|< Day Day Up >|| |
Although several standardization initiatives in the area of authentication have already been launched by standards bodies and industry forums at national, regional and international levels, it was ascertained that they lacked the necessary consistency and coherence for validity and cross- recognition. To remedy this, the European ICT Standards Board, with the support of the European Commission, has launched an initiative bringing together industry and public authorities, experts and other market players: the European Electronic Signature Standardization Initiative (EESSI).
EESSI seeks to identify under a common approach the needs for standardization activities in support of the Directive’s requirements, and to monitor the implementation of the work program by ensuring that three main principles were adhered to:
effective involvement of all parties concerned with the broad subject area of electronic signatures;
openness and transparency of the mechanisms used and of the initiatives taken;
encouragement of global, internationally accepted solutions while avoiding duplication of work
The Data Encryption Standard (DES) has a new replacement called the Advanced Encryption Standard (AES), which is theoretically more secure. Additionally, in the United States, the National Institutes of Science and Technology (NIST) (www.nist.gov) and the National Security Agency (NSA) (www.nsa.gov) have also worked with industry to establish five Certified Cryptographic Testing Laboratories (CCTLs) (http:// www.nsa.gov/isso/bao/cpep.htm) that will test industry computer security solutions and issue U.S. Government (USG) specified security-level certifications.
New security techniques to protect the corporate network provide organizations additional layers of security (above and beyond firewalls and encryption), providing better overall security. This is especially true when they are optimized for a particular application, such as integrity of the Web servers, and treated as incremental solutions, not replacements to traditional network security measures. These innovative network security solutions include honey pots or decoys, air gaps, exit controls, self-healing tools and denial-of-service defenses.
Honey-pots are decoy services that can divert attacks from production systems and let security administrators study or understand what is happening on the network. For example, Mantrap, from Recourse, is an industrial-strength honey-pot deployed next to data servers to deflect internal attacks, and located off the firewall in the demilitarized zone (DMZ) to deflect external threats. Factors that impact its success are quality, naming scheme, placement and security policy.
The processes that an organization should have in place in order to ensure that transactions such as wire transfers, electronic investments, etc., proceed securely is to deploy honey-pots in quantities equal to or greater than that of the production system. Honey-pots can get expensive which is why companies must choose the critical servers they want to protect.
Air gap technology provides a physical gap between trusted and untrusted networks, creating an isolated path for moving files between an external server and a company’s internal network and systems. Vendors include RVT Technologies, Spearhead Technology and Whale Communications.
Self-healing tools are security and vulnerability assessment tools that can detect and fix weaknesses in an organization’s systems before problems occur. For example, Retina 3.0 from eEye scans the range of IP addresses provided by the network administrator for vulnerabilities, software flaws and policy problems, reports it and can repair the vulnerability locally or remotely.
Denial-of-service (DoS) attacks make computer systems inaccessible by exploiting software bugs or overloading servers or networks so that legitimate users can no longer access those resources. Vendors include Arbor Networks, of Waltham, Massachusetts; Mazu Networks, of Cambridge, Massachusetts; and Asta Networks in Seattle, Washington. For instance, Mazu Networks’ solution to distributed DoS attacks works via intelligent traffic analysis and filtering across the network. A packet sniffer or packet analyzer acts as a monitoring device to evaluate packets on the network at speeds up to 1 G bit/second and determines which traffic needs to be filtered out.
|< Day Day Up >|| |