CyberSecurity Institute

In a world dominated by stricter requirements derived from the Sarbanes-Oxley Act and Homeland Security regulations that limit who can access data, there is a need for a different approach to identity rights management, said Ayman Hariri, president and CEO of Epok.

“The rise of Web services and the consequent breakdown of control has created a requirement for new levels of enterprisewide data control and security,” Hariri said. “Conversely, TDX 4.0 implemented in an SOA provides the highest levels of data controls, even as additional Web services are deployed across the organization.” Given the uniqueness of Epok’s approach, standards play a big role in making sure TDX interoperates on as many levels as possible, Hariri said.

Epok, a Bethesda, Md.-based startup, recently rolled out version 4.0 of Trusted Data Exchange (TDX), which it describes as a platform for managing user-access rights to specific sets of data. Support for Security Assertion Markup Language-based authentication and authorization, as well as support for LDAP 3.0, are also included in version 4.0, according to Epok.

TDX works by providing object labels around classes of data and then managing who has access to use those data objects across multiple applications. This allows IT organizations to limit access to very specific sets of data, rather than relying on user-based permission schemes that are limited to specific files and database tables. Proving that TDX can be deployed without creating undue network latency looks to be an early challenge for Epok, said John Freeman, principal of Mycroft, a New York-based VAR that has deployed secure, directory-enabled identity-management infrastructures for numerous Fortune 100 clients.

http://www.crn.com/showArticle.jhtml;jsessionid=GAKVCGKQFIDG2QSNDBNCKH0CJUMEKJVN?articleID=51000093

Michael O’Donnell, the director of transportation marketing at Metrowerks, said to ZDNet UK the company made changes to the Linux kernel, drivers and boot sequence to enhance its real-time capabilities, reduce power consumption and speed up boot time.

AGL is not available for public download, but a development kit based on the customised operating system can be downloaded free of charge from the Metrowerks Web site. “We haven’t posted AGL publicly as it won’t run without the development kit and it is custom built for only one piece of hardware. We are working with standards bodies, and are hoping to get the Linux community behind AGL, so that a standardised version can be released in the future,” he said.

The development kit, known as a Board Support Package (BSP), has been optimised for the Total5200 reference implementation — a development platform used by embedded developers to create prototypes of telematics systems.

“By 2010 we expect about 40 percent of new cars to be telematics enabled.”

http://uk.builder.com/programming/unix/0,39026612,39221173,00.htm

The acquisition is expected to close in the second quarter of Cisco’s fiscal year 2005, which ends in January.

Perfigo’s CleanMachines products focus on policy analysis, compliance and access enforcement for PCs. Its technology fits into Cisco’s Network Admission Control (NAC) program, a security architecture that combines virus scanning with network policing to keep attacks from entering the network in the first place. Specifically, CleanMachines is pre-packaged admission control software that recognises users, their devices and roles. It evaluates the security standing of individual PCs and scans for vulnerabilities. Finally, it enforces policy in the network.

Cisco said that CleanMachines has shown great customer appeal in the small to midsized business market and is widely used in educational institutions. “This acquisition further enhances Cisco’s Self Defending Network security strategy of building and deploying proactive and advanced security into the network infrastructure,” Richard Palmer, vice-president in Cisco’s security technology group, said in a statement.

Cisco has been pushing its NAC architecture since last year. In June, it completed the first phase of the launch by making its IP routers NAC-ready. It plans to add the capability to its Ethernet switches and virtual private network concentrators in 2005.

Earlier this week, Cisco announced it is working with Microsoft, which has proposed a competing end-to-end security architecture called Network Access Protection. The two companies have pledged to make their architectures interoperable.

Cisco began building the NAC architecture through an acquisition last year. In January 2003, Cisco announced it would buy Okena in order to provide technology for the “trusted agent,” which sits on users’ PCs and communicates with the Cisco policy server. Last month, it announced the acquisition of Dynamicsoft, a session initiation protocol software developer, and NetSolve, a network management start-up.

http://news.zdnet.co.uk/communications/networks/0,39020345,39171015,00.htm

The product takes aim at keyloggers, spyware and other malware that may be transparently installed while an unsuspecting user is downloading files.

Designed to run as a companion to the company’s Drive Vaccine product, Exe Vaccine is particularly useful for public-access environment computers such as those in schools, libraries, and public areas, Horizon Datasys said. Exe Vaccine is a monolithic kernel-mode driver that scans the system to detect all current executable files and places them on a write-protected list of allowed executables.

The Exe Vaccine control panel applet offers password access so that users cannot see the whitelist. There is no need for updates or definition files to keep the product current. The administrator can interrupt filtering from a control panel in order to install new software.

Once Exe Vaccine is installed and configured, it can be remotely installed on other computers in the network. It is compatible with Windows NT, 2000 and XP and with all anti-virus applications. The current version of Exe Vaccine is free to all users and comes with purchases of Drive Vaccine.

If Exe Vaccine is used separately, software support must be purchased to receive updated versions.

http://news.zdnet.com/2110-1009_22-5420891.html?part=rss&tag=feed&subj=zdnet