[ISN] Security Tools, Specs Offer More Protection

From: jerichot_private
Date: Fri Apr 17 1998 - 01:41:16 PDT

  • Next message: jerichot_private: "[ISN] Re: Security Breaches Surge Over Past Two Years"

    Security Tools, Specs Offer More Protection
    (04/15/98; 4:14 p.m. ET)
    By Rutrell Yasin, InternetWeek
    
    Several recent developments could spell relief for security administrators
    seeking sophisticated, tightly integrated tools for protecting the
    enterprise. 
    
    The International Computer Security Association launched Monday TruSecure,
    a package of security assurance services to help Internet-connected
    organizations assess their vulnerabilities. TruSecure helps protect
    network perimeters from hacker or intruder penetration, said Pam Zemaitis,
    ICSA TruSecure program manager. 
    
    Meanwhile, RedCreek Communications said it will work with other network
    and security vendors to develop specifications for integrating enterprise
    security technologies and for off-loading computer-intensive security
    processes, such as encryption, from host processors. 
    
    RedCreek, a supplier of secure virtual private network hardware and
    software, will head up the new I20 Special Interest Group Security
    Services Working Group, said Cary Hayward, product marketing manager at
    RedCreek. The I20 SIG is a consortium of vendors working to define
    standard interfaces for high-performance intelligent input/output systems. 
    
    The TruSecure service was developed in response to data ICSA compiled in a
    survey of 200 Internet-connected organizations, including small
    businesses, Fortune 500 companies, and federal government agencies.
    According to the survey, 93 percent of the responding organizations had
    security flaws that left them open to malicious attacks -- even though
    they had working firewalls, Zemaitis said. 
    
    Using a variety of homegrown, commercial, and underground hacking tools,
    ICSA performs a "remote electronic assessment [of an organization's
    network connections] to make it more aware of what devices can be seen" by
    a potential hacker, Zemaitis said, adding that ICSA technicians can probe
    corporate Web servers, routers, and services such as File Transfer
    Protocol and Telnet. 
    
    A service such as TruSecure could protect ISPs from potential lawsuits if
    an intruder breaks into a customer's network, said Benjamin Wright, an
    attorney and author of The Law of Electronic Commerce. 
    
    If an ISP "didn't do a good job protecting your site, [it] could be
    liable,"  Wright said. 
    
    Many companies -- especially in the financial arena -- already have
    independent organizations doing risk assessment and vulnerability checks,
    Zemaitis said. 
    
    To achieve TruSecure Certification, ICSA clients must undergo a six-step
    process. The first step is the testing and analysis of vulnerabilities.
    Next, a methodology of best practices is implemented to bring the network
    and systems up to security standards. Then ICSA conducts an electronic
    performance review, on-site audits, ICSA perimeter certification, and
    periodic spot checks, Zemaitis said. 
    
    Available now, the TrueSecure service starts at $39,900 per year. 
    
    If RedCreek and its cohorts in the I20 Security Services Working Group are
    successful, vendors will soon be able to implement standard security
    services throughout an enterprise network -- including routers, firewalls,
    servers, and network computers, according to Hayward. 
    
    "We're going to develop an open framework in which people can integrate
    [other security architectures and application programming interfaces] such
    as the Common Data Security Architecture and Microsoft's Cryptographic
    API. We're developing specifications to make it easy, down the road, to
    develop products for security services," Hayward said. 
    
    The working group is close to wrapping up a preliminary draft of the
    specifications for review by I20 members, Hayward said. TW
    
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:50:48 PDT