With the recent spate of viruses, hack attacks, and identity theft, cryptography and security has moved beyond the venue of mathematicians and technologists. But it's no less complicated.
Security aficionados and vendors are gathered this week at the RSA Conference here, where a host of new products and services are being unveiled to better secure enterprise networks, the Internet, and the wireless Web. But while everyone agrees security and privacy are essential in this networked age, concurring on protocols and standards isn't easy.
Hardware to block hackers
Shifting the burden from software firewalls into hardware accessories is the aim of some devices announced here. 3Com Corp. and Secure Computing Corp. announced the 3Com Embedded Firewall, which puts firewall security into the 3Com 10/100 network interface card. Designed for medium to large businesses, the 3Com Embedded Firewall is also appropriate for people who occasionally work at home, says John Harrison, a 3Com product line manager.
When corporate users work at home, you need to ensure the corporate network is protected, Harrison says. An embedded firewall can't be turned off by the user, so the technology department knows the network is secure, he adds. License prices for the firewall depend on quantity of seats and servers, but a starter pack consisting of one server and the hardware and software for ten desktop clients will retail for US$2114 when it ships in the third quarter.
Home users could also find new hardware protection products at RSA. Saafnet demonstrated its AlphaShield, a USB (Universal Serial Bus) add-on designed for broadband users. Rather than block unwanted traffic while you're online, AlphaShield physically disconnects you whenever you're not actively accessing information on the Web, says Vikash Sami, Saafnet chief executive and president.
"When you browse the Web for a couple hours, you're really only on the Internet for a few minutes," Sami says. "Our device lets you get the information you need, then it automatically disconnects you. It reconnects you as soon as you get more information."
AlphaShield is scheduled to ship by midyear, priced at $149 and distributed through ISPs. Saafnet is so confident in its technology that the company offers a $1,000,000 challenge to anyone who can hack it.
Safety in software
RSA also featured a slew of antivirus and encryption software tools. Computer Associates launched InoculateIT 6.0 for Windows, the latest release in its enterprise antivirus product line. Inoculate 6.0 features continual virus-checking and more secure updates. CA also plans to integrate the software with third party technologies, such as EMC's Celerra File Server for network-attached storage.
ZixIt demonstrated ZixMail, an encryption tool that consumers and businesses can use to create encrypted e-mail. ZixMail is a viewer and composer tool that works with most e-mail programs, including Outlook and Lotus Notes, and even Web e-mail, such as Yahoo, says Don Druckenbrodt, senior vice president of development and operations at ZixIt.
Any two people with ZixMail software can set up point-to-point encryption, Druckenbrodt says. And if your recipient doesn't have ZixMail, they get a message pointing them to the ZixMail service (formerly Securedelivery.com), where they can read the encrypted message on an SSL site. Available for download, ZixMail is free for 30 days, after which it costs $24 a year per seat. ZixMail even offers a guaranteed receipt feature, which prohibits recipients from reading a message until you've been sent a receipt that they've received it.
Microsoft describes efforts
Microsoft announced plans to build new security features into Windows, particularly Windows XP and the next version of the Windows Server, as part of its "declaration of war on hostile code," according to David Thompson, vice president for the Windows Product Server Group. Both implementations of Windows will include a new Software Restriction Policy, designed to track and block viruses and give administrators control of where and how programs can run, Thompson says.
Thompson also described Microsoft's Secure Windows Initiative, which will include training and tools for Microsoft engineers. The company is also scheduling a SafeNet security and privacy summit at its Silicon Valley campus this fall.
Sifting through authentication
Public Key Infrastructure is a system of digital certificates and certificate authorities that verify and authenticate the validity of each party involved in an Internet transaction. At RSA, PKI is arguably the talk of the show. But its implementation and role remains somewhat cloudy.
RSA Security has launched the RSA Keon Web Passport, a program to manage roaming digital certificates used in PKI security implementations. The passport is designed to simplify PKI by letting users download digital credentials over the Internet to a virtual smart card on any computer. When your digital certificates are on your local PC, you can then conduct secure digital transactions over an ordinary Web browser. As mobile commerce comes to the fore, PKI could hit wireless devices and handhelds too, according to RSA representatives.
Security for phones
RSA and Ericsson are demonstrating a system using digital certificates stored in a mobile phone. The technology is designed to let you to authenticate, encrypt, and digitally sign online transactions. RSA is showing this prototype technology for phones using Wireless Application Protocol.
Also, VeriSign and RSA have teamed to bring high-performance encryption to handheld devices. RSA is developing its RSA BSafe encryption software development kits with strong encryption and reduced code size. RSA announced it has licensed BSafe to Microsoft and Symbian, and plans to optimize its software for Palm's operating system as well. VeriSign is partnering with Openwave Systems (formerly Phone.com) to integrate VeriSign's digital certificates into Openwave's wireless products. Openwave's Internet Protocol infrastructure is used in phones from more than 44 manufacturers, the company says.
(Douglas F. Gray of IDG News Service contributed to this report)