http://www8.zdnet.com/pcweek/stories/news/0,4153,380640,00.html By Jim Kerstetter and Scott Berinato, PC Week Online December 22, 1998 9:00 AM ET Sun Microsystems Inc. is taking security to the heart of its Solaris operating system. Over the next six months, Sun plans to augment Solaris with security capabilities including PKI (public-key infrastructure), IP Security-based virtual private networking and more tightly integrated firewalls. Sun (Nasdaq:SUNW) wants to make it easier for IT administrators to implement and manage security while pulling new technologies such as public-key encryption into the mainstream. The company is targeting the much-publicized security features slated for Microsoft Corp.'s (Nasdaq:MSFT) Windows 2000, which is expected by the middle of next year. Both companies, however, are taking a different tack from vendors such as Novell Inc. (Nasdaq:NOVL), which believes security features are best kept separate from the core operating system. Some IT managers would prefer to see security embedded directly into the operating system. "It's harder to get around security if it's part of the OS," said Marc Hollander, vice president of software development at MovieFone Inc., in New York. "If someone is trying to get in, this makes it harder to defeat the security." Embedded security also makes it easier for IT managers to implement security functions properly, said Dan Kusnetzky, an analyst at International Data Corp., in Framingham, Mass. "If security is part of your OS, you'll at least start thinking about formulating a security strategy," Kusnetzky said. "Now, many security breaches occur because some feature isn't turned on. Bringing features like PKI into the OS--suddenly they're not so mysterious." Sun will embed PKI support into Solaris by next summer via new AMI (Authentication Management Infrastructure) technology, making such a complex, digital certificate-based authentication system considerably easier to roll out and manage. Users will be able to generate public keys from AMI, which will also be sold as a stand-alone package, said Walt O'Malley, a group marketing manager for Sun's Solaris division, in Santa Clara, Calif. Using Solaris' Lightweight Directory Access Protocol support, an administrator can still tie in PKI capabilities from third-party vendors. The Solaris PKI will also support smart cards for authentication. Sun also will support in Solaris the IPSec specification for VPNs (virtual private networks). IPSec has been a touchy subject for Sun, which initially refused to support the protocol's IKE (Internet Key Exchange) method for exchanging encryption keys. Sun had a competing protocol called SKIP (Simple Key management for Internet Protocols) that it claimed performed faster than IKE. SKIPing with IPSec Sun's planned support for the complete IPSec specification for VPNs is a dramatic turnaround, considering that Sun: * Released its SKIP specification nearly three years ago * Embedded SKIP in Solaris in 1996 * Submitted SKIP to the Internet Engineering Task Force for standard consideration in 1996 but lost to Internet Security Association Key Management Protocol/Oakley, now called IKE * Initially refused to adopt IKE and in February launched a campaign to market SKIP over IKE But Sun has changed its tune, enabling Solaris to support both SKIP and IKE. This will allow companies to use SKIP while keeping the door open to IPSec interoperability, said Stephen Borcich, Sun's director of product development. For firewall support within Solaris, Sun is planning a major overhaul of its SPF-200 and EFS (Encryption Firewall Server) SunScreen firewalls. Version 3.0 of the products, due next summer, will be more tightly integrated with Solaris and with each other, Borcich said. Sun plans to sell Solaris with both SPF-200 and EFS; users will have the option of running SPF-200 on a dedicated server or with Solaris and EFS, which offers much better performance. "A lot of companies have remote sites that could be running firewalls or setting up a VPN to send data back to the main office if they had it right there on the OS," Sun's O'Malley said. The stealth features of SPF-200 also improve Solaris' security; the product doesn't have its own IP address, which makes it hard for hackers to locate the server on which it's running. SPF-200 also inspects IP packets as they come through the firewall, a process similar to the stateful inspection technology of Check Point Software Technologies Ltd.'s Firewall-1. Sun will add new failover capabilities so that if one firewall crashes, the other takes over. Sun will also provide a central management application for firewall farms at major companies, O'Malley said. All these security features, to be released in Solaris 7.x over the coming year, will match the security features Microsoft is building into Windows 2000. For nearly a year, Microsoft officials have been evangelizing Windows 2000's security benefits, including PKI and IPSec support and smart-card integration. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:31 PDT