Hoping to simplify policy control over far-flung security and network products, IBM's networking computer software division intends to make its suite of FirstSecure products centrally manageable.
FirstSecure's offering contains antivirus software, firewalls and encryption tools, among other products. The offerings are from IBM and other companies. IBM says that over the next six months, it will offer a framework to make FirstSecure, along with products from other vendors, simpler to manage. As a result, IS staff will be better able to enforce security and quality-of-service (QoS) policy rules throughout the enterprise.
Security and other network companies use a variety of ways to store data about users and applications, says Bob Madey, an IBM executive. A firewall may store directory data in one type of file, while a Windows NT server might have a different type of directory, and so on. As a result, it is difficult to get disparate directories to talk to each other, and thus ensure that users get appropriate resources and QoS guarantees.
IBM intends to overcome these difficulties by allowing two existing software products to share data: IBM's Lightweight Directory Access Protocol (LDAP)-based SecureWay Directory and the SecureWay Policy Director. SecureWay Directory, now in Version 3.1.1, is based on IBM's DB2 database and permits applications to authenticate end users to give them access to appropriate resources. The SecureWay Policy Director integrates the individual products in the FirstSecure lineup and ensures that network rules are enforced.
Additionally, IBM will implement a new method of formatting its directory data that will enable authentication and user privilege information to be shared across the entire network, regardless of the underlying security software platform. IS staff can thus avoid having to manually replicate the data for each individual security or network application, IBM claims.
These proposed directory schema are in the process of being approved by the Internet Engineering Task Force (IETF), IBM says. The first format IBM plans to add to the SecureWay Directory is code named "e-person." This format will let IS staff enter data about individual users -- including access rights and the priorities they receive when competing for the same applications.
Later, as the IETF standards are ratified, IBM will add the e-server and e-resource schema. E-server will be used to format information about the location and available resources on LAN servers. The e-resource schema will handle data about network applications, such as their locations and availability.