Features Category

Loading...

encryptionnetwork protectiondata breach

Cloud Security for SMBs: Data Protection from Threats and Breaches

About half of all small businesses use cloud-based hosting and infrastructure. Small- and Medium-Sized Businesses (SMBs) work with cloud security frameworks since the enterprise-grade technology is affordable and easy to use. However, there are still significant risks that users must consider when utilizing these services. . SMBs with cloud platforms face a one-in-three chance of experiencing a cloud security breach that can steal data , causing financial loss, reputational harm, and significant downtime. Therefore, SMBs must stay vigilant and prepared for any attacks in network security that head their way. This article will discuss how to integrate data and network security protocols that keep your information safe from a breach. How Can I Protect Cloud Storage? SMBs must harden any and all cloud data storage by enabling encryption across all cloud services within a server. Use the management interface to set up automated protection if the cloud security framework does not do so by default. Review your provider’s encryption policy and settings to ensure you have the ultimate security on your system, even if it seems unnecessary. Consider only implementing data storage providers that have encrypted connections for all data transfer functions to protect your business information during transport. Such a practice will prevent Man-in-the-Middle attacks in network security. Most commercial cloud storage providers offer this feature, and you should utilize it as an extra layer of protection. Here are a few encryption options major cloud storage providers have for users: Dropbox encrypts at-rest, stored files with the 256-bit Advanced Encryption Standard (AES). The software enforces SSL/TLS connections with 128-bit or higher AES encryption for all data transfer activities. Google Drive encrypts all files transferred to or from the platform with 256-bit AES encryption. Stored data also experiences this data and network security, and Google Drive allows optional client-sideencryption via the Google Workspace interface. Microsoft OneDrive encrypts both at-rest and in-transit data with 256-bit AES encryption. The cloud security framework recommends enabling client-side encryption on any iOS or Android devices that access the platform. Amazon S3 Storage encrypts all data automatically with the Amazon S3 managed keys (SSE-S3), which users can manage through their account console. Unfortunately, pre-existing data does not inherit these protections, so users must configure it manually. Protect in-transit data using SSL/TLS connections. How Can I Manage Credentials and Access Rights? SMBs must design their data access policies with the Principle of Least Privilege (POLP) in mind. The POLP ensures users have the minimum data access necessary to complete their jobs. This practice prevents internal attacks in network security from harming a company. Run a privilege review process at the end of each year to reassess access and determine how to proceed in the coming months. Choose a Single-Sign-On (SSO) provider to centralize user access credentials and broker access to multiple cloud services and platforms. Using SSO can make it easier to navigate across various servers with fewer passwords while also preventing unauthorized users from getting past administrators. How Can I Secure On-Site and Cloud VoIP Services? A Voice over Internet Protocol (VoIP) can benefit SMBs. Even though SMBs rarely experience VoIP attacks in network security, cybercriminals could harvest user credentials and instigate social engineering network security threats that could leave a company scrambling. Therefore, having VoIP in place is crucial. Most VoIP providers have strict password rules and 2-Factor Authentication protocols to keep your server safe. Some even offer SSO and encryption on their platform connections, regardless of the device on which you utilize the service. Asterisk open-source PBX software users can implement business-class firewall rules that permit onlyrequired ports to open to the Internet. Also, restrict extension access to only known internal subnets, disable unused channels, and enforce complex passwords as other data and network security protocols. How Can I Safeguard Remote and Hybrid Workers? SMBs can safeguard your data and communications with remote or hybrid security professionals and network security toolkits. A Virtual Private Network (VPN) can encrypt connections wherever a worker is to ensure no network security issues across the system. Companies should consider a Desktop-as-a-Service (DaaS) solution so remote workers have a business-controlled environment from where they can access apps and services while preventing cybersecurity vulnerabilities from flooding the server. Using DaaS makes it easier to enforce POLP access rules and cloud security policies that could be more difficult to maintain across independent hardware. How Can I Manage Bring-Your-Own-Device Policies? If an SMB permits remote workers to use their hardware, the company must develop Bring-Your-Own-Device (BYOD) policies to ensure no network security issues arise. Create minimum hardware and OS version standards so no cybersecurity vulnerabilities are prevalent on their software. Embrace a Mobile Device Management (MDM) solution to avoid managing too many devices. MDM helps SMBs set security policies on enrolled end-user devices that can keep sensitive data secure. For example, MDM can force-disable smartphone cameras and microphones when users access such information. Companies can also create device password and encryption standards, restrict Wi-Fi network access, and enable or disable data access based on where the user is working. Some businesses do not have enough devices to warrant an MDM solution, so endpoint security solutions can guarantee that no infections or malware threats enter your system. What Penetration Testing Options Are Available to My Business? SMBs should familiarize themselves with penetration testing options that can helpstrengthen the cloud security framework. Various open-source vulnerability scanners can help SMBs customize their servers to suit their needs. Consider Metasploit as a free, open-source option. Cloud security scanners can help businesses determine where to employ security patching before cybersecurity vulnerabilities permit a cybercriminal to instigate an attack. Perform complete penetration testing sweeps yearly to check for new security holes that could develop over time. Use cloud discovery technology to account for all cloud services and possible locations for attacks in network security. Close down any server your employees do not use to prevent threat actors from entering those unprotected systems. Final Thoughts on How to Improve Security Posture for SMBs SMBs have plenty to gain from installing cloud security frameworks that can implement procedures and best practices that keep their servers safe. Avoid cloud security breaches and other attacks in network security by following the various suggestions we provided in this article. Stop facing risks today and install cloud storage, employ security policies, and patch cybersecurity vulnerabilities before it is too late. . Small enterprises leveraging cloud technologies are experiencing approximately a 33% likelihood of data compromise; explore essential tactics to safeguard your information.. Cloud Security Framework, SMB Cybersecurity, Data Protection Strategies. . Duane Dunston

Nov 27, 2023 •

Duane Dunston

access managementsecurity complianceendpoint security

Key Factors for Choosing Remote Access Software in Linux Environments

Choosing the right software for your enterprise can be a critical decision to make. With multiple remote access software out on the market, it can be perplexing to narrow down to one solution for your enterprise environment. By considering major business use cases and essential security factors, we have compiled a quick checklist to simplify your decision-making process. . Security Software without security features and basic authentications will make your enterprise ecosystem vulnerable to threats and hacks. Ensure the software you choose is coupled with robust authentications like SSO - how SSO works is particularly important for Linux environments since it enables users to access multiple services with a single set of credentials - along with 2FA/MFA, end-to-end encryption, and role-based access, as well as exhaustive recording and reporting features. Compliance It is essential organizations adhere to laws and regulations, which is why most of the industry sectors are compliant to mandates and policies like HIPPA, GDPR, and PCI-DSS. When picking a solution, check whether the software will be compliant with these mandates, as well as your specific organizational policies. One thing to look out for is that the software doesn't establish a remote connection without prompting confirmation on the remote device. Simple to Use In most scenarios you would want to connect to a remote device instantly. A user-friendly interface and simplified workflow are additional factors you must look into before purchasing the software. Installation and initiating remote sessions must be a seamless process and no additional training should be required. Scalable & Flexible Industries and enterprise businesses are growing everyday, resulting in an ever-increasing amount of endpoints that need to be managed. Server and space outages must never be an issue for your organization. The software you choose should be scalable for unlimited endpoints and be available all the time. When it comes to remoteaccess, the major goal is to control a device from anywhere, at any time, even while on the go. Compatible Not all devices in your enterprise run Linux OS. There will be a mix of Windows, Mac, and other OSs to consider, so it is essential to ask "will I be able to access a Linux machine from a Windows or Mac device, or vice versa?" If the software lets you access from an Android and iOS device as well, then that's a bonus. Unlimited & Unbounded Pricing must not limit the number of remote sessions you are allowed to take. Even from the tip of an iceberg, if you have internet connectivity, you must be able to access your endpoints remotely. A secure remote access solution with communication feature like chat and calls will make your troubleshooting process simple. To make the right business decision for your enterprise, all you need is a boundless and reasonably priced solution. "If a remote access solution checks each of these, then that's the one you're looking for." How Remote Access Plus Covers this List! > Remote Access Plus is a robust remote access and troubleshooting solution for an enterprise ecosystem. It double ticks the checklist by prioritizing security and unifying a solution for various business use cases. Exclusive trusted communication between endpoints and servers. End-to-end encryption during remote sessions, file transfer etc. HIPPA, GDPR, PCI-DSS compliant access from desktops and mobile apps. Authenticate with SSO, MFA/2FA, SAML, and more. Configure instant notifications for data breaches. Provide confined access based on roles. Secure servers from vulnerabilities by automating security patches. Cloud-based solution to scale up seamlessly. Initiate unlimited remote sessions to your endpoints. Made user-friendly with a simple web based console. Access your Linux computers from Mac, Windows, Android, and iOS devices in a matter of minutes. It can be confusing to make the right decision when consideringdifferent features, various pricing estimations, and perplexing editions provided by vendors. But choosing the right secure remote access solution will simplify your work rather than increasing your burden. So create an exclusive checklist, evaluate multiple solutions and pick out the one that best suits your Linux environment. . Security Software without security features and basic authentications will make your enterprise ecos. choosing, right, software, enterprise, critical, decision. . Brittany Day

Oct 17, 2022 •

Brittany Day

data protectionaccess managementsecurity policy

Comprehensive Guide To Network Security Audits For Organizations

"Information for the right people at right time and from anywhere" has been the driving force for providing access to the most of the vital information on the network of an organization over the Internet. This is a simple guide on conducting a network security audit, This article contains points for conducting an audit. . This of course has led to the situations where this valued information falls into the hands of wrong people. This may be because of a bug/vulnerability in the application software which provides these data access from the Internet, Misconfiguration by the administrator/vendor, or due to Negligence from the Management . Whilst we are talking about access from Internet. Most of the surveys indicate that breach attempts are considerably high from Internal users. So a security policy is the most basic need for the Network security. This requires reviews and redefining policies according to the changing business environment. So security policy definition requires an understanding of the environment, Loop holes in it and the steps need to be taken to check these loop holes. Hence this starts with a network audit. This is a simple guide on conducting a network security audit, This article contains points for conducting an audit (of course I too have learned it from many an experts articles on the net and experience). This first of the series (may be, many to come. If u guys really want to hear from me.) doesn't' get into the core of each of the aspects, this will generally outline the things to be kept in mind while conducting a Network security audit. May be you guys let me to put my ideas in my future writings. General assumption of (and wrong) Network security audit is limited to determination of the services available on the network for access. No, it doesn't, A Network security audit should address all the concerned areas that are listed in this article and if possible more (Don't forget, the more steps you take for preventing, themore secure it gets. So don't stop at this, keep on doing it better.....) . So the minimal aspects to consider are. Management The Audit should cover a questionnaire to the Organization's management to know about seriousness about its Information Security. The questionnaire should be able to collect a considerable amount of information like say, Is the Management of the organization serious about the Information security requirements. Any established procedure exists for reporting security breaches or attempts of security breach. Review of Security controls Life Cycle, Etc., ............. Administration Knowing Administration controls helps in understanding the kind of protection of data has and that the security deviations are detected and corrected. Attempts to be made to understand the security implications that the following might have, Backup and Disaster Recovery. Response to Intrusion Detection Response to Virus/Trojans Grant/Change/Removal of Privileges Documentation Log reviews Changes in Network Software License compliance, Etc., ................. LAN Security Get an understanding of the LAN configuration, the number of users on the LAN, the general use of the LAN. Audit on, Protection against Viruses, Trojans, etc., Communication controls Acquisition TCP Ports Firewall/ACLs Application Finger printing Lan Access policy, Etc., ......... Access Control Determine the access control mechanism for users to access various resources across the network. Some times: Authentication, Requests, Duties User guidelines Password policy Operations Physical Security Contingency planning Training H/w and S/w maintenance Now that we have outlined the aspects of Assessing, Lets look into the each of these in as much detail as possible. Management : What is the necessity or things that are to be checked in the Organization's Management? What does it take care of? These are some of the questions arise when we say about Assessing the Organization's Management. I will try to justify as much as possible. The first thing to look up for would be to analyze weather the management has taken the issue of Information security seriously, this can be accessed by knowing, Is there procedure/guideline specified for acquisition and installation of LAN peripherals/accessories etc.,? Are the users been notified about the security concerns, terms of use of systems and network access, Limitations and Proceedings in case of breach of security policy. Have the users been notified about their tasks? Are the users been notified about their emails being monitored (in case if it is)? Is the procedure to formally report security breaches in place? Are the findings of Audit and/or inspections reported to management? Are emergency and disaster procedures established with well defined tasks and responsibilities? Is there a proper backup plan in place so that the operations can return to normal in case of the installations being completely damaged? Are these plans tested ? Does the organization's management taken care of forbidding Software Piracy and informed to the PC users? Are there proper inventory controls for the software and hardwares? Does the users know who is in charge of the security and how to get in touch with him when required to? Is the security policy scrutinized every so often (is the life cycle of the security policy determined)? Are the necessary corrective actionstaken/granted on each of the weakness found? The more precautions/interest taken by the management shows the Management's seriousness about the organization's information security and makes the users feel that they will be liable for any harm/loss caused by them. Thus the management should provide the basic foundation. A organizations failure of IT security is because it's involvement is more reactive one rather than being a pro-active one. Often the vulnerabilities are closed only after those weaknesses have been exploited after an attack, at the cost of time, data, and money. Very few organizations take pro-active steps on evolving a security policy and strategies. So keeping up to date with the organization's security strategies by the management is very important. Administration An effective network administration ensures the continued availability and protection of data as desired by the organization's management. Its very important to have a good network administration team as they are the key peoples when comes to actual implementation of the security policies, Disaster recovery plan, etc., Hence the administration should see that Setup of Servers: Make sure that the applications available on the network are not misconfigured. The applications are patched/updated very frequently as and when available. Keep track of various Vulnerabilities, Backdoors, Viruses on the move and the solution to these. Virus protection both at Mail server/gateway and also at the user's desktop level should be taken care of Servers should conduct proper identification and authentication of users before being granted access. Does the Server setup conducts proper authentication to suit the risk associated with their access? Is proper encryption enabled for data transfer (Where ever required)? User access to applications: User managementlike adding, deleting, modify, disabling, enabling user IDs and setting proper guidelines to the users on password choosing, periodically changing the password, granting and revoking of access rights as required, etc., Formal procedure for seeking/change in access and getting formal approval for it from the management. Periodically Track/Analyze the user requests, Accesses made like time and duration of the access and if possible the kind of data sought by the user etc., Periodically review the user access to the system. Document any anomaly in user access, etc., Report it to the management for action if required. Protecting Top secret applications meant for access only by the privileged of the users, and proper grants to its access. Take note of failed login attempts periodically and verify with the concerned. Procedure established to deal with Repeated attempts by a user to gain unauthorized access to these resources. Check for un-authorized use of external storage devices like Floppies, CD-ROMS, etc. Apart from these checks, other checks should be performed regarding the way the data handling and data exchanges are made. If Third party data access is allowed (Clients/Business partners/etc.), are there proper control on their access, identification and Authentication? Is it possible to identify and track all the assets (ease of it determines the quality)? Are development systems separated from the operational systems? Is the security of media on the move established? Are the system clocks synchronized? And many more aspects. . Performing a thorough cybersecurity evaluation critically gauges the organization's commitment to safeguarding data and adhering to regulations.. Network Audit, Data Protection, Risk Management, User Access, Security Measures. . Brittany Day

Oct 08, 2002 •

Brittany Day

security solutionsaccess managementembedded systems

Secure Computing: Linux Security Insights And Type Enforcement Overview

In this interview, two principals from Secure Computing, Inc. offer their thoughts on the state of Linux and security, its place in the data center as a secure platform for business, and their work with the National Security Agency to create a Type Enforced version of Linux. . R ecently I had a conversation with Carr Biggerstaff, Senior Vice President of Marketing, and Thomas Haigh, Vice President and Chief Technologist for Secure Computing, Inc. about their work with Linux and security. Carr has worked as the senior IT executive for both services and manufacturing companies, a consulting manager with Arthur Andersen, the senior technical marketing manager for emerging technologies in the Enterprise Server Group at Intel and the vice president of a sales and marketing agency. Thomas is responsible for the development of product evolution strategies and technology roadmaps across the company's product divisions. Prior to his current position, Haigh was Vice President and Director of Research at Secure, where he focused on developing acquisition plans, and planning and implementing contract and independent research and development programs. LinuxSecurity.com: Would you give us a brief overview and background of Secure Computing? Tom Haigh: We started out as an R&D center at Honeywell in the mid 80s. At that time we were focused on operating systems security and database systems security doing research for the Dept of Defense and the Air Force. Our main contract was to develop an A1 level operating system for the NSA. There was a series of contracts culminating in a system that was actually fielded a multi-level guard called the Secure Network Server . It was to be placed between two networks of differing classification levels and filtered the traffic between them. And it was on this series of contracts that we developed the type enforcement. Because we had been working on a secure network guard, it was natural to go build a firewall. So wetook that same technology that we developed on that contract and rolled it forward into our Sidewinder firewall. The type enforcement is there; the strong mail filtering is there. We went public in 1989, and in 1995 acquired four companies. We refocused ourselves on e-business opportunities. The mission of our company is to be recognized as the leading provider of safe-secure extranets for e-business. LinuxSecurity.com: And your firewall is a primary piece of that? Tom Haigh: I think it would be overstating to say that it is the primary piece. Basically the products we have are great components for this. SafeWord has grown into an access management product. It does authentication and authorization. So it controls what each user is authorized to do on the system or through the firewall. Then it does the audit as well so you can hold each user accountable. In the old days a firewall was all you needed. You let email in and outsiders out and let insiders do anything they want. As we move more toward e-business, now we are letting an awful lot of outsiders in as well. All your partners are coming in. You have to know who your partners are, and when they're on the inside. That's when access management becomes crucial. Carr Biggerstaff: It's a lot more than access management. Because in e-business in particular, those customers and suppliers are being granted access to business applications that are traditionally internal applications. And so the trick now is not just to provide firewall functionality which keeps unknown and untrusted people out or VPN type of gateway capability which lets people in and have an encrypted protected session but more importantly to escort them, if you will, to the few applications that they are allowed to use. If I'm a supplier of yours I am may be able to come in and check my inventory levels, etc, for replenishment, but I shouldn't be able to go all over your manufacturing system, for example. So that's the accessmanagement piece of it that becomes so important, particularly important in business-to-business segment of the market, which is the market segment that is expanding so dramatically, and where the revenue dollars are being generated. As opposed to the consumer-to-business dot-com stock. LinuxSecurity.com: Do you view Linux as being a viable platform for developing security products? Carr Biggerstaff: Linux is not only very important for us, but we've been doing work on the Linux platform for some time now. The only other comment I'd make is the thing that people need to remember about Linux is that it represents not only a platform in the traditional computing space, but also for embedded systems. LinuxSecurity.com: What are the most important topics or issues in your industry, and why? Carr Biggerstaff: The most important topics that we have to deal with today is the full-disclosure of issues surrounding security today. I talk to people and Tom talk to people all the time from the commercial and government sector and nobody talks about their security problems. Nobody shares the information as to how it happened, what happened, etc, and in fact if they say anything at all they tend to whitewash it. They do so for a couple of different reasons. One is the obvious - they don't want to talk about their dirty laundry. Two is that they don't want law enforcement activity in many cases. Three they don't want insurance issues. But, as I said earlier, that is going to change. It needs to change because we have an education issue in the industry. If we don't better understand as vendors of security solutions, if we don't better understand what is going wrong, we can't provide the product. Another issue that weighs heavily, at least for me, is that as security vendors, the security industry itself doesn't do a good job of disclosing all the vulnerabilities. There is, for example, a perception, which our market fuels that a firewall is it. The reality isthat very few people understand that a firewall in front of a web server, which is arguably coming with a de-facto, ubiquitous access method for e-commerce and e-business and everything else, it's a web server. Very few people will sit down and tell a customer "No, you don't understand, if you put a firewall in front of a web server, and you open up a port in that firewall to let http traffic through, then you run the risk of that web server being compromised." And it happens all the time. You can't successfully screen out the malicious code in the http connection. So there needs to be a little more honesty on the part of everybody in order to fix what I think is going to be a growing problem. Just because of the law of large numbers effect, as we go from letting a few hundred people into our systems across the public Internet to letting thousands of people into our system, the odds say the probabilities are there that we are going to have more and more breaches, whether they are insider breaches or from unknown intruders, and the only way we are going to scale our solutions to solve these problems is to have more honesty in the industry. And that will come if customers and suppliers, vendors like ourselves, begin to mature a little bit and recognize that like every other business solution we've had to deploy over the past 25 years. So we'll get better at telling each other what we need to know, but that's a key issue. LinuxSecurity.com: You've touched on the SideWinder firewall. Would you like to talk a bit further about it, and explain your Type Enforcement Technology? Tom Haigh: Absolutely. The SideWinder firewall is an application layer gateway. At this point it's actually become a hybrid. We give users the ability to enforce security at the application layer, not just at the IP layer. The Type Enforcement Technology is one of the really important features in there. There is a paper published this past week that is available now on our TypeEnforcement Technology. We've made a number of modifications to the operating system kernel and wherever access is enforced, we have to add hooks to Type Enforcement access control. So basically rather than go checking the Unix ACLs, the NT ACLs, you've got to go check the type enforcement Domain Definition Tables, Type Enforcement Tables for now. What the type enforcement does is compartmentalize the applications that run above the operating system. So each application runs in it's own compartment. Think about the hold of a ship - if one compartment is compromised, the ship doesn't go down, the damage is contained to one space. And with type enforcement the same thing happens. We build walls between the application and walls between the operating system itself. So if a hostile user or more likely these days malicious code gets in, causes a compromise in one subsystem, that compromise can't spill over into other subsystems. It's very very powerful. If a user manages to mount an HTTP overrun attack, or a stack overrun attack of any sort, they can't use that to break out of the application they're in and get down into the operating system to gain root access to take over the entire system. We've absolutely eliminated that. And what's really powerful about that is that the last collated data I've seen for 1998, CERT documented 13 major firewall attacks, 9 of them were stack-overrun attacks. So with this mechanism we're eliminating a very high percentage of the firewall attacks. That in itself is important. That's a huge discriminator. LinuxSecurity.com: Recently it was announced that Secure Computing has been awarded a sole source contract by the National Security Agency to develop a Secure Linux operating system. What is the status of this project? What applications will it be suitable for? Will the changes be released to the open source community? Tom Haigh: The work we are doing with NSA is to implement Type Enforcement in Linux. We are in development on thisright now, and we expect to deliver it this summer. The objective here is to release all of this to the open source community, and for us, that's crucial because we of course would really like to make SideWinder available on Linux as well as the BSD version we have today. As Carr said, with embedded Linux beginning to appear, and the growth of firewall appliances there's a real nice match there. Since NSA has not authorized us to make the code public yet, we have to keep it on the shelf for right now. We see Linux with Type Enforcement as suitable for a broad range of applications. Certainly for a firewall, but once we have a version we can distribute, then we would like to get SafeWord running on that as well. And beyond that, we've implemented some prototype e-commerce suites in a Type Enforce environment as well. Basically taking Netscape Enterprise server and protecting it with Type Enforcement. Then putting some of the back office and supporting services around it. So we see this ultimately as being suitable for a wide variety of e-business applications. PC Week had their 'PC Hack' where they had a Linux server, but with Type Enforcement technology on it, it wouldn't have been broken into. Because of NSA's restrictions on the code, I can only describe the changes in fairly general terms. Basically, we have to modify each kernel entry point by adding a hook to make a Type Enforcement check. Then we have to modify a small number of modules to make the checks. We estimate that there are changes to less than 5% of the base Linux code. There are actually two technical teams working on this project, our team and a team at NSA. The two teams have worked together for over six years now, adding security mechanisms like Type Enforcement to a number of experimental operating systems, most notably Mach. The NSA team began their work last fall, before we signed the contract with NSA, so they developed the majority of the code. All in all, it has been a good partnership, a winfor us, a win for the government, and once NSA approves release of the code, a win for the Linux community. LinuxSecurity.com: How do you expect the marketplace to change over the next two to three years? Carr Biggerstaff: I'll tell you, and as you'll hear from both of us, the biggest deployment trend in the industry today worldwide is e-business, or business-to-business. When you look at revenues generated in e-business systems, they all track amazingly identically. The trends are all focused on doing e-business because there are very tangible benefits to them. What's interesting about that model is that if you take yourself out two to three years, and you think about what an e-business system really is, where I've got customers and suppliers that have a protected, private communications link into my back office system, such as manufacturing, accounting, inventory, whatever, and they are being granted access just as if they were an employee of my company, when you think about that model, and you overlay something like Forrester says over the next couple of years the average number of discrete e-business links (customer to supplier, or supplier to customer) is going to be something like 700. You think about that, you've got hundreds of people, if not thousands, that are going to be operating in each other's systems as if they were employees. From a security point of view, what we always think of are insiders. We think there's somebody who's already inside, who has been granted the rights and privileges to be in our proprietary information systems and 99.9% are normal people who are going to do normal things, but there's always a bad apple. If you go and look at the FBI statistics and reports that they've put out annually, and what private industry reports are put out, the biggest risk from our data security point of view for years has been the insider. LinuxSecurity.com: And it's probably one of the least recognized threats, too. Carr Biggerstaff: It's because we've weaned ourselves from it over the past decade. When Tom and I got into this business, it was host terminal computing and we didn't really have Internet to speak of. Back when Tom was hardening operating systems for Honeywell and before that, our concern was the insider because we never let outsiders into our system. And then along comes client-server computing, and in particular the Internet, then bang! People are being granted access whether they are remote employees from home or from a hotel room, EDI-connected partners, little by little they are being granted access. And now that trend is growing exponentially. You used to just let remote access for employees and a few partners through an EDI or proprietary EDI solutions. We're now talking about letting larger and larger numbers of customers and suppliers in across the public Internet to do business in our arguably most valuable asset today in any business. So that's an issue for us. And we've been worrying about that now for about 18 years as a company. We started back in the days of guarding against the insider and we've survived and lived through the different changes in security, but that's never left our mind. We continue to architect solutions that are designed to protect against the insider as much as the outsider. And I think that's the biggest single trend we'll see in security segment of the industry besides the obvious, which is more people using more systems means more security breaches. We will continue to see more and more reports of systems that have been breached. As people become desensitized, the reporting will become better. Today not a lot of people report breaches, but over the next three years people will become more forthcoming about being breached, what happened, and getting help to solve the problem. We'll have more information, you'll see more information, you'll see more security problems surface. That said, the biggest issue that people will have to deal with would be insider orientedissues because they will have a bunch of "insiders" in their system. And it's going to be real tough to deal with them unless they intelligently manage that access, and I think that's the key thing that we see coming. LinuxSecurity.com: How do you think your industry will change in the future? What new products can we look forward to seeing from your company? Carr Biggerstaff: What you will see from our company pretty quickly is the ability to provide the next layer of access management and protection. Today we stop everything at the perimeter, at the boundary of the business, at the extranet, for example. But as we talk more about the insider situation and the proliferation of "insiders" it's going to become important to protect the individual hosts themselves from access. We're in the process of putting together a product that we'll be announcing the next quarter. I'll let Tom address the other points - those are the key points from my perspective. I think the biggest - it may seem simple to state it this way, but probably the biggest issues that our industry and information technology industry is going to face more than anything else is going to deal with scale. The fact that more and more users are going to be connected to your systems than ever before, and you're going to be connected to more and more people's different systems than ever before by a variety of different devices. It introduces a level of complexity and sophistication that we've never dealt with. It's always been pretty easy. First it was host terminal within our own business, then it was client-server within our own business. Then we added the Internet. And now we're talking about people getting to you by phone, PDA, and they can get in your systems, looking at your data, making decisions in your software, by buying things, selling things, whatever. And that's going to introduce an opportunity for all of us in the industry to either put-up or shut-up. When it comes to providing theapplications and capabilities to provide a healthy environment. That's going to be the ultimate challenge for all the companies. A single-point solution isn't going to do it. You can't just put a firewall on the edge of the network. If you go and look at Gartner and Forrester and all those guys you're going to begin to see a trend as they move away from the firewall as being essential but not enough. They're talking now about access management and access control. The challenge is letting the right people in to do precisely what they're allowed to do, no more, no less. And that's a huge shift that's going to a challenge for us all. We've been looking at this for at least two years. Tom Haigh: To elaborate on what Carr had to say... It's not just the number of users; it's the kinds of things they're doing as well. When everyone was doing email and accessing static web pages, security policies were pretty simple. We didn't think they were, but in retrospect they were pretty simple. So now we've got a whole lot more users. Some of them are true employees of the enterprise, and others are partners of various flavors, and each of them needs to do certain things to get their jobs accomplished. But then there are other things that they shouldn't be able to do. So the problem is not just one of one dimension - we've got growth in multiple dimensions. A combinatoric explosion of possibilities that have to be controlled. And so the ability to manage this security fabric on a point-by-point basis just isn't going to cut it anymore. Customers are going to have think holistically. How do they secure the enterprise? And we have to start giving them the tools they need to do that. It has to be an integrated set of tools. LinuxSecurity.com: Can you describe SafeWord and SmartFilter in a bit more detail? Are there plans to port these to run on Linux? Tom Haigh: Both of these already do in fact run on Linux. SmartFilter is a web-filtering product that runs as a plug-into standard proxy servers. It controls where people inside the enterprise can go and surf on the Internet. So what we do is, we've got a service where we categorize sites on the Internet into one of 27 categories. Things like sports, entertainment, sites with sexual content, job search sites, sites with violent content, that sort of thing. The enterprise can enable and disable these categories on a 24x7 basis. Corporate bandwidth is precious, particularly during working hours, so this product gives the ability to keep this bandwidth available during working hours. Another reason for this software is to provide a non-hostile work environment. Some clown downloading images from playboy.com, this becomes an uncomfortable work environment. The latest Computer Security Institute and FBI survey they do every year shows 79% of companies identify improper use of the Internet being a major problem for them. LinuxSecurity.com: So does the corporation have the ability to add specific URLs to the list? Or is it updated weekly, or? Tom Haigh: Both are possible. The enterprise can add URLs to the list of prescribed sites. We've got about a half a million sites on there now. Customers can also send us other sites to check out, and we do that. It turns out that 80% of Internet accesses go to a relatively small number of sites, so we've got pretty good coverage. LinuxSecurity.com: The opponents of products such as yours say there are an infinite amount of illicit sites, and it may be better off going the other way around, excluding everything and including a select few that people are interested in going to. You don't find that in your experience? Tom Haigh: The problem with that is there are going to be the specific sites that individuals have to get to in order to do their job. It's much more of a maintenance hassle. This eliminates that maintenance hassle for them. Our product has a couple of notable features. One, it runs on the server, not on thedesktop, so it's not something that an individual user can go in and reconfigure to get rid of the restriction. The other thing about it is that it can be configured in a 'hard deny' mode and there are also some softer modes. One way to do this is to configure SmartFilter so that it runs very slowly when a user attempts to access a non-work related site. Another is to configure SmarFilter to coach a user, suggesting to him that the selected url may not be work related and asking the user to confirm that he wants to go to the site. LinuxSecurity.com: Is there work being done on developing intelligence in that it can detect specific keywords or things of that nature? Or even keywords in the URL itself? Tom Haigh: We've got some automated tools to help us with the classification service. But we have not put those into the system to do filtering in real-time. The reason is that it is easier to do a fast lookup, so it's better to use those tools in the background to populate the categories than to try to do this in real-time. SafeWord is a much more complex product. It does user authentication and authorization. So SafeWord maintains a user database and in that database you talk about what authentication methods the user uses; it could be a fixed password, or it can be a dynamic password, such as one-time password-generating tokens. We have our own, and we also support other people's tokens. Also associated with that is the ability to assign specific access rules to that user on a specific system. So when you authenticate, you authenticate to a firewall or to a web server, or to a database server, and what we can do is download specific access rules for that user or we can simply download a 'role' or a 'group' for that user and then use that as an index into access rules that are already hosted on that system, which is my preferred way to do it. So we bind a user to a role, or set of roles that state that "This user is authorized to play these roles" and thenthe web server or the firewall has it's group ACLs and it simply maps the role to a group that states that this user is a reseller, for example, which controls which web pages to allow him access to. SafeWord also has audit capabilities. What's really interesting is what's going on behind the scenes. We have the ability to replicate the user database on multiple copies of the SafeWord server. So that means if one SafeWord server dies, the others keep going - the enterprise keeps going and people can still authenticate. Pushing behind that, we have the ability to have multiple clusters of replicated servers, so we could have a cluster of three servers in California handling authentication for the California users, and a cluster of servers in London handling authentication for the European users, and these are all fully replicated. We have the ability to proxy authentication requests among the clusters. So, if I ordinarily work here in Minnesota, use the SafeWord servers in California for authentication, and I go to London or anywhere in Europe, when I do my authentication it goes to the servers in London, but those automatically point it back to the California servers. So this gives us reliability and scalability that we need. Our largest customer is a financial institution that has 400,000 SafeWord users authenticating 400 billion dollars of transactions per day! We recently released SafeWord Plus, which adds support for public key-based authentication as well as very easy user enrollment and something we call a virtual smartcard. The virtual smartcard provides smart card functions and strength of security without having to install smartcard readers on everyone's desktop. SafeWord Plus is a new product, and will be available on Linux in a future release. LinuxSecurity.com: Are you currently working on any other security products for Linux market? Tom Haigh: Not right now. We currently have two of our four products running on Linux now. The plan is to move theother products to Linux as opportunity presents itself.. LinuxSecurity.com: Do you think Linux has a place in the data center as a secure platform for commerce in the state that it's currently in? Tom Haigh: Yeah, I do, and I think that with the enhancements that are going on in the Linux community, it will become even more attractive. So yes, I think there's definitely a place for it in the data center. I think a lot of security vendors are going to be moving to Linux for their security products. Certainly we are, and there are already vendors that have implemented their products on Linux. There are some firewall appliances that run on Linux now. I think there will be growth in this area. The growth in Linux security products will parallel the growth of Linux server market in general. As more and more Linux servers are used in the data centers, it's going to have to be secured, and security means a number a different things. A lot of times people say "secure web server", and people think it supports SSL. There's a lot more to a secure web server than that in our opinion. The SSL is the first piece. The next piece is good forms of authentication, something more than passwords. Once you've got the secure authentication, you've got the secure communications; you've got to worry about authorization inside the system. How do you control what users do, how do you control what code might end up there. How do you control whether someone can install a CGI script, and what it does. Being able to host stuff for two competitors on the same server and keep them from hacking each other is a good canonical example that I think Linux with Type Enforcement can do. When Carr talked about when all the outsiders become insiders, being allowed legitimate access through the firewall into the corporation, it's not just the users themselves, it's the code of theirs that might also be permitted access. Such programs are JavaScript, Visual Basic, and all the other horrible things. Youhave to ask how you are going to control that. This is another great use for Type Enforcement. LinuxSecurity.com: Thank you all for your time, and we sure appreciate the opportunity to speak with you. We look forward to hearing of new developments on the port of Type Enforcement to Linux in the future! . An in-depth dialogue featuring executives from SafeNet Systems, delving into the intricacies of Unix defense mechanisms and their advancements in Role-Based Access Control.. Linux Security Solutions, Type Enforcement Technology, Access Management Solutions. . Brittany Day

Jul 26, 2000 •

Brittany Day

Stay Ahead With Linux Security Features

Refine features

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Top Linux Vulnerability Scanners in 2026: A Guide to Open-Source Security Tools

How Linux Pentesting Improves Network Security

Understanding Log Management and Analysis Tools for Linux Systems

What is Nmap? How To Use It Effectively for Network Security

Explore Latest Linux Security features

Cloud Security for SMBs: Data Protection from Threats and Breaches

Key Factors for Choosing Remote Access Software in Linux Environments

Comprehensive Guide To Network Security Audits For Organizations

Secure Computing: Linux Security Insights And Type Enforcement Overview

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Top Linux Vulnerability Scanners in 2026: A Guide to Open-Source Security Tools

How Linux Pentesting Improves Network Security

Understanding Log Management and Analysis Tools for Linux Systems

What is Nmap? How To Use It Effectively for Network Security

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Ahead With Linux Security Features

Refine features

Topics

Authors

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Explore Latest Linux Security features

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending Features

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!