Once connected to the Internet, an individual or organization undertakes a degree of risk from computer viruses, malicious Java or Active-X, and more. Tools that perform active content monitoring examine material entering a computer/network for potentially damaging content, cross-referencing what they scan with continuously updated definition libraries. The impacts of allowing malicious content to enter a network unchallenged can vary from suffering mild annoyances to extended network downtime and loss of stored material.

  • SuperScout - SurfControl, Inc.
  • SurfControl Content Filtering SDK - SurfControl, Inc.
  • Cyber Patrol for Education - SurfControl, Inc.
  • NetSecure Mail - NetSecure Software
  • WebShield for Nokia Appliance - Nokia
  • Surfingate - Finjan Software
  • ConsoleServer 3200 - Lightwave Communications
  • Pelican SafeTnet - Pelican Security
  • Sendmail Secure Switch - Sendmail, Inc.
  • Trend InterScan VirusWall - Trend Micro
  • Command AntiVirus Software - Command Software Systems

Intrusion Detection

Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network.

Intrusion detection functions include:

  • Monitoring and analyzing both user and system activities
  • Analyzing system configurations and vulnerabilities
  • Assessing system and file integrity
  • Ability to recognize patterns typical of attacks
  • Analysis of abnormal activity patterns
  • Tracking user policy violations

Typically, an ID system follows a two-step process. The first procedures are host-based and are considered the passive component, these include: inspection of the system's configuration files to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations. The second procedures are network-based and are considered the active component: mechanisms are set in place to reenact known methods of attack and to record system responses.

Host Based ID - Some of the Tools

  • Tripwire Software - Tripwire, Inc.
  • Harvester - farm9.com
  • CyberWALLPlus - Network-1 Security Solutions
  • Intruder Alert - AXENT Technologies / Symantec Corporation
  • Entercept - Entercept Security Technologies
  • PentaSafe VigilEnt Security Agents (NT, Linux, UNIX, IBM, AS/400, Apache) - PentaSafe
  • RealSecure - Internet Security Systems (ISS)
  • Centrax - CyberSafe
  • NFR Intrusion Detection Appliance - Network Flight Recorder (NFR)
  • Security Manager - NetIQ
  • Mantrap - Recourse Technologies

Network Based ID - Some of the Tools

  • RealSecure - Internet Security Systems (ISS)
  • RealSecure for Nokia - Nokia
  • SecureNet Pro - Intrusion.com
  • Harvester - farm9.com
  • NetProwler - AXENT Technologies
  • Dragon IDS - Network Security Wizards
  • Shadow - The SANS Institute
  • Network Flight Recorder - Network Flight Recorder (NFR)
  • Anzen Flight Jacket for NFR - Anzen Computing
  • OpenView Node Sentry - Hewlett Packard
  • Cisco Secure Intrusion Detection System - Cisco Systems
  • Centrax - CyberSafe
  • Manhunt - Recourse Technologies
  • Private I - Open Systems

Firewalls

A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.

Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.

Some of the Tools:

  • CyberWALLPlus - Network-1 Security Solutions
  • Raptor Firewall with Power VPN - AXENT Technologies
  • Personal Ravlin II - RedCreek Communications
  • Norman Personal Firewall - Norman Data Defense Systems, Inc.
  • FireWall-1 - Checkpoint
  • Nokia Firewall / VPN Appliance - Nokia
  • BorderWare Firewall Server & Office Gateway - Borderware
  • RADGUARD - RADGUARD
  • Sidewinder - Secure Computing
  • AltaVista Firewall - Compaq
  • Sunscreen - Sun Microsystems
  • Lucent Managed Firewall - Lucent Technologies
  • WatchGuard LiveSecurity Systems - WatchGuard Technologies
  • BlackICE Defender - NetworkICE
  • Cisco Secure PIX Firewall - Cisco Systems
  • Praesidium eFirewall - Hewlett Packard
  • Cyber Armor, Enterprise-Class Personal Firewall - InfoExpress
  • Tiny Personal Firewall - TinySoftware
  • ZoneAlarm - Zone Labs
Authentication

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten. Tokens in this category offer more stringent forms of authentication so that users need to both have something (the token) and know something (the PIN or password) to gain access.

Some of the tools:

  • SnareWorks SecureServer - VASCO
  • Digipass - VASCO
  • SnareWorks/SnareWorks Web - VASCO
  • Defender - AXENT Technologies/ Symantec Corporation
  • NetSecure Certifikey - NetSecure Software
  • Symark PowerPassword - Symark Software
  • Symark PowerBroker - Symark Software
  • The Assure Family - Entegrity Solutions
  • NetCrusader - Gradient Technologies
  • RSA SecurID - RSA Security
  • PrivateCard - Cylink
  • Sendmail Single Switch - Sendmail, Inc.
  • Syntax Enterprise Services - Syntax
  • Defensor - CyberSafe

Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth). Assuming that someone has logon to a computer operating system or application, the system or application may want to identify what resources the user can be given during this session. Thus, authorization is sometimes seen as both the preliminary setting up of permissions by a system administrator and the actual checking of the permission values that have been set up when a user is getting access.

Some of the Tools:

  • SnareWorks - VASCO
  • SnareWorks Web - VASCO
  • SiteMinder - Netegrity
  • SecureWay Policy Director - Tivoli
  • Conclave / Red I-Policy RedCreek Communications
  • ClearTrust SecureControl - Securant Technologies
  • DomainGuard - Hewlett Packard
  • Authentor - Sentry Systems
  • GetAccess - enCommerce
  • MultiSecure Web Access Control - Ubizen
  • Elara Suite - Transindigo

In any client/server relationship, single signon is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The single signon, which is requested at the initiation of the session, authenticates the user to access all the applications they have been given the rights to on the server, and eliminates future authentication prompts when the user switches applications during that particular session.

In e-commerce, the single signon (sometimes referred to as SSO) is designed to centralize consumer financial information on one server - not only for the consumer's convenience, but also to offer increased security by limiting the number of times the consumer enters credit card numbers or other sensitive information used in billing. Microsoft's "Passport" single signon service (averaging over 40 million consumers and more than 400 authentication's per second) is an example of a growing trend towards the use of Web-based single signons that allow users to register financial information once, shop at multiple Web sites, and feel more confident about security on the Web

Some of the Tools:

  • SnareWorks/SnareWorks Web - VASCO
  • Red I-Access - RedCreek Communications
  • Norman Access Control - Norman Data Defense Systems, Inc.
  • v-GO Single Sign On - Passlogix, Inc.
  • Secure Single Sign-On - Systor Security Solutions
  • TrustBroker - CyberSafe
  • Global SignOn - IBM
  • Focal Point - Okiok Data
PKI

Internet business and many other transactions require a more stringent authentication process. The use of digital certificate issued and verified by a Certificate Authority as part of a public key infrastructure is considered likely to become the standard way to perform authentication on the Internet. Logically, authentication precedes authorization (although they may often seem to be combined).

A CA (certificate authority) is an authority in a network that issues and manages security credentials and public key for message encryption. As part of a public key infrastructure, a CA checks with a registration authority to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can then issue a certificate.

Depending on the public key infrastructure implementation, the certificate includes the owner's public key, the expiration date of the certificate, the owner's name, and other information about the public key owner.

A number of products are offered that enable a company or group of companies to implement a PKI. The acceleration of e-commerce and business-to-business commerce over the Internet has increased the demand for PKI solutions. Among PKI leaders are:

  • RSA, which has developed the main algorithms used by PKI vendors
  • Verisign, which acts as a certificate authority and sells software that allows a company to create its own certificate authorities
  • GTE CyberTrust, which provides a PKI implementation methodology and consultation service that it plans to vend to other companies for a fixed price
  • Check Point, which offers a product, VPN-1 Certificate Manager, that is based on the Netscape Directory Server
  • Xcert, whose Web Sentry product that checks the revocation status of certificates on a server, using the Online Certificate Status Protocol (OCSP)
  • Netscape, whose Directory Server product is said to support 50 million objects and process 5,000 queries a second; Secure E-Commerce, which allows a company or extranet manager to manage digital certificates; and Meta-Directory, which can connect all corporate directories into a single directory for security management

 

Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security. Authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are at variance, authentication fails and network access is denied.

Following authentication, a user must gain authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication. Once you have authenticated a user, they may be authorized for different types of access or activity. The final plank in the AAA framework is accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities.

Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).

VPN

A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The idea of the VPN is to give the company the same capabilities at much lower cost by using the shared public infrastructure rather than a private one. Phone companies have provided secure shared resources for voice messages. A virtual private network makes it possible to have the same secure sharing of public resources for data. Companies today are looking at using a private virtual network for both extranet and wide-area intranet.

Some of the Tools:

  • Raptor Firewall with Power VPN - AXENT Technologies / Symantec Corporation
  • Ravlin VPN Gateways - RedCreek Communications
  • Norman Security Server - Norman Data Defense Systems, Inc.
  • Nokia VPN IP Clustering - Nokia
  • Nokia Firewall/ VPN Appliance - Nokia
  • Handheld VPN Client - Certicom
  • Everlink Suite - Anyware Technology
  • SmartGate VPN - V-One
  • PPTP-RAS - Microsoft
  • NetScreen 1000 - NetScreen
  • F-Secure VPN+ - Data Fellows
  • Cisco Secure Integrated VPN - Hewlett Packard
  • Defensor - CyberSafe
  • PrivateWire - Cylink
  • VTCP/Secure - InfoExpress

Web application security is the protection of your Web application and its resources from threats coming from the Internet, such as stealing company assets, falsifying buy/sell transactions, getting private customer data and defacing the site. This is done by detecting and/or preventing the hacking techniques applicable to this domain, i.e., those which can be performed in the presence of firewalls and encryption.

Some of the Tools:

  • Entercept - Entercept Security Technologies
  • AppShield - Sanctum, Inc.
  • AppScan - Sanctum, Inc.
  • CONTROL-SA - BMC Software
  • Foundstone

These tools offer web services in environments that have been engineered to minimize the number of security holes.

  • CyberWALLPlus - Network-1 Security Solutions
  • VigilEnt Security Agent for Web Servers - PentaSafe
  • Webthority - AXENT Technologies / Symantec Corporation
  • Entercept - Entercept Security Technologies
  • NetSecure Web - NetSecure Software
  • NetSecure Sign - NetSecure Software
  • SnareWorks Web - VASCO
  • Document Gateway & Mail Gateway - Borderware

Network Based - Vulnerability Scanners

Software that simulates the behavior of attackers to learn which of as many as 800 possible weaknesses are present on the system being tested.

Some of the Tools:

  • Thresher - farm9.com
  • NetRecon - AXENT Technologies / Symantec Corporation
  • BV-Control for Internet Security - BindView
  • Internet Scanner - Internet Security Systems (ISS)
  • SATAN - Wietse Venema & Dan Farmer
  • NetSonar - Cisco Systems
  • Nmap - Fyodor
  • Nessus - Renaud Deraison & Jordan Hrycaj
  • SAINT - Worldwide Digital Solutions

Host Based - Vulnerability Scanners

These tools check the settings on our systems to determine whether they are consistent with corporate security policies. They are often used by auditors

Some of the Tools:

  • VigilEnt Security Agents (for WinNT/2K, UNIX, IBM, AS/400, NetWare or Databases) - PentaSafe
  • BV-Control for Windows 2000 for Active Directory, Novell Netware & NDS - BindView
  • Norman Virus Control - Norman Data Defense Systems, Inc.
  • System Scanner - Internet Security Systems (ISS)
  • Database Scanner - Internet Security Systems (ISS)
  • SecurityAnalyst - Intrusion.com
  • SFProtect Enterprise Edition - Agilent Technologies
  • Security Configuration Manager - Microsoft
  • COPS 1.04+ - Dan Farmer
  • Security Manager - NetIQ

 

CopyRight 2003-2004 Net ProActive Services . All Rights Reserved