Beyond displaying an extensive slate of existing Linux products, vendors at
last week’s InfoSecurity show pointed to possible future offerings ranging
from a Linux client for a CD-ROM encryption system to a Linux-enabled all-in-one device for securing both physical access and video surveillance.
In a sign of the growing convergence between information security and
physical security, the InfoSecurity conference was combined this year with the East
coast edition of the ISC show, another perennial event at New York City’s
Javits Center.
Conference sessions tended to skirt matters specific to OS and
interoperability, focusing instead on convergence issues such as organizational
restructurings and information sharing, as well as on what general types of tools to
deploy against the latest nuances in bots, pharming, and other cyberattacks.
But on the show floor and in other conference byways, vendors and government
contractors happily discussed OS platforms, including their reasons for
favoring particular Linux distributions.
PD Inc., for example, is using a COTS implementation of embedded Linux in
its all-in-one device for physical access, video surveillance and analysis, and
storage now being developed under contract to the US Navy.
“We’re getting everything that Red Hat would provide, while keeping the
costs lower,” according to Jason Pyeron, senior consultant at PD.
The integrated device uses CAC cards with single sign-on (SSO) for
authentication, along with a modular overall structure for quick expandability, Pyeron
said, during an interview with LinuxPlanet at the show.
The contractor is currently testing the integrated appliance internally. But
Pyeron anticipates a pilot test by the Navy in 2007.
Symark on the other hand, offers its PowerBroker and PowerPassword software
on both Red Hat and Debian Linux, along with other varieties of Unix, said
Carla Davies, sales engineer, in a meeting with LinuxPlanet on the show floor.
PowerBroker is designed to let organizations delegate Linux or Unix
administrative privileges to trusted users without divulging the root password.
PowerPassword is a program for managing passwords across multiple
authentication systems complying with the PAM specification.
For its part, Cyberoam has chosen embedded Red Hat Linux as the platform for
Unified Threat Management, a gateway-enabled security appliance just now
becoming available in the US.
The appliance combines a firewall with identity management, anti-virus,
anti-spam, content filtering, intrusion detection and prevention, bandwidth
management, VPN, and systems management capabilities, said Hermal Patel, CEO, in
another interview.
Patel sees SonicWave and FortiNet as the company’s primary competitors. “Unlike [the others], though, we are identity-based,” he told LinuxPlanet.
India-based Cyberoam has been selling the appliance through Ernst & Young
and Avaya on the Indian subcontinent.
Now, however, Cyberoam has opened a sales office in New Jersey, and it’s
looking to sign up distributors in North America. CCNY is the first to be inked.
Why did Cyberoam decide on Linux as its embedded environment? “Flexibility,”
Patel responded. In addition to creating an interface aimed at “ease of use,” Cyberoam has added device drivers to the embedded platform.
An anti-spyware appliance from mi5networks, also shown at InfoSecurity, is
based on embedded Linux, too. But “hardened” security is the main reason why.
Doug Camplejohn, CEO and founder of mi5, said that his company opted to use
Fedora Linux because of the need for a hardened kernel.
The appliance uses three different scanning technologies to check incoming
traffic for spyware on-the-fly. “We can block spyware before it ‘phones home,'” Camplejohn contended.
Meanwhile, other vendors are giving thought to enabling their Windows-based products for use on Linux servers and/or desktops.
Although the news hasn’t yet been announced, Secured eMail has now
definitely decided to produce a Java client for its Simple Encryption Platform, a
system that encrypts mail authored on Microsoft Exchange and Windows editions of
Lotus Notes, according to Daniel Nilsson, business development manager.
Via the Java client, users will be able to view the encrypted mail on Linux
and other non-Windows-based mail systems, Nilsson told LinuxPlanet.
Also for access from non-Windows systems, DolphinSecureWare, Inc. provides a
Web browser interface to Purifile, a new software product for removing “sensitive information” that users might have hidden–either accidentally or deliberately–inside Microsoft Office files.
Dolphin, another federal government contractor, first developed Purifile for
the Dept. of Defense, said John E. Ivory, program manager, and John P.
Cappelli, commercial sales manager.
The company is now in the process of introducing the Microsoft Office file
inspection application to the commercial space.
At the same time, Global Technologies Group, Inc. (GTGI) is planning an
Apple Macintosh client for SecureDisc, its Windows XP-based system for encrypting
CD- and DVD-ROMs.
“After the Mac client, our next client will probably be for [desktop]
Linux,” said GTGI’s George W. Allen.
One common use of SecureDisc is to encrypt payroll files. Once the files are
encrypted on the disks, the files are sent by overnight mail to payroll
processing firms, according to Allen.
But other vendors aren’t so sure yet about adding either Linux enablement or
access to their currently ‘Windows only’ line-ups.
“It’s all about demand,” said Bobby New, federal sales engineer at
SenForce, the makers of a system known as Endpoint Security Suite.
“In other words, in order to [start offering products for Linux], we’d need
to have a request from a customer,” according to New.
But at Promisec, makers of Spectator Professional software for endpoint
security management, the thinking around staying on ‘Windows only’ is somewhat
different.
“We’re concentrating on ‘end points’ right now, and about 98 percent of the
end points out there run on Windows,” said Hillik Koffer, co-founder and VP
of business development
“If we do anything with Linux, it’ll be on Linux servers. And we don’t want
to do that right now, because it would only confuse the issue. What we’re
talking with [customers] about now is end point security.”
But crossplatform support works the other way around, too. For instance,
long-time Linux and Unix player Symark recently came out with PowerKeeper, a “hardened” appliance for managing administrative passwords for Red Hat and Novel
SuSE servers and workstation desktops, as well as for Windows servers and
desktops, Unix, IBM AS/400, Cisco routers, and multivendor databases and
firewalls.
“There’s quite a need out there for Windows administrators to be able to
manage passwords, too,” Davies told LinuxPlanet.
This article was first published on LinuxPlanet.com.