Compaq 307560-001 Compaq Enterprise Security Framework - Page 14

WHITE PAPER (cont.) ... encompass a broader range of security objectives. Leading vendors have entered into acquisitions and partnerships in order to offer new functionality. New functionality includes web filtering, limiting the web locations employees may visit, VPN abilities allowing encrypted communications between firewalls, networks or remote clients, screening capabilities for Java and ActiveX code, and logging software to audit network traffic. In addition, these vendors have made moves to improve the interoperability of disparate firewalls with other security solutions. For example, Raptor Systems' firewall has built-in interoperability with tokens and authorization servers from Security Dynamics. The broadest effort of firewall vendors is to establish architecture and an API standard. This would allow firewalls to become the security management console for enterprise, capable of integrating and controlling the security operations of multiple third party solutions. The most aggressive effort to date is from CheckPoint, whose OPSEC architecture supports major existing standards such as IPSEC, LDAP, etc., and offers API support for multiple solutions such as access control, address translation, virus scanning, and activity monitoring. The most important implication of these firewall developments is that security solution providers will need to interoperate with the APIs of dominant firewalls, or incorporate the latest firewall products into their systems. Security Market: Identification and Authentication Importance Identification and authentication measures are enterprises' first and most important line of defense. If a device is able to identify users reliably, and bind users to that device for the period of use, the task of providing overall authorization, privacy, integrity, and accountability protection is much easier. Since client devices (PCs, NetPCs, laptops, PDAs) are now distributed further from physically secure environments, networked to increasingly critical enterprise resources, and carry crucial information, local device security has become an important concern for companies of all sizes. As a result, superior device and local-level solutions will experience fast market development. Markets for network-level, certificate-based solutions are developing more slowly due to lack of acceptance and emerging standards. Eventually, integrated local-level and certificate-based identification systems will emerge to provide stalwart identification and authentication security across the Internet. Since individual laptops and corporate PCs are vulnerable to theft and unauthorized use, local identification controls are of immediate importance. Currently, most computer systems utilize only basic passwords to identify users to PCs. Resourceful users easily defeat these measures; passwords can be overheard, electronically intercepted, guessed, and bypassed during the boot process. If local identification measures are tied strongly to local access control, vulnerable laptops and PCs are useless to criminals except for their hardware value. In addition, by reliably identifying users locally, it becomes easier for the network servers to authorize users to access a variety of information and application resources. There is a much broader and more powerful variety of mechanisms available to identify users. These mechanisms might serve as solutions, and can be categorized into three groups based on the following: • What you know (passwords). • What you have (tokens, smartcards). • Who you are (fingerprint biometrics). In addition, many solution implementations combine two solutions, commonly labeled two-factor identification, to provide additional security. The technologies in each of these areas are mature 14