The company claims eTrust will use open standards such as SAML, Kerberos and SAF to enable interoperability between different platforms, applications and security mechanisms. Currently only two CA products have the identity-tracking capability — eTrust CA-ACF2 r8 and eTrust CA-Top Secret Security r8, but the company said it would be integrated into all eTrust products in the future.

Compliance regulations, such as Sarbanes Oxley, mean that some companies have to be able to produce audit trails for all their employees or be liable for fines and imprisonment. CA said this was a reason for its move.

http://news.zdnet.co.uk/internet/security/0,39020375,39189762,00.htm