[Previous] [Next] [Index]
[Thread]
re: Hacking the LAN
> We are interested in analyzing a client's Internet connection to their
> (large, 2000-user) internal LAN. There are concerns that their other
> systems (behind the SCO UNIX, NCSA HTTP Web server) are open to
> attack/infiltration.
IBM just announced some stuff that might help. Of course,
it might help your client more than you... *8)
Sorry if the length bothers anyone. Note also that I don't
know lots of specific stuff about what's in the announcement,
as I'm not directly associated with these products...
DC
*------------------------------------------------------------------------
IBM Announces Security Software and Services to Protect the Enterprise
September 28, 1995
As part of its long-standing commitment to data security, IBM has
announced enhancements, availability and pricing for a broad range of
I/T security products and services designed to protect the enterprise
from intrusion.
The announcement includes:
-- The launch of the Emergency Response Service , which provides expert
incident management skills to clients during and after electronic
security emergencies;
-- A Customized Infiltration Tool Kit , to detect the most
subtle weaknesses in a customer's Internet connection;
-- Significant enhancements and price reductions on IBM's
firewall product;
-- The announcement for secure Web servers and browsers ;
enhancements to IBM AntiVirus software to support Windows 95 **;
-- The availability of a new release of RACF *, IBM's award-
winning Resource Access Control Facility, which now provides
password synchronization across your RACF managed systems;
-- The announcement of Internet secure OS/400 *, the operating system
for the world's most popular business computing system.
Emergency Response Team Operational Worldwide
In response to concerns about network infiltrations, IBM
announced that its Emergency Response Service for commercial
businesses is now operational for customers throughout the world.
Chartered to provide swift, expert incident management skills to
clients during and after electronic security emergencies, the
emergency response team specializes in electronic disasters that
affect data processing capabilities, and is available to
customers on a subscription basis via IBM's Integrated Systems
Solutions Corporation (ISSC)*.
This global service periodically checks customers' networks
and can act as an extension of clients' I/T staffs. In the event
of a network break-in, the team helps customers detect, isolate,
contain and recover from unauthorized network infiltration. They
are on call 24 hours a day, seven days a week around the world.
IBM team members, who have extensive incident management
experience, develop an understanding of customers' networks and
system architectures, as well as how their firewalls are
configured and maintained.
Customized Weakness Detection Kit
IBM's Customized Infiltration Tool Kit, a sophisticated set
of tools to detect security weaknesses in clients' Internet
connections, is available today. With these tools, IBM can probe
the subtlest weaknesses that the most sophisticated hackers might
try to exploit.
These tools exercise network connections that go beyond the
capabilities of most existing tools on the market and are
customized to match clients' specific network configurations.
The Customized Infiltration Tool Kit is part of IBM's I/T Security
Consulting offering, and was developed in conjunction with IBM
Research's Global Security Analysis Labs in New York and Zurich.
Advanced Firewall Security ***
As part of these security announcements, IBM announces a
new release and a price reduction for its firewall, the Internet
Connection Secured Network Gateway*, to promote its wider
availability and advance the state of security on the Internet.
Formerly known as the NetSP Secured Network Gateway, the Internet
Connection Secure Network Gateway will be available to the public
on October 27.
The firewall now supports AIX 4.1.3, and operates with the
popular RISC System/6000* workstation. It contains an encrypted
IP tunnel that encodes data from one firewall to another using
DES, the Data Encryption Standard invented by IBM more than 20
years ago, and Commercial Data Masking Facility (CDMF), an
exportable encryption technology used outside of North America.
The IP tunnel and key distribution is one of the first that is
based on the latest IETF specifications, providing the most
advanced technology for firewalls currently available.
The Internet Connection Secured Network Gateway also includes remote
administration and an alarm capability that allows a user to set
alerts that are triggered when certain errors or other security
violations occur.
Secure Web Servers and Browsers ***
IBM is also announcing the IBM Internet Connection Secure
Web Servers for the OS/2* and AIX* platforms and IBM's Internet
Connection Secure WebExplorer for OS/2 Warp. Using the industry
standard protocols Secure HyperText Transfer Protocol (S-HTTP)
and Secure Sockets Layer (SSL)**, these secure Web servers and
browser will be commercially available on December 8. IBM
Internet Connection Secure Servers provide several security
methods for conducting commerce over the Internet, including
public key data encryption technology.
Anti-Virus Software and Services
IBM also announced that its IBM AntiVirus software will be
available for the Windows 95 platform in November. IBM AntiVirus
software provides comprehensive virus detection, removal and
protection for over 6,000 known computer viruses, and is widely
available on the OS/2*, DOS**, Windows**, and NetWare**
platforms for $49.
IBM AntiVirus scans memory, hard disks, floppy drives and
network servers for thousands of viruses, including polymorphic
viruses that change to avoid detection, and viruses previously
considered impossible to discover. To uncover unknown viruses,
the software contains heuristics that attempt to find viruses by
watching for behavior that is characteristic of viruses. IBM's
anti-virus software products are available on the Internet via
IBM's AntiVirus home page at http://www.brs.ibm.com/ibmav.htm.
RACF 2.2 Debuts
IBM's acclaimed Resource Access Control Facility (RACF) for
MVS will debut Version 2.2 this week on September 29. RACF is a
versatile, effective security tool that protects MVS system
resources from inadvertent damage and deliberate misuse of data.
New features for RACF 2.2 include password synchronization and
the ability to administer multiple remote RACF databases with a
single command, without logging onto the remote systems. RACF
2.2 also features a "remove ID" utility that eliminates security
problems created by old, unneeded user ID's, and has expanded its
support for OpenEdition MVS by providing security checking and
auditing for the XPG4 environment. RACF 2.2 also provides
enhancements to its PassTicket support, an alternative to RACF
passwords. With RACF 2.2 you can now use unique PassTicket keys
for different RACF users and groups who need access to the same
secured application.
These new features build upon support provided in RACF 2.1,
such as RACF's sysplex data sharing support which uses the
System/390 parallel sysplex services to cache RACF data. RACF
also uses these services to transmit selected administrative
commands to peer RACF systems. The administrator can send these
commands from one system to take effect on all systems enabled
for sysplex communication.
IBM has previously announced its intention to enhance RACF
for VM by providing support for the OpenEdition POSIX and Shared
File System features of VM/ESA.
Internet Secure OS/400
IBM's AS/400 operating system, OS/400, offers a fully integrated
set of security features that have been evaluated to meet the U.S.
Government C2 security criteria. OS/400 Version 2 Release 3 is
scheduled to receive the C2 rating at the National Security Conference
in October. Subsequent releases of OS/400 have been designed to meet
C2 and IBM intends to continue to participate in the government
evaluation process. Included in the C2 evaluation was the AS/400
relational database DB2/400, which is integrated into the operating
system, and utilizes the same security mechanisms as OS/400. This
ensures the integrity of information stored in OS/400, as well as the
security of user access to AS/400 computing resources, providing
customers with unmatched security for midrange system computing.
IBM's AS/400 provides full individual accountability via a
centralized identification and authentication built into the
system. Users are uniquely identified by a one-way DES encrypted
password.
Since all sharable data is contained in encapsulated
objects, discretionary access control is maintained by each
object manager using a system-wide access algorithm. Access to
objects may be controlled through public, private, or adopted
authorities and may be managed through user groups and common
object authorization lists.
Additionally, AS/400 provides a highly configurable set of
auditing capabilities selectable to individual users, objects, or
events.
Hardware and software encryption/decryption capabilities
supporting data confidentiality, non-repudiation, authentication,
and data integrity are also available on AS/400.
These announcements complement a wide range of I/T
security offerings already available from IBM -- from encryption
hardware and software, access control products, firewalls and
security management and administration, to DCE security services,
IBM Global Network security services and implementation services.
Additional information on these offerings can be found through
the IBM I/T Security home page, at http://www.ibm.com/Security.
IBM's security products support the security component of
the Open Blueprint. A white paper with information about
security in the Open Blueprint is available for reference on the
Internet at: http://www.torolab.ibm.com/openblue/openblue.htm.
For more information about other IBM products and services,
see the IBM home page on the World Wide Web, located at
http://www.ibm.com.
* Indicates trademark or registered trademark of International
Business Machines.
** Indicates trademark or registered trademark of the
respective companies.
*** Editor's Note: For more information on IBM's advanced
firewall security and Internet Connection Secure Web Servers and
Browsers, please refer to the accompanying press release.