Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Story: Wave Systems In License Pact With Acer Inc
DOW JONES NEWSWIRES
Wave Systems Corp. (WAVX) said Wednesday that it entered into a license
agreement with Acer Inc. for the distribution of a custom version of its
Embassy Trust Suite security software technology.
The company said in a document filed with the U.S. Securities and Exchange
Commission that the technology will be used on certain models of the Acer's
business personal computers.
Wave said it will receive a per-unit royalty based on Acer's shipment
volumes to third parties of products equipped with the technology.
Acer expects to begin distributing the software technology on certain of its
new business PCs in October.
However, the license agreement doesn't provide for guaranteed minimum
shipped quantities or royalties.
Shares of the software developer traded flat recently at 43 cents.
-Chad Clinton, Dow Jones Newswires; 202-862-1349; chad.clinton@dowjones.com
NAC Declared Mature
Interop panel gives a broad overview of the status of NAC technology
http://www.networkworld.com/newsletters/vpn/2008/092208nac1.html?hpg1=bn
A panel of NAC experts at Interop gave a broad overview of the status of the technology, which it declared mature, meaning that most vendors have a way to deal with devices that can't support a NAC client or per-session agent and support 802.1x enforcement.
The panel also said the next generation of NAC will pull in other security systems such as IDS (Compare IDS products), VPN, antivirus (Compare antivirus products) and firewalls (Compare Enterprise Firewall products) to share data they collect and use that to make policy-enforcement decisions. In addition, a unified management of NAC and these other systems will be developed over time to enable a single administrator to draw on all the platforms at once to isolate incidents.
Since its inception, the expectations about what NAC can do has expanded from checking the security posture of a device to providing broad visibility into what each device is doing on the network and whether that complies with policies.
This capability is being developed to assign least privileges to end users, that is granting them access to just those resources they need to do their jobs and nothing else, members of the panel said.
Related Content
Coming down the pike are industry-specific applications of NAC that, they say, tie in with existing infrastructure in manufacturing or financial industries to meet their unique access control needs.
The panel seemed to agree that NAC standards from the IETF will be readily incorporated into today’s NAC products that comply with the standards put out by Trusted Computing Group (TCG). The IETF is working on a set of standards that will be more broadly accepted - which pretty much means that Cisco will comply with them - and should be ready sometime next year.
The IETF standards amount to TCG standards that have undergone tweaking, so bringing TCG compliant standards into compliance with IETF standards should be relatively painless, the panel said.
Tim Greene is senior editor at Network World.
Online Identity Theft: Changing the Game
Protecting Personal Information on the Internet
New whitepaper from Microsoft:
http://download.microsoft.com/download/0/d/3/0d34ccfa-5498-4fab-bb32-16c881bafba7/Online%20ID%20Theft-%20Changing%20the%20Game.pdf
VH... re: safekeeping.....
Note: even if you do move your shares, the brokers regularly take them back, so check regularly
The client would need to either sign the back of their certificate held in the vault or sign something known as a "stock power" which is attached to the certificate and takes the place of signing the cert. It's either of these methods that would make the certificate "negotiable" and allow it to be taken onto the firm's books and out of the client's name.
FM
Intel updates vPro
http://news.zdnet.co.uk/hardware/0,1000000091,39492236,00.htm
Elsewhere, CPU support for Intel VT (Virtualization Technology) and Intel TXT (Trusted Execution Technology) allows a secure container — called a 'Dynamic Virtual Client' (DVC) — to be created, into which applications and OS images can be streamed.
Further down the line, Intel said it will add optional Anti-Theft Technology (Intel AT) for notebooks. If the laptop is stolen, Intel AT will automatically prevent unauthorised access to encrypted data or disable the system via programmable triggers, in a restorable fashion.
alea, it's called planting the flag........
If you look at Gartner's magic quadrant for enterprise laptops and desktops, you'll see Wave now has a relationship of some kind with every significant player.
88...........
first, have them moved into "safekeeping".. it's a brokerage term and he'll know what you're talking about.
second, upload a picture of your car !!!
TECHNOLOGY COMMUNITY FORMS INFORMATION CARD FOUNDATION
TO SIMPLIFY SECURE ON-LINE DIGITAL IDENTITY
June 24, 2008 –
http://informationcard.net/files/ICFPressRelease6-24-08.pdf
Interop: Is NAC Interoperability a Myth?
While some vendors claim that NAC is still mature, not everyone is so sure.
http://www.internetnews.com/infra/print.php/3772531
By Sean Michael Kerner
September 18, 2008
NEW YORK -- Network access control, commonly referred to by its acronym NAC, has been one of the big buzzwords of the networking space for the last few years. At Interop, a panel of vendors argued that NAC has now reached a point of maturation, though audience members disagreed with the assertion claiming that interoperability doesn't yet exist.
NAC offers the promise of secure networks, while preadmission control ensures that only validated end points can get network access. As NAC matures, post-connect use case scenarios for NAC also emerge, making the technology approach a broader security methodology for networks.
"We've reached a point of maturity in the NAC marketplace with many products in second or third release and are solid," Steve Hanna, Trusted Network Connect (TNC) co-chair at the Trusted Computing Group (TCG), told the audience. "Customers have been using it for a few years and they have figured out some of the issues and vendors have found ways to address the issues."
The TNC is a standard produced by the TCG for NAC, participating members in TNC include Microsoft and Juniper Networks where Hanna holds the title of distinguished engineer.
Cisco on the other hand is the vendor that first coined the term NAC, and it, too, is seeing maturity in the market.
"Three years ago everyone just called everything that smelled like a security solution, NAC, but that's not the case anymore." Brendan O'Connell, senior manager of product management at Cisco Systems, said.
So with vendors claiming that NAC is now mature, what should enterprise do? Hanna argued that enterprises should future proof themselves by using a standards-based approach.
"One way to get that is by making sure whatever you deploy today is based on open standards TNC standards are the most widely adopted," he said.
The problem, though, is that there is no globally accepted standard for NAC today, as Cisco is not TNC-compliant and not a member of the TCG. Cisco is, however, active in the IETF standards body, which is also working on a NAC standard and based in part on what TNC offers.
Hanna referred to the fact that Cisco is not TNC compliant as a "small exception," which is a comment that solicited several sneers from his fellow panelists and the audience alike.
One audience member said that since there is no real global standard, customers can't deploy it.
"I agree there are gaps there," Hanna responded.
Hanna added that the IETF does not move quickly, though the current schedule has the IETF NAC standard set for completion in 2009.
"The standards that are being approved are the TNC specs, so it's not a rip and replace issue," Hanna argued. "IETF is not a rubber stamp organization. So there will be a point release of TNC to align with the IETF changes. But it will be one stream moving forward. Come that day you won't have to worry about interoperability with Cisco."
Cisco's O'Connell responded that the Cisco is part of the IETF NAC effort, and it is a standard that Cisco will adopt.
"Do all vendors want their product to interoperate, of course," O'Connell said. "Things don’t always happen quickly, but they do happen and it is in our best interest because it's the only way we can address the whole market. Three years ago, we wouldn't even have agreement on what NAC was so at least we know we have agreement on that."
Surprisingly, though, the actual protocol specifications around NAC are not really the big concern for Cisco.
"I don't care what the protocol is that handles this stuff," O'Connell said. "What I care about is what the product does, since frankly at the end of the day the functional difference about protocol definitions become meaningless when it is time to implement."
Hanna quickly pounced on O'Connell's comment asking, "So if you don't care about the bits -- why don't you just implement TNC? Apparently he does care because they're not implementing the open standards."
Moving beyond the standards debate on NAC, the vendors are now taking a broader view of what NAC should also encompass. Hanna noted that the TCG is now working on the IF-MAP standard for postconnect to correlated security events after a user connects to the network. IF-MAP was first announced at Interop Las Vegas earlier this year.
trustco............
not gonna happen. The new rules don't require the naked short positions to be bought back. But, that's exactly what the SEC should mandate... talk about a short covering rally!!!
tkc... can you help me out??
Which are the future products that should be ditched in you cost-cutting recommendation because they won't be needed for some time? Are you privy to their strategic planning or are you just assuming the IT industry doesn't need Wave's products to, oh, let's see, manage TPMs, Seagate's Momentus drives, Dell's new Controlvault, or Intel's vPro? What are these mysterious "future products"?
Which personnel aren't generating revenue? Please explain that. Surely you're aware that in any organization there exist folks who generate revenue and folks that support that effort. So, who's the dead wood? Would you fire the software writers? They're not producing ANY revenue but just might be working on the next killer application.
Have you ever BEEN to a Wave office? I have....many times. They're bare bones; part of me is embarrassed, the other happy that they're not opulent.
Excessive travel expenses? Are you kidding? Believe me, the trips taken by Steven Sprague and Lark Allen are not to the wine country in California. I know.. because I've seen the schedule and have often thought about the fact that he has a wife and young children.
So, hold to your belief about why the share price is so low. It has nothing to do with what you've suggested and everything to do with the fact that the market believes their core business is selling stock every couple of months.
By the way, the "planting the flags" comment is going to bite you in the azz.
FM
Ramsey.. WOW !
So much for the fine print! I totally missed that and was relying on some early info from the underwriter that indicated it was at the holder's choice.
Thanks for clearing that up.
FM
HJ,
If everyone wanted their 8% in cash, Wave's cost of funds is about $5000 per month. If half wanted their dividend in stock, it's $2500 per month. Given the size of their burn, it's not that much.
If we start to see upward momentum in the common's price, fewer will take cash and more will take forty-four cent stock as payment. With the news I anticpate, I think this is the most likely scenario.
FM
yep, your analysis....
it looks like you've changed your previous assumption.
http://investorshub.advfn.com/boards/read_msg.aspx?message_id=31832768
It's all in the conversion feature. A conversion at a continual discount to the market is a disaster as participants will continue to sell, exercise, cover.....sell, exercise, cover...until every pfd has been converted.
You are correct about the "pecking order" of these pfds, too. They're secondary to debt holders and creditors. Since we have no debt, these shs have a claim on any exisitng assets after Wave's accounts payable are paid. WavExpress and Signonline should be worth millions so it shouldn't be hard to cover $757,000.
thanks
4X, correct, tnx e/
4X, could you please elaborate?
'the automatic conversion feature largely offsets my concerns"
A couple weeks ago you were concerned about a preferred offering and death spiral for the common. I explained that a pfd convertible at a fixed price would not pressure the stock. I fail to see how an automatic conversion feature allays any fears.
thanks
IBM offers hardware-based encryption for x servers
IBM is introducing a hardware-based encryption tool for small and midmarket companies to lock down data on its line of System x servers.
Called the IBM System x VAULT, the tool walks a person through encrypting data on a hard drive and setting a security key. It offers four levels of security and according to Big Blue, the tool is easy to install and costs about $1,200.
The new tool works by setting a secure key, enabling the encryption. A password is then set to allow access to the data. It has two modes of operation. Unauthenticated mode allows access to the data when the server boots up. If the drive is physically removed it is fully encrypted, IBM said. Authenticated mode requires a password to access the data.
Although the tool is an entry-level product and lacks the features seen in enterprise products, it should appeal to smaller companies with server-centric environments and limited IT resources, said Natalya Yezhkova, a research manager with the storage systems program at IDC.
"For companies concerned about a broad datacenter security, it doesn't provide a replacement for enterprise-level security implementation, but it's a nice addition allowing to secure data on individual servers or disk drives to add protection in the case of a product disposal, necessity to repair, or loss," Yezhkova said.
While encryption has been getting cheaper to deploy, so far the options for companies have been mostly software-based, said Charles King, principal analyst at Pund-IT Inc. Hardware-based encryption helps companies protect data in storage and ensures a discarded hard drive is protected from hackers.
"What I think customers will find interesting is that the Vault tool offers a solution to some particular issues around the server end-of-life," King said. "Every company has to deal with the issues of how to make sure that the information encoded on a disk does not become a source of embarrassment or legal weakness of litigation to them after it's disposed of."
Last year, Seagate Technology LLC extended full-disk encryption to all its enterprise-class hard drives. The hard disk maker is also working with IBM and storage vendor LSI Corp. to develop standards for hard drive encryption in storage systems. Two standards bodies, The Trusted Computing Group (TCG), and the IEEE 1619.3 are establishing a security protocol for communicating with self-encrypting hard drives and creating a key management standard to ensure interoperability between the vendor products.
IBM has been making a push into the midmarket with its x server line. Hewlett Packard Co. and Dell Inc. have a larger share of the server market, but aren't offering hardware-based encryption King said.
The VAULT tool will be made available later this year and works for IBM System x models x3650, x3400 and x3500.
NEC Versa S970
http://www.dglisen.com/2008/09/nec-versa-s970.html
This is the first notebook to use Seagate’s 120GB FDE (full drive encryption) hard disk. With encryption enabled, you must type in a password when you switch the laptop on. The security mechanism resides on the hard disk, so if someone removes the disk and sticks it in another notebook, they’ll still need to know the password before data can be accessed – and that includes booting into Windows. It’s a secure design and performance wasn’t affected. NEC also fits a TPM 1.2 chip, which gathers your various passwords in a secure hardware chip. Core system performance was very good, thanks to a 2.2GHz Core 2 Duo T7500 and 2GB DDR2 667MHzRam, but its integrated graphics mean gaming is out. The chassis is a little bland but has a reasonable selection of ports, including three USB ports, a Firewire port and a multiformat card reader. Some notebooks use a two-pronged aerial for Wifi connectivity, but Nec has a three-pronged version attached to its Draft-N Wifi card, resulting in great Wifi reception. Less appealing is the 14.1in screen, which is dimmer than many other modern notebooks. It also lacks a webcam, has stiff trackpad keys and the spacebar sits next to a high plastic rim so your thumbs continually whack it when typing at a fast pace. A large 5,200mAh battery powered it for three hours 28 minutes in the Mobilemark Reader test, which improved by 12 per cent with the ECO mode enabled (dims the screen and lowers CPU frequency). If you need top-notch security this is the best in the business, but if you’re after a solid workhorse the S970 is rather mundane.
from Wave last December: The NEC laptops, Versa M370, P570 and S970, combine an advanced, hardware-based security chip - the TPM (Trusted Platform Module), an encrypting disk drive and client management software. These features enable organisations to deploy and manage secure laptops easily and meet data privacy regulations.
“With so many high-profile data breaches making headlines, securing sensitive information at the source—the laptop itself—is fast becoming a top priority for most organisations,” said Olivier Chevance, Client Products Marketing Manager, NEC Computers. “That's why NEC Computers is providing its customers with the most advanced security and management available today within its Versa line of laptops.”
The new data security offering combines the Seagate® Technology (NYSE: STX) Momentus® FDE.2 (Full Disc Encryption) hard drive with DriveTrustTM technology and Wave's (NASDAQ: WAVX) EMBASSY® software into an easy-to-use and scalable solution that enables organisations to provide comprehensive data protection and automated compliance auditing for lost, stolen or recycled laptops. DriveTrust™ is a security platform that combines strong, fully automated hardware-based security with a programming foundation to make it easy to add software security applications and multi-factor authentication including biometrics and smart cards. Momentus 5400 FDE.2 is a 2.5-inch, 5400-rpm hard drive with native government-grade AES encryption.
NAC Happenings At Interop
Posted by Mike Fratto, Sep 10, 2008 10:22 AM
Earlier this summer I was tapped for NAC Day 2008. It's a day-long event on the topic of Network Access/Admission Control at Interop NY held at the Javits Center. I'll agree to almost anything if I can get a trip to Manhattan out of the deal. I hope to cover nearly every aspect of NAC in 5 hours and 45 minutes.
Joel Snyder, in addition to being a consultant and writing for Network World, is a long-time contributor to Interop but had a conflicting engagement. The content is loosely based on Joel's previous NAC Day presentations (OK, I copied a few slides but gave him credit).
The soup to nuts presentation starts out with the varying definitions of NAC. Then I dive into explaining NAC architectures as defined by Cisco (NSDQ: CSCO), Microsoft (NSDQ: MSFT), and the Trusted Computing Group. After what I hope is a rousing Q&A with some senior staff from Cisco, Symantec, and Sophos. I also will be peppering in results from my recent NAC Analyst Report [registration required] as well.
In the afternoon, I talk about the types of deployment options, in-line and secure switch NAC, out-of-band NAC, and host-based NAC and describe the principle benefits and weakness in each approach. And then I have a few war stories from companies that have deployed NAC.
Then on Thursday from 10:15 to 11:15, I am moderating a panel titled "NAC, NAC - What's There?" (Don't laugh at me, I didn't write the title) with Steve Hanna, Trusted Network Connect (TNC) co-chair, Trusted Computing Group; Stephen Karkula, security product marketing manager, Nokia (NYSE: NOK); Amith Krishnan, senior product manager, Windows Server Group, Microsoft; and Brendan O'Connell, senior manager, product management, Cisco Systems.
The panel description is "Network access control has been offered as the Swiss army knife of IT security solutions. It has promised to provide authentication, policy enforcement, identity and access management, ongoing security for the life of a connection, seamless usage in any network that is NAC-enabled, and many other capabilities."
"If NAC is the answer, then what is the right question to ask? This session will provide a realistic perspective on what NAC can and cannot provide in regard to information security. Concepts that will be discussed will include an update on vendor interoperability and standards, case studies of successful and not so successful implementations, an overview of what NAC truly can and cannot provide, discussion of requirements (both network and application), and what the future holds for NAC."
Hope to see you there. And please, no playing "stump the presenter."
Are you kidding me???
Did you actually think bluefang tells the truth?? And, what's he saying now that he has been proven wrong.
Amazing....
Seagate Secure Technology whitepaper
http://www.seagate.com/docs/pdf/whitepaper/tp565_drive_trust.pdf
AuthenTec downgraded
I wonder if there are implications for Wave?
Shares of AuthenTec Inc. fell in premarket
trades Monday after Raymond James downgraded the stock two notches to market
perform from strong buy, citing the loss of a key PC customer.
The stock was down 35% at $6.39 on volume of 29,025 shares.
Analyst J. Steven Smigie said he is lowering his rating on the stock after
Authentec cut its third-quarter and 2008 revenue guidance and announced the loss
of a 2009 design-in opportunity at a key PC customer, which he believes to be
Hewlett-Packard.
"AuthenTec was notified by a key PC customer (we think Hewlett-Packard) that
it does not plan to use AuthenTec sensors in its next design cycle in late 2009.
As a result, AuthenTec believes an impact to sales will occur in the second half
of 2009," Smigie said in a note to clients. Smigie said the key customer is
expected to represent about 30% to 35% of revenue in the third quarter.
AuthenTec trimmed its third-quarter adjusted profit guidance to a range of 3
cents to 4 cents a share from a previous estimate of 4 cents to 5 cents a share.
The company forecasts revenue of $18.2 million to $18.5 million, down from a
previous guidance of $19 million to $20 million.
Analysts polled by Thomson Reuters, on average, expect third-quarter
earnings of 5 cents a share on revenue of $19.8 million.
Captain Kirk,
Interesting technology, but obviously mostly solves a large problem that RFIDs have with security and cloning. As near as I can tell, none of the problems they are solving are issues for TPMs and the applications for TPMs. jmo
FM
internet, of course that was before
many of Citi's problems were understood.. It was the disclosure of their financial condition that caused the drop in the price of the common, not the issuance of the pfd, which apparently was oversubscribed.
Of course, nobody is going to convert at $33.73 when they can buy it at the market for $19. If Citi common can climb back to $50, the pfd would be worth nearly $75,000.
4X, wrong or right?
Assuming Wave issues a convertible preferred, we need to see how it is structured.
The "death spiral" preferreds are convertibles that are issued at a perpetual DISCOUNT to the market. Let's assume a 10% discount.... the holders of these pfds will be motivated to short the underlying stock because they know they can cover it 10% lower than where they shorted. SKS is well-aware of this type of pfd and their effect on the stock price.
What if Wave issues a convertible pfd convertible at the market or at a premium? You won't see the selling pressure associated with the death spiral convertibles. In fact, combine that with some sort of coupon and you incent the pfd holders not to convert.
Mig,
Have you considered that future placements might be structured very differently from ones in the past?
mundo, not surprising
lots of un-protected legacy machines are out there. I wonder if they also agree with a recent report that encryption software is a comoditized and dying business?
FM
NAC expected take a firm hold in business networks
Relevance? Wave's Embassy Endpoint Enforcer: http://www.wavesys.com/products/eee.asp
http://www.networkworld.com/newsletters/vpn/2008/082508nac2.html?hpg1=bn
NAC will take a firm hold in business networks within the next year, says Verizon Business.
The way the company looks at it, when businesses are comfortable with a technology, they are willing to outsource management of it to someone else. They’ve seen it with VPNs and they expect to see it soon with NAC. But right now, customers aren’t sure NAC meets their requirements or perhaps are unsure exactly what its capabilities are.
Whatever the case, they are just not at the point where they are willing to install the technology themselves and turn it over to someone else for management. But that day is getting closer and the working numbers for Verizon are 12 to 18 months.
The provider also sees Microsoft’s NAC products - which are called network access protection (NAP) - as getting ready to make a surge as well. Verizon sees little demand for NAP incorporated into the NAC managed service projects it has underway.
But Verizon expects that to change as more businesses deploy Windows XP Service Pack 3 or Vista, both of which include the NAP client, and the NAP server that is part of Windows Server 2008. While Microsoft NAP is scarce among its customers now, Verizon expects NAP to be a dominant component of its customers’ NAC deployments in a year.
Network Access Control (NAC) products started out as admission control managers that authenticated users and ensured their systems met security policy requirements before granting them access to the network. Today these products, typically dedicated appliances, can also manage users’ access once they’re already on the LAN to certain servers, applications, and data. Ensuring a user is who they say they are is typically performed by captive portals, MAC-based authentication, port-based authentication, or third-party authentication. Set policies dictate the level of access each user is granted, be it go/no-go access, VLAN-based access controls, simple packet filters, or stateful firewalling. Endpoint security assessments is done by running software on the user’s PC or device that reports status information back to a central policy server.
Compare products:
http://www.networkworld.com/buyersguides/guide.php?cat=866251
Trusted Computing Group's Mobile Phone Work Group
Chair and Nokia Security Architect to Address Mobile Enterprise Security at CTIA Wireless I.T. & Entertainment 2008
http://www.marketwatch.com/news/story/trusted-computing-groups-mobile-phone/story.aspx?guid=%7B327C2E0B-CF33-47E4-A6D7-D1C55F429EE0%7D&dist=hppr
Last update: 1:00 p.m. EDT Aug. 27, 2008
Aug 27, 2008 (BUSINESS WIRE) -- Trusted Computing Group
What: Janne Uusilehto, chairman of the Trusted Computing Group (TCG)
Mobile Phone Work Group and head of Nokia product security, will
discuss enterprise mobile security with panelists from Accenture,
Alcatel-Lucent, Bluefire Security Technologies, Research in Motion
and Symantec.
The session, part of the CTIA Wireless I.T. & Entertainment 2008
conference and exhibits, will cover requirements, issues and
standards for wireless device security. As these devices have become
increasingly common, potential threats to the network have emerged
when users connect to the corporate network. In addition, many
additional services could be enabled by good security built into
devices.
When: September 11, 2008 from 2:30 p.m. to 3:45 p.m.
Where: Moscone West Convention Center (San Francisco), Room 2002
Website: http://www.wirelessit.com
Respond: To schedule an interview, please contact
press@trustedcomputinggroup.org.
The Trusted Computing Group (TCG) is a not-for-profit organization
formed to develop, define, and promote open standards for
hardware-enabled trusted computing and security technologies,
including hardware building blocks and software interfaces, across
multiple platforms, peripherals, and devices. TCG has created an
open industry specification for the Mobile Trusted Module to secure
data, transactions and access from wireless systems.
More information and the organization's mobile specifications are
available at the Trusted Computing Group's website,
https:// www.trustedcomputinggroup.org/groups/mobile.
* Brands and trademarks are the property of their respective owners.
SOURCE: Trusted Computing Group
For Trusted Computing Group
Anne Price, 602-840-6495
Mobile: 602-330-6495
press@trustedcomputinggroup.org
From the TCG Blog.. new post...
Storage Visions 2009 — You need to be there!
August 26th, 2008 by Tom Coughlin
By Tom Coughlin, Coughlin Associates
In its eight year history the Storage Visions Conference has become the premier event bringing together people from throughout the digital content creation, distribution and use value chain to meet and discuss the role, use and advances in digital storage that enable the digital content revolution. The Eighth Annual Storage Visions Conference to be held at the Flamingo Hotel in Las Vegas, Nevada January 6 & 7, 2009.
At the 2009 Storage Visions we will have exciting keynotes from consumer electronics companies as well as content creators. This year we will have a special focus on infrastructure supporting content and storage, including data security and encryption. We will also discuss power for mobile devices, new mobile and static consumer applications, and a special activity focused on home media centers/servers. The Trusted Computing Group is a Bronze sponsor of the 2009 Storage Visions Conference.
There will be sessions and activities focusing on technology advances enabling more intense and richer consumer experiences and thus increase the demand for and the complexity of digital storage products. At the same time attendees will find out how to make profitable products that enhance customers’ lives and are easier to use. The full agenda is available on the conference web site. Speaker proposals on these and other topics are now being accepted at the conference web site: www.StorageVisions.com.
Conference registration is now open. You can register directly at the conference web site at http://www.StorageVisions.com/2009Register.htm. Conference hotel reservation information is also on the web site. Trusted Computing Group members can get a special discounted registration rate by using the special code 1215579303 when registering for the conference.
Sponsorship and exhibit opportunities are still available. For information on sponsorship and exhibit opportunities at the 2009 conference fill out the appropriate forms available on the conference web site: http://www.StorageVisions.com/2009SponsorsEx.htm. Interested parties can also call Storage Visions at 408-871-8808 or email us at info@StorageVisions.com.
Posted in Storage, TCG Events | No Comments »
Blog: Encryption, (FDE or equivalent)
http://www.readynas.com/forum/viewtopic.php?f=18&t=17003&p=112647#p112647
Coast Guard Releases C4&IT Strategic Plan
http://www.piersystem.com/go/doc/786/222087/
WASHINGTON-August 25, 2008- The U.S. Coast Guard published today a strategic plan that will enhance and modernize Command, Control, Communications, Computers and Information Technology in support of mission execution.
The C4&IT Strategic Plan charts an ambitious path through the next five years by identifying goals, objectives and initiatives in the areas of information, technology, security, governance, and organizational excellence. By targeting C4&IT efforts in each of these areas, the Coast Guard can work to improve mission support while creating a foundation for future enhancements.
"This strategy was inspired by Coast Guard Commandant, Adm. Thad Allen's vision of a flexible, agile and modern Coast Guard," said Rear Adm. David T. Glenn, assistant commandant for C4&IT. "It confirms our commitment to delivering world-class C4&IT solutions in support of the Coast Guard's missions of maritime safety, security and stewardship."
The Coast Guard uses and deploys C4&IT assets such as radios and sensors to keep our forces connected with internal and external partners on shore, along the coasts and on the high seas. In each of these roles, C4&IT is depended upon to achieve its missions.
"The Coast Guard needs C4&IT to seamlessly communicate and share information," said Glenn. "This plan identifies specific initiatives and milestones so that we may continue to meet this need."
From the Plan:
3.5 Compliance: Increase Coast Guard compliance with the Federal Information Security Management Act (FISMA) to ensure that the technologies employed protect sensitive and confidential information, and sustain the privacy of Coast Guard personnel and
American citizens.
Greenwood, what a premier post!! e/
Toshiba Storage Device Division Develops Alliance With Wave Systems
http://www.tradingmarkets.com/.site/news/Stock%20News/1834690/
Tuesday, August 19, 2008; Posted: 02:10 PM
Dublin, Aug 19, 2008 (M2 PRESSWIRE via COMTEX) -- WAVX | Quote | Chart | News | PowerRating -- Toshiba Storage Device Division (SDD), a division involved in small form factor hard disk drives (HDDs), and Wave Systems Corp., a company involved in computing applications and services, announced an alliance to develop a standards-based solution for the encryption of data on mobile computing platforms such as laptop PCs.
According to company officials, the full disk encryption solution integrates Toshiba's HDD encryption technology and an enhanced version of Wave's EMBASSY Trusted Drive Manager and Remote Administration Server products for the management and administration of encrypting hard drives.
Toshiba and Wave will demonstrate development versions of these products at the Intel Developer Forum (IDF) in San Francisco, August 19-21.
Wave noted it has extended its client software, EMBASSY Trust Suite (ETS), which includes the Trusted Drive Manager, and the EMBASSY Remote Administration Server, to provide cross-vendor support for encrypting HDDs from multiple disk drive OEMs, including Toshiba's HDD encryption technology. ETS also manages other PC trusted computing hardware components such as Trusted Platform Modules (TPM), biometric finger print sensors and smart card readers.
According to Toshiba, their HDD encryption technology uses design principles from the evolving draft specifications for trusted storage devices. The solution provides data encryption integrated into the drive hardware, with protection of the encryption keys and authentication as integral elements of the HDD design.
"Stronger security for information on mobile PCs is becoming a high-demand feature as customers look for solutions to protect sensitive personal and business data," said Maciek Brzeski, vice president of marketing at Toshiba Storage Device Division. "Building on our legacy of HDD innovation and technology leadership, our partnership with Wave Systems enhances our current encryption technology platform and provides mobile PC manufacturers with advanced security features to deliver the data protection mobile users require."
"As trusted computing hardware, including encrypting HDDs, becomes integrated into more mobile PCs, having components and software designed with common principles centered on strong access and data security becomes important for interoperability and cross platform management," said Lark Allen, executive vice president, Wave Systems. "Wave Systems is committed to being an industry leader in implementing existing and developing trusted computing standards. Toshiba's HDD encryption technology represents an important step toward delivering strong access security to enhance the protection of data -- particularly data on mobile PCs."
Wave Offers Wireless Network, VPN Security on Intel Platform
http://www.tmcnet.com/wifirevolution/articles/37315-wave-offers-wireless-network-vpn-security-intel-platform.htm
Wave System, a provider of client and server software for hardware-based digital security, said Intel (News - Alert) vPro technology, along with its own EMBASSY software, enables enterprises to strengthen and simplify their existing wireless and virtual private network and establish a hardware-based “trust” model for access control and data-at rest.
Wave Systems announced that it would demonstrate the technology at the Intel Developer Forum, to be held San Francisco this week. The demonstration will illustrate how enterprises can reduce expenses relating to tokens, smart cards or complex authentication schemes by deploying PC platforms with Intel vPro technology in combination with Wave’s EMBASSY software.
Wave Systems offers solutions for critical enterprise PC security challenges, such as strong authentication, data protection, network access control and the management of these enterprise functions.
Intel vPro platform comes with an integrated security capability called Trusted Platform Module (TPM). TPMs are included in millions of PCs and are standard equipment on many enterprise-class PCs. According to Wave Systems, TPM acts as a “tamper-resistant storage vault for user credentials.”
EMBASSY software on Intel vPro platform enables enterprises to improve wireless network and VPN security by strengthening access control at both local and network level, said the company. The built-in TPM protects digital certificates by securing user’s private cryptographic keys within the chipset hardware. According to Wave Systems, this functionality can be used in place of external tokens or smart cards and can improve the user access control process.
Brian Berger, Wave’s executive vice president of marketing and sales, said, “For enterprises using platforms with Intel vPro technology, Wave provides a simple-to-deploy solution for improving, and reducing the expense of, client management of their wireless and VPN security. This solution is scalable, regardless of the number of users managed.”
According to Tom Quillin, director of client ecosystem development at Intel, vPro technology offers native support for hardware-based access control using integrated TPM. Enterprises using software-based certificates can significantly strengthen access control for VPN or wireless security by deploying platforms with Intel vPro technology.
“As a result of hardware storage of certificates, enterprises can ensure that only trusted machines are allowed on their networks, no longer having to worry about users sharing or losing network authentication information,” Quillin said.
Standard-issue security
Certification and accreditation process for national security systems to extend to the rest of government.
http://www.gcn.com/print/27_20/46928-1.html?page=2
A two-year-old effort to standardize processes for certifying and accrediting government IT systems could soon bear fruit, according to officials from several agencies.
The Committee on National Security Systems is preparing instructions for implementing a unified certification and accreditation (C&A) process that could be used on all national security systems, including those in the Defense Department and intelligence community, said Tony Cornish, chairman of the CNSS’ C&A working group.
At the same time, the National Institute of Standards and Technology plans to update its C&A guidance for systems covered by the Federal Information Security Management Act, said Ron Ross, a senior computer scientist and FISMA implementation lead at NIST.
“We are very close to producing a unified C&A process for the entire federal government,” Ross said in July at a government security symposium hosted by Symantec. “Within the next six to eight months, you are going to see a plethora of new things coming out” from CNSS and NIST.
CNSS’ instructions will be incorporated into NIST guidelines in its 800 series of special publications. Ross said a major update of SP 800-53 Rev. 2, “Recommended Security Controls for Federal Information Systems,” is expected in December, and a draft of the first revision of SP 800-37, “Guide for the Security Certification and Accreditation of Federal Information Systems,” is expected to be released for comment soon.
A single, governmentwide approach would make it easier for agencies to share data and cooperate with one another and with states, foreign allies and the private sector.
It could enable reciprocity, or the acceptance of other agencies’ C&A processes, without requiring recertification, and also could streamline acquisition processes by making it easier for vendors and developers to meet one set of standards.
C&A is a process for ensuring that IT systems are operating with an appropriate level of security. In the certification phase, the security of the system is documented; for accreditation, a designated authority signs off on the system’s fitness to go into operation. The concept has been around for some time, but there has been little standardization.
“In the past, we each had our own set of policies, and we didn’t look at each other’s,” said Sherrill Nicely, deputy associate director of national intelligence at the Office of the Director of National Intelligence.
FISMA requires C&A of information technology systems, but that does not apply to national security systems. And within the national security community, the military and intelligence sectors each have had their own way of doing things.
“Since about 1993, the Defense Department had its program, the Defense IT Security Certification and Accreditation Process,” said Eustace King, DOD chief of acquisition and technology oversight. “It worked pretty well” in a time before DOD’s emphasis on network- centric systems and information sharing, but it lacked enterprise visibility.
That C&A program was replaced with the Defense Information Assurance Certification and Accreditation Process. DOD was moving to the program in 2006 to harmonize military and intelligence processes when, a year later, it was expanded to include the rest of the national security community by bringing in the CNSS.
Through NIST, C&A procedures eventually will be standardized across all of government. However, policies do not change mind-sets, and old habits still remain one of the primary challenges to a standardized process. At DOD, there is a reluctance to accept reciprocity — that is, to give full credit to another agency’s C&A process without recertification, King said.
The intelligence community faces a similar hurdle, said Sharon Ehlers, an assistant deputy associate director of national intelligence.
“The cultural change has been the biggest challenge,” Ehlers said. “When it is not invented here, people don’t want to look at it.”
WOW!! Silverlight is powering the NBC Olympics quite well
http://arstechnica.com/journals/microsoft.ars/2008/08/18/so-far-silverlight-is-powering-the-nbc-olympics-quite-well
By Emil Protalinski | Published: August 18, 2008 - 12:42PM CT
Last week, I talked about what Microsoft was doing for the Olympics and questioned whether it would all pay off. According to NBC, loads of viewers are tuning in; it's as if the users participating in the video explosion on the Internet have simply said "Olympics? Sure, we'll watch that too."
Among other things, Microsoft is hoping that this embrace will mean a surge in Silverlight installs. The NBC video player, which streams content in 350kbits and 650kbits bitrates using Windows Media Services, is built using Silverlight 2 Beta 2. The Olympics Silverlight application is written using managed code on top of the .NET Framework subset included with Silverlight (all UI in the application is built using WPF). While the Olympics are only just beginning and it's really hard to say how well Silverlight will come out at the end, early numbers show that Microsoft has something to be proud of.
According to data eWeek has obtained, Silverlight is being downloaded 8 million times per day. Compare that to 10 million downloads a day from Flash, Olympics or not, and the number doesn't seem that huge. However, for a fairly new technology, it's something to write home about. So the download numbers are quite high, but that's not the only metric that has to be looked at. Is Silverlight living up to the task of the Olympics? Apparently, it is. On August 11 alone, Silverlight managed to deliver 250TB of data without any major problems. There have been scattered reports of performance issues but these are rare and are most likely due to the fact Silverlight 2 is still in beta; the final version of Silverlight 2 is still targeted for a "late summer" release.
Microsoft claims that it and NBC are enabling viewers to watch more than 3,500 hours of Olympics coverage, 3,000 of those hours being live coverage. NBC has HD cameras in Beijing that capture each event from multiple angles. That video content is then sent to teams of people in control rooms and producers that will do real-time shot selection, after which the video is encoded. Commentary and the play-by-play meta data are then included in by dozens of analysts, and then finally viewers see the video content. All of this is done very, very quickly and content is supposedly seen in almost real-time.
US viewers (NBC only covers the Olympics for the US) who can't typically watch their favorite Olympic sports can now watch basically everything that happens. On NBC Olympics they can either see it live, or even after they've already missed it. The site reportedly attracts over 6 million users daily. On average, users stay about 15 to 20 minutes per visit. These happy new users so far have a very high opinion of both NBC and Silverlight.
Northrop Grumman Showcases Information-Enabled Joint Warfighting Capabilities At LandWarNet Conference
Northrop Grumman Showcases Information-Enabled Joint
Warfighting Capabilities At LandWarNet Conference
FT. LAUDERDALE, Fla., Aug. 18, 2008 (GLOBE NEWSWIRE) --
Northrop Grumman Corporation (NYSE:NOC) will highlight information
technology (IT) and communications solutions for the defense industry
this week at LandWarNet, August 19-21, at the Greater Ft.
Lauderdale/Broward County Convention Center.
At booth 407 in the conference exhibit hall, Northrop
Grumman will feature a demonstration of the Defense Integrated Military
Human Resources System (DIMHRS), which will transform the delivery of
personnel and pay services within the U.S. Department of Defense.
DIMHRS will provide service members with a single,
comprehensive human resources record and will allow service members to
update personnel information via self-service functionality. DIMHRS
will go live for the U.S. Army in the first quarter of 2009, and will
be implemented incrementally across the rest of the Defense Department.
In addition to the DIMHRS demonstration, Northrop Grumman
will display its warfighting solutions including:
* Army Knowledge Online/Defense Knowledge Online (AKO/DKO):
AKO/DKO is an online portal that empowers knowledge dominance,
ensures synchronization of resources, and aggressively enables
situational awareness and operational security throughout the
Defense Department community. In a secure environment designed to
improve information sharing, AKO/DKO is providing net-centric
enterprise services, including online collaboration (Web
conferencing, instant messaging and chat), a people directory
through its white pages, and improved search capabilities.
* AKO/DKO service-orientated architecture (SOA) dashboard:
Consolidates real-time portal, application, network, and
help-desk performance data. AKO/DKO SOA dashboard uses
enterprise service bus technology to transport information,
and provide timely, enterprise-wide, decision-making information
to key AKO/DKO stakeholders.
* Secure broadband wireless data and voice communications:
Enables situational awareness supporting military base security,
infrastructure protection, geospatial information management,
and mobile asset management.
* Comprehensive vulnerability lifecycle management system (VLMS):
Northrop Grumman is the prime contractor leading the development,
integration, and deployment of a comprehensive vulnerability
management system for the U.S. Air Force. The VLMS team is
evaluating, configuring, analyzing, testing, and installing
VLMS capabilities to achieve the system architecture, using
Defense Department and Air Force-provided commercial-off-the-
shelf tools.
* Information Technology Enterprise Solutions 2 Services (ITES-2S)
program: The Army's ITES-2S program has an easy-to-use portal and
pre-competed rates, while also providing the flexibility of full
and open competition. The Army's ordering guidelines include
templates with a deliberately broad scope for building task
orders.
Northrop Grumman Corporation is a global defense and
technology company whose 120,000 employees provide innovative systems,
products, and solutions in information and services, electronics,
aerospace and shipbuilding to government and commercial customers
worldwide.
-0-
Consumer vs Corporate Hardware - What's the Difference?
http://www.gottabemobile.com/CommentView,guid,671051f0-c99b-4bab-82ac-9c62cd25b8cd.aspx
In a recent GBM Podcast Truc made a comment about the campus store stocking the consumer Dell range as opposed to the corporate range.
Many OEMs have two ranges and I thought it would be worth taking a few minutes to explain in broad and general terms what the differences tend to be.
Corporate Mobile PCs
As already stated I'm generalising - there will be exceptions. That said the corporate ranges tend to have:
A higher degree of engineering - especially around the common mobile PC failure points. This will include features such as shock mounted hard drives and spill resistant keyboards. The upshot is that you tend to have a longer mean time between failure in the corporate ranges.
Business focused hardware features such as Trusted Platform Modules. Bitlocker, the Vista drive encryption works best with a TPM and it is only supported in the Enterprise and Ultimate versions of Vista, which is why I would call this a corporate hardware feature.
Business focused accessories such as docking stations.
More standardisation across accessories and spares such as power supplies.
Defined lifecycles for the chipsets used internally - this is important in reducing the variance in the corporate fleet and making the standard builds more stable.
Consumer Mobile PCs
Contrasting with the above and still generalising in the consumer ranges you will tend to find:
A range a build qualities spread across a fairly wide price range.
Cheaper units at the bottom end of the price range.
Fewer "corporate" hardware features.
More hardware innovation because they are not tied to the defined chipset lifecycles.
More consumer hardware features such as high end audio and video outputs, web cameras and blu-ray drives.
The Lines are Blurry
The difference between the corporate range and the consumer range use to be pretty clear cut, but this is no longer the case. There is also a clear middle ground emerging that some call the "prosumer" range that offers most consumer and corporate hardware features and more innovation.
Device control from a distance
http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn&story.id=4
08/18/08
By Greg Crowe
Embassy Remote Administration Server identifies built-in hardware security to deliver remote administration of trusted systems Every network administrator knows that hardware-based security is less prone to hacking than software-based systems. What they might not realize is that the hardware for better security is largely in place, and all they have to do is take advantage of it.
The Trusted Platform Module, or TPM, has been integrated into many new computers and hard drives for several years. The 170-plus member companies of the Trusted Computing Group have developed standards for Trusted Computing that every major computer manufacturer is adopting. Many government agencies, such as the Defense Department, now require every new PC they acquire to have a TPM. In only a matter of years, every laptop PC along with most desktop PCs and hard drives - called trust drives or TDs - will include TPM.
Why is this technology so pervasive? TPM facilitates the secure generation of cryptographic keys at the hardware level, which makes remote identification more reliable than an entirely software-based process. The use of this module can more effectively control who can access programs and data. A chip on the motherboard stores password and biometric information, making them almost impossible to steal.
The problem is that even though practically every company is jumping on this bandwagon, many of them differ on the best way to encrypt the information, and there haven't been many attempts to unify all brands of TPM under a single management system.
The Embassy Remote Administration Server (ERAS) from Wave Systems does exactly that. ERAS works with all TPMs currently manufactured, bringing them into one central management interface. It also works with Microsoft Active Directory to keep track of authorized users. So it acts as a central headquarters that pulls together all disparate TPM security systems, organizing the chaos and letting you focus on what is probably an already-robust, but unmanaged, security architecture.
ERAS can be installed on any computer that runs Microsoft Windows Server 2003, Internet Information Service (IIS) 6.0, and any version of SQL Server 2005. We found the setup to be fairly simple and straightforward, although it does require knowledge of Active Directory to create the user groups and accounts ERAS needs to function properly. After the server application is installed, the client software must be installed on each network computer you want to administrate remotely.
The server application interface is in the style of most Windows administration consoles. This wasn't surprising, considering it is an actual Microsoft Management Console snap-in. Performing a quick search allowed us to find all of the computers on the network that had TPMs or TDs, in addition to the client software.
Right-clicking on a specific computer opened a menu of options, which included enrollment and allowing the remote administrator to take ownership.
After this was done, changes could only be made through the remote console, and nothing could be changed locally.
Adding and removing users of the TPM or TD was done with a few simple clicks. We could even enable and disable the trusted chip with one click, plus another for confirmation. There was also an option to cryptographically erase the entire drive remotely, ensuring that no data remains. This can be used when a disk is re-purposed, or when it is ultimately being discarded.
Another option is to lock the drive from being used by anyone.
A simplified, Web-based version of the administration console is available with the use of IIS. Designed to be used by help-desk employees, the interface allows an operator to search for the computer in question. Once found, the operator can perform the most commonly requested tasks, such as issuing recovery passwords, while leaving the more complex operations to an administrator.
For administrators who like to type in line commands or run scripts, there is a command- line interface that will let them do just that.
Wave Systems is selling Embassy Remote Administration Server starting at $93 per user for as many as 50 users, with volume discounts for larger numbers of users. We found this price to be acceptable, especially considering what the application is capable of doing. Of course, this price does not include the server on which it runs, but we think any existing server in a network that is not already heavily taxed should be able to run ERAS.
This application is just the thing for an administrator who wants to take direct, central control of the network's trusted drives and computers. Given that most agencies probably have, or will soon have, a security system embedded in equipment, ERAS can help them harness that power. At $93 per seat, it's a good deal.