Upload
ben-mcclure
View
213
Download
1
Embed Size (px)
Citation preview
Computers & Security, Vol. 77, No. 3
new applet or control as it is encountered. Network Computing, 15 April 1998, pp. 42-44.
PGP grows up, Dan Backman. PGP is now on its way to becoming an IETF standard, known as OpenPGE?
PGP is setting its sights on becoming an enterprise
security solution, but is it mature enough to take on
the responsibility of mission-critical messaging? The
conclusion of recent laboratory evaluations of the lat-
est release from Network Associates - the PGP
Desktop Suite - is that it incorporates strong features
of the enterprise, but it lacks effective certificate revo-
cation and places too much burden of certificate man- agement on the user. While PGP does add some
automation (like automatically searching for recipi-
ents’ certificates via LDAP when encrypting a mes-
sage) certificate management should be more trans-
parent. Also, there is no reason for implementing an
entirely new and separate PKI for secure messaging when an accepted one is already available. PGP also
suffers from various irritating incompatibilities, pri-
marily from its plug-ins to host E-mail clients. Network Associates delivers a well integrated PGP
solution. Unfortunately, PGP is not quite ready for
general enterprise use. Until its is finalized as an IETF
standard, PGP should be treated as a proprietary tech-
nology. Network Computing, 15 April 1998, pp. 54- 64.
Managers keep an eye on security, Anita Kurvk. Network managers appear to be very tolerant. Not
only do they evaluate, purchase, set-up and install net-
work components, but they deal with security as well.
The latest study from Zona Research, undertaken
with the Computer Security Institute, sheds light on
how network managers are coping. Managers are expected to provide access to information from inside
and outside the network; they are also being told to tighten the reins on information for fear of security
breaches. 58% of the survey’s respondents said they
expect their security budgets to increase in 1998, sig- nalling that the subject is considered significant. Two-
thirds of respondents said that their network informa-
tion is centrally managed, most likely indicating that
companies are interested in keeping tight control of data. The most popular security already in place is
anti-virus software, followed by access control, physi- cal security and firewalls. Low on this list were digital
signatures, single sign-on and biometrics. However, high on network managers’ purchase list for the 1998
are encryption, firewalls, and single sign-on. Network Magazine, March 1998, p. 22.
Kicking firewall tires, Char Sample. How do you
choose which firewall is best for your network?
Firewall selection depends largely on security policy.
The looser security policy is, the fewer controls are
needed on the firewall; likewise, a very tight security policy will require tighter controls on the firewall.An
inverse relationship exists between firewall throughput
and firewall security. Regardless of the technology, each of the commercial firewalls supports many of the
same features. The difference is in how these features
are implemented.The underlying firewall technologies
are packet filtering, state&l inspection and proxying.
Packet filtering examines the details of incoming IP
packets, and then, using established criteria, either
accepts or drops them.While packet filters look at the criteria in the packet header, state&l inspection exam-
ines sessions occurring between the client and the
server, intercepting packets at the network layer. Two
stateful inspection products receiving a lot of atten-
tion are Checkpoint Software’s Firewall-l and Cisco’s PIX. In direct contrast to filtering/ inspection tech-
nologies are proxying technologies. As the name
implies, proxy-based firewalls typically secure TCP connections by using an intermediary that accepts and creates the connection on behalf of the client. Trusted
Information System’s (TIS) Gauntlet Internet
Firewall, Raptor’s Eagle and Secure Computing’s
Sidewinder utilize the same proxying technology, but
differ in terns of OS and support and ease-of-use. They also differ with respect to vendor issues -
where vendor reputation and experience are relevant.
Finally there is the matter of interoperability. At the moment, firewalls do not work well with one anoth-
er, however there has been a movement toward inter-
operability with Virtual Private Networks and IPSec (IP Security) compliance. Network Magazine, March 1998, pp. 56- 60.
Forensic computing helps firms track high-tech fraud, Shailagh Murray. Rising computer crime and the dificulty in tracking it down have led to a boom
in the business of forensic computing. Firms are main-
223