MINNEAPOLIS (04/12/2000) - With all the talk these days of packing user information, security data, policy requirements and configuration files into network directories, the next logical question is what kind of security exists to protect the integrity of all that information?
Syntegra, formerly Control Data Systems Inc., is hoping it has at least part of the answer. The company is now shipping Directory Sentinel, middleware that maintains security between the directory and directory-enabled applications.
Sentinel digitally signs data before storing it in the directory, and verifies the data's integrity before distributing it to applications. It can also encrypt and decrypt directory data with encryption keys stored on the Sentinel module, which works with any directory that supports the Lightweight Directory Access Protocol.
"This type of directory security will appeal to customers with applications such as [public-key infrastructure] authorization, knowledge management, workflow and service personalization," says Daniel Blum, an analyst with The Burton Group in Midvale, Utah. "As you begin to use the directory for applications that are considered high value, you are concerned with two things:
The quality of the data and the process in which data is maintained and acquired."
Blum says users won't want to encrypt or digitally sign every piece of information in the directory, but may want to protect the integrity of data such as who has the power to authorize purchases above a certain dollar amount.
Sentinel protects data down to the attribute level, such as the configuration of a particular firewall object listed in the directory. A directory object, such as a user, is typically made up of a number of attributes, such as title, address and phone number.
Also, applications can bypass the Sentinel middleware if they are requesting unprotected data from the directory in order to avoid any performance hits.
Applications will have to be configured to make certain requests for directory information through Sentinel. A Web-based application that allows users to request a change to their passwords, for example, would have to be routed through Sentinel.
Syntegra is using Secure Sockets Layer to encrypt and sign directory attributes, but the company is planning to support security products from Entrust and Baltimore Technologies later this year, according to Syntegra.
"People are paying for security on the wire, but our concern is the data sitting in the directory," says Jim Payne, directory product manager for Syntegra.
Directory Sentinel is available now and runs on Solaris, HP-UX and AIX. A Windows NT version is scheduled to be released in the third quarter. Pricing runs between $2,000 and $5,000 per server running Sentinel.