Upload
brian-mckenna
View
214
Download
1
Embed Size (px)
Citation preview
ne
ws
5In
fosecu
rity Tod
ayN
ovember/D
ecember 2005
Juniper has announced the
availability of its 'Infranet
Controller' 4000 and 6000 ap-
pliances, and 'Infranet Agent'.
The company says these prod-
ucts use a combination of iden-
tity-based policy and endpoint
intelligence to give enterprises
real-time visibility and policy
control throughout a network.
The products compete with
Cisco's network admission con-
trol programme, and instantiate
a trend towards using originally
remote security technologies to
secure internal networks.
Peter Crowcombe, head of
corporate marketing, EMEA for
Juniper said:“the fundamental
difference in approach with the
Cisco NAC is that we are over-
laying security on any switch.
We’ve not taken an approach
which necessitates that you up-
grade your entire switch infra-
structure. Instead we have
dropped intelligence into the
network at strategic points.
"We’ve taken the security over-
lay on VPN that we pioneered
and generalized it to the net-
work.These days the inside/ out-
side network distinction has all
but disappeared.The concept of
trusted and untrusted networks
not completely superseded, of
course, but it is better to think of
protection for all devices no mat-
ter where they are connected”.
The Infranet Controller appli-
ance uses the policy and con-
trol engine from Juniper’s
Secure Access SSL VPN and the
security and performance from
Juniper’s firewall/VPN platform.
The Infranet Controller
makes role-based policy deci-
sions and provisions the
Infranet Agent, a software agent
that assesses the endpoint’s
compliance state both before
and during a session, and en-
forces policy on the client host.
These policy decisions are en-
forced on the family of the
Juniper Networks firewall/VPN
appliances running Juniper’s latest
ScreenOS 5.3 operating system,
designed to allow communication
with the Infranet Controller and
perform computationally inten-
sive security functions without
compromising throughput.
The firewall/VPN appliances
act as enforcement points for
policy decisions that are based
on user’s identity attributes and
the endpoint assessment. Native
Host Check and the Juniper
Endpoint Defense Initiative
(J.E.D.I.)-based checks provide
the host assessment.
The Infranet Agent can also
enforce network policy on the
client host.These client host
policies include firewall rules,
dynamically provisioned IPSec
policies and single sign-on in
Microsoft environments.The
policy options that work in
conjunction with Microsoft
Windows authentication and
IPSec services represent the
initial results of Juniper’s
work with Microsoft to
integrate user, application and
network policy enforcement.
This effort was announced last
year when Microsoft’s
Network Access Protection
(NAP) was introduced.
Juniper installs infranet controllerBrian McKenna
Espionage-linked silent exploits grow in threat potentialBrian McKenna
Ross Brown, recently appoint-
ed chief operating officer at
security research and vulnerabili-
ty management software firm,
eEye has confirmed that zero day
exploits are being increasingly
used in targeted attacks on large
western enterprises.
Brown came from Citrix two
months ago, tasked with with ex-
panding eEye’s global sales and
field operations and sharpening
its focus on the channel.At Citrix
he was VP of worldwide sales &
channel operations.
"The nature of vulnerability
management is shifting”, he
said,“from managing to patch
vulnerabilities against malware
to managing to policy.
"Also, the nature of the exploits
is changing.They are going from
high profile public exploits, that
are analogous to a vandal throw-
ing a brick through a glass win-
dow, to silent exploits,which are
very targeted,and where pre-
patch exploits are being used.The
perpetrators here are organized
crime and rogue governments.
And our research team is see-
ing a lot of corporate espionage
activity from China”.
Turning to his new role at eEye,
he said that the company is mov-
ing towards a 100% channel-cen-
tric model worldwide.The suppli-
er hopes Brown’s experience
with IBM and Citrix will parlay its
technology,such as Retina and
Blink,beyond existing large enter-
prise and government customers.
"We expect the $300m vul-
nerability management market
to double each year for the next
three years”, he said. Mr Browndescribed Macafee andSymantec’s VM offerings as “to-wards the commodity end ofthings”, and stated that Qualys’ssoftware as a subscription serv-ice did not allow channel part-ners to add value of their own.
"Security is an adjective not anoun. It’s the component of asolution, not a solution in andof itself”, he added.
Brown will be responsible forthe day-to-day operations of eEye,and reports to Firas Bushnaq,eEye’s co-founder and CEO.
UK data protection office says ID cards signal surveillance societySarah Hilley
The UK Information
Commissioner, Richard
Thomas, has said that the large
amount of personal information
that the UK Government plans
to collect for the ID card na-
tional register is “unwarranted
and intrusive”.
The office, which oversees
the Data Protection Act, also
said that after the UK govern-
ment has confirmed the identi-
ties of citizens with biometrics,
there is no need to then keep
all the information in a national
database.
In addition people should not
have to register another address
with the register when they
move home, the office said.
"If a person issued with a
card buys a second home this
cannot affect their identity,
which would already have been
verified and tied to a unique
biometric.The requirement to
register another address is ex-
cessive and irrelevant.”
An audit trail will likely be set
up to show which organization
checked the National Identity
Register and when.The
Information Commissioner is
worried that the register will
build “up a picture of an individ-
ual’s card use and a detailed pic-
ture of how they live their lives.”
A local card reader is sufficient
to verify identity and removes
the need for records to be kept
on a central database, it said.
Also, the combination of
CCTV cameras, satellite vehicle
tracking and automatic number
plate recognition combined with
ID cards could ead to the devel-
opment of a surveillance society.
The Commissioner is also
worried about its own powers
to check on data protection
compliance.
The Government has an-
nounced that companies will be
able to pay to access the Register,
but the Office has voiced con-
cern about the breadth of organi-
zations with such access.
2005_ND_News (Read Only) 15/11/2005 16:38 Page 5