Next message: jericho�t_private: "[ISN] Re: Security Breaches Surge Over Past Two Years"
Security Tools, Specs Offer More Protection
(04/15/98; 4:14 p.m. ET)
By Rutrell Yasin, InternetWeek
Several recent developments could spell relief for security administrators
seeking sophisticated, tightly integrated tools for protecting the
enterprise.
The International Computer Security Association launched Monday TruSecure,
a package of security assurance services to help Internet-connected
organizations assess their vulnerabilities. TruSecure helps protect
network perimeters from hacker or intruder penetration, said Pam Zemaitis,
ICSA TruSecure program manager.
Meanwhile, RedCreek Communications said it will work with other network
and security vendors to develop specifications for integrating enterprise
security technologies and for off-loading computer-intensive security
processes, such as encryption, from host processors.
RedCreek, a supplier of secure virtual private network hardware and
software, will head up the new I20 Special Interest Group Security
Services Working Group, said Cary Hayward, product marketing manager at
RedCreek. The I20 SIG is a consortium of vendors working to define
standard interfaces for high-performance intelligent input/output systems.
The TruSecure service was developed in response to data ICSA compiled in a
survey of 200 Internet-connected organizations, including small
businesses, Fortune 500 companies, and federal government agencies.
According to the survey, 93 percent of the responding organizations had
security flaws that left them open to malicious attacks -- even though
they had working firewalls, Zemaitis said.
Using a variety of homegrown, commercial, and underground hacking tools,
ICSA performs a "remote electronic assessment [of an organization's
network connections] to make it more aware of what devices can be seen" by
a potential hacker, Zemaitis said, adding that ICSA technicians can probe
corporate Web servers, routers, and services such as File Transfer
Protocol and Telnet.
A service such as TruSecure could protect ISPs from potential lawsuits if
an intruder breaks into a customer's network, said Benjamin Wright, an
attorney and author of The Law of Electronic Commerce.
If an ISP "didn't do a good job protecting your site, [it] could be
liable," Wright said.
Many companies -- especially in the financial arena -- already have
independent organizations doing risk assessment and vulnerability checks,
Zemaitis said.
To achieve TruSecure Certification, ICSA clients must undergo a six-step
process. The first step is the testing and analysis of vulnerabilities.
Next, a methodology of best practices is implemented to bring the network
and systems up to security standards. Then ICSA conducts an electronic
performance review, on-site audits, ICSA perimeter certification, and
periodic spot checks, Zemaitis said.
Available now, the TrueSecure service starts at $39,900 per year.
If RedCreek and its cohorts in the I20 Security Services Working Group are
successful, vendors will soon be able to implement standard security
services throughout an enterprise network -- including routers, firewalls,
servers, and network computers, according to Hayward.
"We're going to develop an open framework in which people can integrate
[other security architectures and application programming interfaces] such
as the Common Data Security Architecture and Microsoft's Cryptographic
API. We're developing specifications to make it easy, down the road, to
develop products for security services," Hayward said.
The working group is close to wrapping up a preliminary draft of the
specifications for review by I20 members, Hayward said. TW
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 12:50:48 PDT