Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Gartner Report assesses Wave and others
http://mediaproducts.gartner.com/reprints/mcafee/article4/article4.html
Wave Systems
Strengths
* Wave Systems offers a self-contained solution for managing keys, reporting and recovery for PCs that are equipped with a Seagate encrypting drive and a TPM. The company supports TPMs from many manufacturers.
* Released in late 2007, its product has gained visibility among Gartner clients.
* A stand-alone version of the product is included on qualified Dell PCs and is upgradable to an enterprise managed platform. Additional bundling is available with some motherboards from Intel, NEC (in Europe) and Acer.
Cautions
* Wave Systems must provide managed encryption on removable media as soon as possible. This is a basic competitive requirement, and an immediate need that can't wait for the Trusted Computing Group's specification to be adopted on flash drives.
* Primary distribution is by an OEM-embedded stand-alone client on selected PC platforms. Users can deploy the client without purchasing Wave System's enterprise management. The company should develop additional sales channels to sell its full enterprise solution, to increase revenue and the opportunity to add value for customers.
* Wave Systems' solution is a management platform with no security certifications; it relies on Seagate's encrypting drives and the TPM. Gartner recommends a CC certification for the company's management framework.
* Wave Systems has shipped many tens of millions of OEM seats, but receives only a small royalty, which generates revenue that is below the median and far below average (even if some of those seats become enterprise accounts). The company's market impact is, therefore, only fractionally considered, because stand-alone OEM seats are not trackable and do not advance the goals of enterprise managed data protection.
Trusted Computing-HID Global (Cartes 2008)
http://www.cartes.com/ExposiumCms/do/exhibition/CARTES+IDENTIFICATION+UK/Congress/Programme/siteId_290871/pageId_714578
Tuesday, NOV. 4
1:00 - 11:30 A trusted computing environment for identity transactions – A trusted identity platform providing end to end security for access and payment applications
Gary KLINEFELTER, Vice President Strategic Innovation, HID Global, USA
HP plans will require Intel's TXT and underlying support
http://www.tgdaily.com/content/view/33568/135/
Intel's Trusted Execution Technology (TXT, formerly codenamed LaGrande) is extended to protect virtualized computing environments by partitioning off assigned memory areas behind logical barriers. This process works with Intel's new Virtualization Technology (IVT) for Directed I/O. These new barriers prohibit hypervisor-level viruses from attempting to access protected memory.
HP September newsletter (Trusted Converged Client)
(interesting use of virtualization)
http://government.hp.com/taw_detail.asp?fid=387&agencyid=135
"Trusted" PC will compartmentalize and keep data secure
Social networking can help organizations target specific audiences and improve internal collaboration, but it also introduces security issues. As a result, an increasing number of organizations are restricting online access to social media sites or requiring employees to use separate devices for business and pleasure. But one team of researchers is exploring a novel way to take advantage of social media—without the risk.
Richard Brown, senior project manager at HP Labs Bristol, and his team are researching a security approach based on trust and the premise that individuals will continue to take risks.
“We want to give people a legitimate, secure way to access all the things they want but that organizations have to restrict. Then there will no longer be a need for people to take risks. That’s good for the organization,” explains Brown.
Their vision: the Trusted Converged Client (TCC), a PC that functions like two or more separate machines.
Still in the exploratory stage, the TCC uses virtualization technology to create isolated compartments within one device. Activity in the “personal” compartment never affects organization activity or data contained in another compartment.
For instance, a person with separate compartments for personal and business use can download from his or her bank a small application which will run in another isolated compartment. Personal finance details can also be kept safe from potential malware in a general-purpose personal compartment.
“It might sound impossible but that’s what virtualization allows,” says Brown.
For additional security the TCC incorporates the Trusted Platform Module (TPM), a chip based on security standards developed by the Trusted Computing Group industry consortium. Confidential data remains encrypted and secure until the TPM reports that a given software compartment has not been compromised.
Is this Wave?(Just partnered withHP,tapping into mobile!)
http://www.resumes2work.com/job.php?id=15979946
Job Reference ID: 6683726
Category:
Information Systems
Duration:
City, ST: Cupertino, California
Country: United States
Description:
Year Founded: since 94
# of employees: 120 people strong
Location: Cupertino
Current Co. revenue/funding: Bringing in revenue, increasing significantly; not breaking even yet; well funded, public company
Position Title: Director of Software Development
Minimum Requirements in Years: 5 years management
1. Client applications; windows applications
2. Security experience
3. Managed about 10-15 people
4. C/C++ background
Top Selling Points of position:
1. The team you will be directly managing is the team is responsible for the main projects of the company
2. Great growth potential
Product Description:
Authentication, data protection, network access control, trusted computing
Client and server software for HW based digital security
Company Highlights:
Great growth potential
Tapping into the mobile space
Just partnered with HP
Juniper and Wave in Japan
https://www.trustedcomputinggroup.org/news/events/presentations_Panels/
Tpro EXPO 2008
October 15 - 17, 2008
Tokyo Big Site - Tokyo, Japan
Visit Juniper Japan at the ITpro Expo 2008 event in Japan hosted by Nikkei BP and see TNC in Action. Juniper Japan will be showcasing a NAC solution (Juniper Networks NAC) running with TPM Integration by Wave Systems.
I look forward to the day!! It's not such a stretch to make it happen, but I'll be glad to see it, when (if) it's on paper. Regards, Foam
Dell + Solaris (+TPM)
(At some point, quantitative changes accumulate to bring a qualitative change. This is clearly happening with TC, ironic though that it's taking place amid such acute financial problems).
http://www.dell.com/downloads/global/solutions/dell_solaris_spec_sheet.pdf
Dell E6400 review
http://reviews.cnet.com/laptops/dell-latitude-e6400-laptop/4505-3121_7-33200149.html
...Our review unit included several business-friendly features, such as a Trusted Platform Module chip, a contactless Smart Card reader (which lets you just tap your card on the wrist rest, rather than sliding it into a slot), and a fingerprint reader (a $29 option). For many corporate IT departments, these are must-haves. Dell's custom ControlPoint software widget offers a clean, simple one-stop interface for accessing security, power, and networking settings. Other business laptop makers such as Lenovo offer their own similar versions of catch-all administrative applications, and both the Dell and Lenovo versions are reasonable useful and easy to use.
Intertrust Announces Patent Licensing Agreement With Nokia
Recommend
http://www.foxbusiness.com/story/markets/industries/telecom/intertrust-announces-patent-licensing-agreement-nokia/-1331168276
Aug 19, 2008 (Hugin via COMTEX) ----SUNNYVALE, CA--(Marketwire - August 19, 2008) - Intertrust Technologies Corporation announced today that it has entered into a patent licensing agreement with Nokia Corporation. The license grants Nokia worldwide access to Intertrust's broad portfolio of inventions in the areas of digital rights management (DRM) and trusted computing.
Licensed technologies covered under the agreement include those relating to the Open Mobile Alliance (OMA), Marlin DRM specifications, and various trusted distributed mobile computing standards.
Intertrust is a founding member of several initiatives promoting open standards in the DRM area including the Marlin Developer Community and the Marlin Trust Management Organization.
"This license provides Nokia with the design freedom to deliver many advanced features in mobile computing," said Matti Kauppi, vice president of Intellectual Property Rights, Nokia. "We have previously worked with Intertrust and are pleased that our thinking regarding the development of DRM technology has once again come closer together."
"Nokia is a wireless market leader whose innovative products continue to set and drive major mobile trends," said Talal Shamoon, chief executive officer of Intertrust. "We look forward to Nokia incorporating our technology into exciting new mobile devices and services that benefit content providers and consumers."
GCN on Wave's ERAS
http://www.gcn.com/print/27_20/46911-1.html
You say Express Gate, I say Palladium
http://www.itpro.co.uk/blogs/maryb/2008/07/28/you-say-express-gate-i-say-palladium/
By Simon Bisson & Mary Branscombe in Editorial
Posted in Futures, Silicon, virtualisation, Hardware, Laptop, Mobile, Security, Intel, Microsoft on July 28, 2008 at 12:41 pm
Permalink | Author Profile
Imagine a second, simpler operating system on your PC with fixed features, so it’s more secure - after all, if you can’t add more programs you can’t add a virus either. It would have to start up quickly, so that Windows wasn’t waiting for it, so it would be ideal for listening to music and watching video. I’m not thinking about virtualization per se, although that’s one way to achieve something similar; this is two operating systems side by side, both with access to the PC hardware, but one of them does much more limited and circumscribed things.
Can you tell what it is yet?
No, actually, I’m not talking about Palladium - sorry, Microsoft Next Generation Secure Computing Base. That grew out of an attempt to reassure Sony that it would be OK to allow DVD movies to play on a PC without piracy becoming endemic and turned into a much more useful and visionary idea about using public key cryptography not to identify people but to secure machines. It would have been a good way to implement the DRM it was associated with in the public eye, though wouldn’t have forced it on anyone who didn’t want to run it. Palladium loaded a secure piece of software called the TOR that acted as a secure area that could only run trusted code (written to public APIs), where the apps would be invisible to the main OS - all secured by the machine-specific key in your TPM and some new technology from Intel.
Ironically, trust was the issue with Palladium; nobody trusted Microsoft to either be building a secure system that didn’t impact on a very robust interpretation of free speech or if it was, to do it right. The smallest part of the concept made it in a couple of versions of Vista as BitLocker; whole disk encryption secured by the TPM.
But the Palladium concepts are showing up in a lot of other places, including the NSA’s Security Enhanced Linux and Citrix’s Security Enhanced Xen - a small OS that runs as a secure virtual machine with isolated applications, using the TPM and Intel’s new hardware virtualization technology …
Intel even uses the words Trusted Computing Base, which might be a hostage to fortune given the fate of Palladium. The DRM discussion hasn’t started yet, but there’s a trusted channel to the keyboard, mouse, memory - and the graphics subsystem, which is what some thought would allow copy-protected DVDs to be watched in the secure area of Palladium, without the option to copy them. This time around it’s more likely to be copy-protected downloads: killing off HD DVD has actually made Blu-Ray less likely to get mass adoption, as player and disc prices stay high.
There are far more benefits to Palladium-style secure computing than protecting the movie industry or saving the banking industry from having to upgrade anti-fraud backends. You may keep your AV up to date and your company documents secure, but one in six of all PCs that touch the Google site has a bot and they’re all sending you spam.
And while the systems that look so much like Palladium that I get déjà vu are still a little way off, Asus is already selling machines with Express Gate. Granted, this is more like the embedded operating systems you see on a lot of media notebooks; it boots up in eight seconds and lets you see your photos and play your music. It has an Internet connection, so you can browse the Web without waiting for Windows. But it also uses the TPM in Montevina and you can treat it as an isolated operating system, says the press release: “Friends and family can use your notebook to nip online, use IM, listen to music, play and view without having access to your data, the system or the Windows environment.” Very Palladian.
-Mary
FIXS Logical Operating Rules (July 2008)
(Recent Fixs document referencing TPM requirement)
http://www.fixs.org/publicdocuments.htm
3.1.2.1 APPLICATION (COMPONENT) CERTIFICATES Relying party computing and communications components (web servers, routers, firewalls, authentication stations, etc.) may be named as certificate subjects. In such cases, the component must have a human PKI Sponsor as described in the ECA CP. The PKI Sponsor is responsible for providing the approved Registration Authorities, through an application form, correct information regarding: Equipment identification Equipment public keys Equipment authorizations and attributes (if any are to be included in the certificate) Contact information to enable the ORC ECA to communicate with the PKI sponsor when required in accordance with the appropriate CPS.
3.1.2.2 APPLICATION (COMPONENT) PRIVATE KEY PROTECTION At a minimum FiXs relying party computing and communications components (web servers, routers, firewalls, authentication stations, etc.) shall protect the certificate private key(s) in a hardware device such as a Trusted Platform Module, as stipulated in the DoD CIO Memorandum, Encryption of Sensitive Unclassified Data at rest on Mobile Computing Devices and Removable Storage Media, dated July 03, 2007
New material on FIXS website
http://www.fixs.org/
FiXs issues:
Acquisition Plan
&
Statement of Objectives (SOO)
for Network Services Contract.
Intentions to Bid must be sent to FiXs no later than COB June 16th 2008. See Acquisition Plan for details.
Infineon CEO resigns
http://biz.yahoo.com/ap/080526/germany_infineon_ceo.html
Multiple Wave mentions on recent HP PDF
http://h20331.www2.hp.com/Hpsub/downloads/FINAL_Enterprise%20WP-Security%20Manageability_4AA0-8657ENW.pdf
Interesting Application to sit atop trust layer
http://biz.yahoo.com/iw/080428/0391000.html
Press Release Source: nSolutions, Inc.
nSolutions Debuts NOVA Change and Configuration Appliance at Interop 2008
Monday April 28, 11:41 am ET
Innovative Approach Enables IT to Manage Change With a Unified View Across Applications, Servers, Network Devices and Virtual Deployments
LAS VEGAS, NV--(MARKET WIRE)--Apr 28, 2008 -- Utilizing Interop 2008 as a platform, nSolutions, Inc. (www.nsolutionsinc.net) today launched its flagship change and configuration management offering, Network Ontology and Virtualization Appliance (NOVA(TM)). NOVA is a highly scalable, change and configuration management appliance that auto-discovers infrastructure resource configurations, builds a real-time repository of physical, logical and virtual resources, correlates the interdependencies and controls the changes to ensure continuous operational and security compliance. nSolutions will be demonstrating NOVA within a live, multi-vendor environment April 29th, Trusted Computing Group's (TCG) Booth #421.
Source: nSolutions, Inc.
(click to enlarge)
NOVA's Risk and Compliance Status Report
Dr. Harish Rao, nSolutions' CEO, explains the genesis of his company's new offering, "Change and configuration management of infrastructure resources is central to all IT operations. Automation and control of change and configuration management is the only way to handle complexity and assure high availability and security of business services. However, today, these business services are supported by a collection of independent operational silos being managed by -- point solutions -- which only view change and configuration from an individual device perspective e.g. server, router, switch, etc. Virtualization only exacerbates the manageability problem. What was needed is a solution that provides a unified view of the entire IT infrastructure based on: auto discovery, a real-time repository of the infrastructure resources configurations and a decision support system for managing changes holistically."
Introducing NOVA
NOVA is a product line of plug-and-play appliances that manages change in global heterogeneous infrastructures through automation and control. NOVA auto discovers the resource configurations and cuts across IT silos to provide a unified view of the configuration state of the infrastructure resources that support business services. The real-time NOVA Repository maintains a virtual construct of the auto-discovered configurations and the interdependencies among the components of the core and the applications infrastructures. NOVA's Change Impact Analytics (CIA) allows a variety of reports to be generated for all stakeholders responsible for operations, compliance and security.
"nSolutions brings a unique set of capabilities to the change and configuration management space," said Richard Ptak, managing partner and analyst at Ptak, Noel and Associates LLC. "NOVA by means of an easy and simple insertion of an appliance -- provides immediate visibility and understanding of business services -- without the long cycle of project development, while eliminating useless data models."
NOVA plug and play appliances have several unique advantages that make them highly cost effective for enterprise customers:
-- Unprecedented visibility into infrastructure resources through auto
configuration discovery, based on industry standards.
-- NOVA's repository is an operational Configuration Management Data Base
(CMDB) that maintains real-time information and exchanges configuration
data with a federation of CMDBs.
-- An innovative approach to Change Impact Analytics enables operational
decisions for managing change from a services perspective.
-- World-class automation and control for continuous operational
compliance with regulatory and security policies
-- Dramatic improvement in operational efficiency resulting in higher
availability of business services at a lower Total Cost of Ownership (TCO).
"Enterprises have no choice but to reduce operational costs and minimize business risk from IT. In order to achieve this, IT personnel must manage change pro-actively. NOVA's automation and analytics uniquely provide real-time information for supporting operational decisions," Rao added. "The ontology and virtualization methodology of NOVA readily accommodates the manageability problems resulting from high rates of technological changes. This innovation overcomes the limitations of traditional approaches of managing change in IT infrastructures that has evolved over the last several years."
Pricing and Availability
NOVA is currently shipping with pricing starting at U.S. $20,000.
For additional announcement resources, please view nSolutions' Events page.
For addition information on automating change and control, please view nSolutions' white paper, Minimizing Business Risks in Enterprise Networks.
About nSolutions
Based in San Jose, California, nSolutions, Inc., provides plug and play products for automation and control of IT infrastructures to minimize business risk from IT. Spun out of Bell Laboratories Research as an independent business, the company now offers Network Ontology and Virtualization Appliance (NOVA(TM)), a highly scalable line of products that manage change with unmatched visibility and control of configurations in heterogeneous, globally distributed infrastructures. nSolutions markets NOVA directly and through its channel partners worldwide to medium to large enterprises in the financial, healthcare, manufacturing, and retail sectors.
Image Available: http://www2.marketwire.com/mw/frame_mw?attachid=746898
Juniper blog -interesting on 1)Cisco and 2)NSA
(Cisco on board and NSA solution built on TNC standards)
http://nacblog.juniper.net/tag/Appearances
Last week, I was at the RSA Conference in San Francisco, a global gathering for information security folks. This event has already been covered by hundreds of bloggers and journalists so I won’t cover the basics. However, I do think it’s useful to highlight a few NAC-related events.
First, I was glad to see that NAC vendors are converging on IF-TNCCS-SOH as a standard client-server protocol. This addresses several concerns that customers have had about NAC: complexity, compatibility, and cost. Now that everyone is agreeing on one client-server NAC protocol, customers won’t have to worry about whether their NAC system is compatible with their PCs, their non-PC devices, and their contractors’ and customers’ devices. Support for the TNC protocols will just be built into the client operating system. This will reduce complexity and therefore cost by eliminating the need to install a special NAC agent on the device. Of course, the nirvana of universal NAC support is not here yet. Macs, older PCs, and many other devices don’t yet come with NAC support built-in. But the trajectory is clear. In a few years, NAC support will be as ubiquitous as DHCP is now.
Second, I participated in a panel session with Cisco and Microsoft on NAC. This is the third year we have done this panel at RSA. The first year, there was blood everywhere. The second year was a bit more restrained. And this year, I’m happy to say that everyone agreed on the value of the TNC standards. Even Cisco is on board, now that IETF has pick up the TNC specs. I still don’t agree with Cisco about everything. We had a few tiffs on the panel. But we agree on the need for NAC standards and the fact that the TNC standards are those standards. That’s the essential bit.
Finally, NSA (the U.S. National Security Agency) was demonstrating the High Assurance Platform, a multi-level secure workstation built on the TNC and TPM standards. This is really important. For one thing, it shows how open standards are being used to build super-secure systems out of inexpensive, commercial parts. For another, it will provide a big benefit to U.S. warfighters. Today, they must carry three laptops: one for secret materials, a second for top secret, and a third for unclassified. With HAP, a single laptop with a secure hypervisor (based on VMware) runs separate VMs for the separate classifications. This will literally lighten soldiers’ load, allowing them to be more agile or carry more arms and armor. Commercial road warriors and infosec teams may not carry guns but we are at war with cyber criminals. If TNC and TPM are strong enough for the NSA, they must be strong enough for your organization.
Vodafone MTM patent
(when will trusted mobile rear its head?)
http://www.wipo.int/pctdb/es/ia.jsp?ia=GB2007/002634
TELECOMMUNICATIONS DEVICE SECURITY
Resumen:
A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment (operating system) (30) and a secure execution environment (32) comprising a Mobile Trusted Module (MTM). The mobile terminal enables the software of the terminal in the secure execution environment (32) to be updated. The terminal 1 may be provided with minimal software initially in the secure execution environment (32), and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data, relevant in particular to managing access to a broadcast video data stream complying with a mobile digital broadcast scheme. The method defines a service protection platform implemented on mobile terminals having both normal execution environment (i.e. the operating system) and secure execution environment. Service protection is provided by separating the operation of service protection application components into those that operate in the normal environment and those that are adapted to execute only in the secure execution environment. Making the secure execution environment application component interchangeable allows the method to be adapted to any of a number of service protection protocols or 'profiles' by downloading only the secure execution environment application component.
Some changes in TCG organization. I see that Hardjono is no longer listed as with Wave but with Signacert again. Safenet now directing authentication (interesting) and Sony PDA workgroup. Cheers, Foam
Deering - It seems from the recent literature that the NSA is building out from its center the secure Net for the government and even for large firms working closely with the govt. (Lockheed Martin, Boeing etc - see the article I posted). We know that they are most interested in FDE HDDs a la TCG with TPMs (it's clearly stated on the Samsung job ad posted by Helful yesterday) and that TPMs have been mandated by the DOD. As these departments build outward, I think Wave will have an enormous market into which to sell (seems they are already selling into it) and, of course, Microsoft has suddenly gotten religion on this (as has Infineon). People are starting to see this Maelstrom hovering on the horizon and I believe, with things being what they are, Wave will have a strong case with which to approach far-sighted investors in order to fund the few quarters before break-even. Anyhow, just how I'm starting to see things from my current vantage point. Regards, Foam
BusinessWeek article-Govt. Manhattan project for Net
(No doubt why Microsoft has been trumpeting trusted computing. It's a multi-billion dollar govt. initiative. Something is clearly in the works here and it's a pretty good guess that TC will have a large role to play).
http://www.businessweek.com/technology/content/apr2008/tc20080415_792943.htm
Added insight on Govt. and network security
http://www.ibls.com/internet_law_news_portal_view.aspx?s=articles&id=73A1C225-F50C-4AB8-8FDE-CE14E265D152
INTERNET LAW - TOWARDS A CYBER WAR ON TERROR?
Jennifer Morin, IBLS
The argument of the seriousness of a cyber war on terror is still raging. However, the threats remain real and will likely continue. There are many new considerations which must be realized for the future to stop the impending war on cyber terrorism.
The war on cyber terror is one that the world has never encountered before. Old technology and old defenses are obsolete. The technology industry is rapidly changing and changing with it are the methods used by cyber terrorists. Prevention techniques must be dynamic and change as quickly as the technology does. The old computer security models, data processing, and auditing in use today are outdated.
Cyber Terrorism is more difficult than other forms of terrorism. In the case of cyber terrorism, if the terrorist fails, he does not die. He can learn from his mistakes and ensure the success of his deeds in the future.
One of the unexpected problems that cyber terrorism has created is that the fear of an attack could possibly lead Americans to give up rights they would not normally relinquish. For example, the fact that many of the terrorists use cryptography in their communications is not a reason to ban this technology per se.
Is it Really That Easy to Destroy our Infrastructure?
Many skeptics believe it is unlikely. Although they admit that there are many vulnerabilities in the systems, they cite the numerous redundancy and backup features of each system as a safety net. For example, if a cyber terrorist wanted to cut off electricity to a large metropolitan area, they would need multiple, coordinated attacks on the grids since each grid has many backups in place. Many critics believe that our national system of water, power and other utilities as an interconnected web of many different private and public companies offers protection from a mass wipeout from a cyber attack. In fact, they cite, that water and power have been turned off for many days at a time, usually due to natural disaster, and there has been neither chaos nor paralysis in the communities. However, even the smallest likelihood of a massive attack warrants prevention measures and education.
How Likely is it That the Cyber War will Continue?
As the conflict in the Middle East continues to escalate, the likelihood of the war against cyber terrorism will continue. Arab terrorists have clearly stated that they are aware of the companies, which do business in Israel and in conjunction with Israeli companies. Lucent Technologies, one such company, has already found itself under attack. Additionally, the seriousness of the steps taken thus far by the US government shows that they fully expect the cyber war to continue.
What is the United States Government Doing to Make its Systems Safer?
President Bush penciled in a 50 billion dollar budget for Homeland Security Information Technology in 2003. Also in 2003, the US Department of Homeland Security created the National Cyber Security Division. The government has also been staging attacks against themselves using students from US military academies as the attackers. The Department of Defense has also been running cyber security exercises against certain government division such as the military and the National Security Agency. Additionally, special forces have been set up to track, prosecute and prevent cyber attacks. Federal agencies have been required to report hacking incidents or cyber attacks for two years.
What are the Difficulties in Stopping Cyber Terrorism in the Future?
The characteristics that make the Internet beneficial are the same characteristics that make the Internet a prime place for terrorist activities. The Internet’s anonymity is one of the biggest hurdles in preventing future cyber attacks. There are infinite amounts of ISP’s in the world which give terrorists the ability to plan and execute attacks anonymously. Secondly, the vast amount of vulnerabilities in all computer systems provide the necessary gaps for terrorists to infiltrate systems and destroy infrastructures. The communications features and encryption capabilities of the Internet make it easy for the designers of cyber attacks to secretly and effectively exchange ideas and plans. Lastly, the low costs associated with using the Internet make planning and executing cyber attacks easy and affordable.
Are There Any Special Considerations for the Future?
When building a counter-cyber terrorism policy there are several concerns which should be taken into consideration. The way the world approaches and views terrorism must change. Although the theories of terrorism remain, terrorists are no longer using traditional methods, so our methods of prevention must be non-traditional. Countries must freely exchange information and cooperate in terrorism prevention in ways that they never have before. Because of the specialized, technological knowledge involved in cyber terror and its prevention, it is increasingly important to enlist individuals who specialize in the technology used in cyber terrorism. The international community must be proactive to thwart new threats that arise.
Nortel NAC/TNC product wins award
http://www.nortel.com/corporate/awards/collateral/sna_gold_award_2008.pdf
Interesting reference to TPM implementations
http://www.globalsecuritymag.com/Replacing-Vulnerable-Software-with,20080407,2521
...Organizations that have applied TPM-based trusted computing include: pharmaceutical companies to protect trade secrets and authenticate remote access, a pizza franchise chain to transmit and receive sensitive financial data and employee records, a car rental company to secure PCs in thousands of locations that handled confidential customer personal information and financial data, and even the U.S. government’s National Security Agency (NSA) is evaluating full disk encryption, with associated credentials stored in the computer TPM. In spite of overwhelming indication of the need for improved protection for users of a variety of computing-based systems, including the enterprise network itself, a few remaining naysayers continue to voice skepticism for TCG’s efforts.
Among the misperceptions for the TPM are:
• It will take years before enough large companies and ISVs utilize the TPM
• There is insufficient justification for implementing a TPM
• Software can do the job without new hardware However, Microsoft and other leading companies’ use of the TPM and its ability to provide an improved solution to issues, such as the deceptive endpoint problem should dispel these misconceptions and accelerate the acceptance of the TPM to increase security in products and the entire network at the enterprise level. Building on the foundation of the Trusted Platform Module, TCG members have invested extensive effort to develop open, industry-wide specifications for essentially every software aspect that impacts the enterprise and requires security. When TCG’s specifications are implemented in PCs, servers, storage devices, mobile phones, PDAs, and the network, the enterprise-wide protection will essentially create a trusted enterprise.
And soon users can benefit from trusted mobile phones! From Vacationhouse's post. Very curious to see how this will play out.
SafeNet Releases Encryption Solution for IBM z/OS Mainframes
http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20080409005219&newsLang=en
April 09, 2008 08:00 AM Eastern Daylight Time
New Solution Allows Customers to Encrypt Data Stored in z/OS Mainframes to Achieve PCI Compliance and Enhance Performance and Manageability
BALTIMORE--(BUSINESS WIRE)--SafeNet, Inc., a global leader in information security, today introduced a mainframe solution which leverages Ingrian Networks’ advanced encryption capabilities to allow customers to protect sensitive information in z/OS environments. Ingrian Networks, a leading provider of data privacy solutions, was acquired by SafeNet on April 3, 2008.
SafeNet’s mainframe solution helps retail, banking, and other financial institution customers achieve PCI compliance by allowing them to quickly encrypt and decrypt critical data in z/OS environments as well as manage bulk encryptions and decryptions within flat files with the SafeNet Transform Utility.
“With the continued growth of security threats and increase in government regulations and industry standards, such as PCI, it is more important than ever for enterprises to safeguard critical data that sits in mainframe environments to protect themselves against security breaches and hefty non-compliance fines,” said Jon Oltsik, senior analyst, Information Security, Enterprise Strategy Group. “SafeNet now offers a mainframe solution to quickly and easily encrypt all sensitive data within a z/OS environment while maintaining the mainframe’s manageability and the availability of critical customer data such as credit card numbers and customer records.”
SafeNet’s mainframe solution consists of:
* SafeNet z/OS Application Connector – Users access DataSecure via an API from CICS, TSO, or Batch environments to request any type of data to be encrypted or decrypted.
* SafeNet DataSecure Appliance – The appliance resides outside of the z/OS mainframe where it manages encryption keys and securely encrypts and decrypts data based on requests sent from the mainframe.
To enable encryption and decryption of large amounts of data within flat files, SafeNet has developed the Transform Utility which runs under z/OS to move bulk quantities of sensitive data in and out of data stores with absolutely no impact on the environment. The Transform Utility enables the SafeNet DataSecure Appliance to rapidly encrypt entire binary files in situations where customers do not require field level granularity for protecting data.
“SafeNet’s mainframe solution provides users with a manageable approach to securing data within the z/OS environment while maintaining application functionality and performance,” said Derek Tumulak, vice president of product management, SafeNet. “Thousands of enterprises across the globe use IBM’s z/OS mainframe operating system to help manage enterprise transactions and data. SafeNet’s mainframe solution seamlessly integrates with the day-to-day functions of the mainframe, providing robust security and compliance with even the most stringent mandates.”
About SafeNet’s DataSecure®
DataSecure provides an intelligent, cost-effective way to protect structured and unstructured data at the data center and out to remote locations. Featuring dedicated hardware appliances and patent-pending cryptography software, SafeNet’s solutions deliver capabilities for granular encryption, seamless integration, and centralized key and policy management including:
* Retailers, financial institutions, and payment processors in adhering to card issuer security policies like the Payment Card Industry (PCI) Data Security Standard.
* Organizations around the world seeking to comply with privacy legislation, such as California SB1386, the Europe Union Data Protection Directive, and many others.
* Financial institutions seeking to comply with Gramm-Leach-Bliley Act.
* Government agencies striving to adhere to the Federal Information Security Management Act.
For more information about SafeNet’s DataSecure Appliance visit: www.safenet-inc.com/DBE
Great verdict for Seagate Momentus FDE.2!!
(Many new technologies reviewed and the encrypted hard drive gets the highest rating!!)
http://www.techworld.com/mobility/features/index.cfm?featureID=4055&pagtype=all
Hardware drive encryption
The biggest mainstream security story of the last few years concerns the theft of laptops containing credit card numbers, credit history, Social Security numbers, and other data belonging to consumers, veterans, and company employees. If only the victims had employed encryption, right?
Some hard drives now have hardware-backed encryption built in, which helps make locking down data easier. Seagate's Momentus 5400 FDE.2 is currently the best-known entry in this category, and Dell is the only laptop maker to offer it as a standard upgrade option. An 80GB or 120GB drive with hardware encryption costs about £36 extra.
The data stored on such drives is entirely encrypted in real time, with no delays and with no interaction between the drive and the operating system. This design improves performance and provides fewer points of entry for unauthorised access.
Some analysts expect drive makers other than Seagate and Hitachi to get into the business, and hardware drive encryption will likely become a dominant business-laptop feature - not even much of an option - by 2009.
Our verdict: For any industry in which security is paramount or even legally obligated (the medical, legal, and governmental fields, for starters), the additional cost of hardware encryption is minuscule when weighed against the technology's ease of use and its role in avoidance of liability.
Symlabs Shows Liberty Advanced Client at RSA Conference 2008
Monday April 7, 9:21 am ET
http://biz.yahoo.com/prnews/080407/aqm073.html?.v=36
Symlabs Federated Identity Suite technology is featured in Telco provisioning demonstration
SAN FRANCISCO, April 7, 2008 /PRNewswire/ -- Symlabs, a leader in Identity Management standards that go beyond federated SSO, is providing Liberty Advanced Client technology for an Intel-BT demonstration showing how Telcos can provision users with software credentials that allow access to converged networks. The demonstration takes place on April 7 at 1pm at the Liberty Alliance Workshop as a part of the RSA Conference 2008 in San Francisco's Moscone Center.
Liberty Advanced Client technology will be available in the near future as part of Symlabs Federated Identity Suite. It includes Registration Server and Provisioning Service Provider components, both of which are compliant with Liberty Alliance standards. The Telco provisioning demonstration shows Symlabs components inter-operating with the Provisioned Module Manager in Identity Capable Platform supplied by Intel and the Registration Application Browser Plugin supplied by BT.
"Liberty Advanced Client standards leverage Trusted Modules, which are client-side tamper-proof security modules, to enable mobility and strong authentication of users. The provisioning process we are demonstrating is essential for building a mobile trust infrastructure that enables federated identity to work when an Internet connection is unavailable," said Conor P. Cahill, Principal Engineer at Intel.
The Advanced Client provisioning standards let Trusted Modules such as mobile phone SIM cards, CPU-based Trusted Computing Environments, or software-based implementations be loaded with software and credentials that enable advanced mobile applications such as off-net authentication, disconnected operation, and web services offered from mobile devices. The benefits of this technology include stronger authentication of users on mobile devices, better privacy protection, and user-centric identity -- your identity is something you can carry in your pocket.
According to Sampo Kellomaki, CTO at Symlabs, "We see applications for Trusted Modules that create new opportunities for users to enjoy a broader range of services while on the move, and a vehicle for the Telcos to add value beyond the SIM card-based identity that they have already successfully fielded to millions of consumers."
Authentication based on SIM cards has been successful in the mobile area, but a standards-based approach that integrates well with federated identity management frameworks is needed to expand their use to new services. With extensive expertise in mobile services, identity management, and Telco environments, Symlabs is well positioned to facilitate this expansion by providing infrastructure building blocks that are ideally suited to the needs of Telcos and their customers.
TNC/IETF, a turtle's pace
http://www.networkworld.com/newsletters/vpn/2008/033108nac2.html
NAC standards a slow progress in work
Standards for NAC are very slowly wending their way through the IETF
Security: Network Access Control Alert By Tim Greene , Network World , 04/03/2008
Tim Greene
Sponsored by:
Standards for NAC are still wending their way through the IETF, but don't hold your breath because they're not doing so at blinding speed, which is not surprising based on the history of how standards make their way through the IETF approval process.
Recently the IETF made some headway in the proposed standard for client-server NAC protocols. There had been a lot of discussion about such protocols before the official call went out, and when the deadline for submissions passed, there was only one proposal.
That was viewed as a good thing by Steve Hanna, who is co-chair of the IETF group working on the standards. That means there will less to review and perhaps less controversy over the submission, meaning perhaps a quicker arrival at a standard.
The premise here is that standards will ultimately prevail and work to the advantage of businesses that buy NAC. It will make setting up NAC networks less complex and give customers more flexibility in choosing NAC vendors and the vendors that offer peripheral enhancements to basic NAC.
Trusted Computing Group has already issued its own informal standards that members agree to follow, but so far there have been very few TCG-standard-based NAC deployments publicized outside of Interop. The Interop demos are actually quite impressive, but real-world examples of implementations would be more impressive.
Since the IETF standard is the important one in terms of adoption, it's the one to focus on - Cisco is holding out for it and ignoring TCG. But even Hanna, who is big in both the TCG and IETF NAC efforts (as well as for his employer, Juniper) isn’t brimming with optimism about IETF standards coming soon.
“Standards are a complicated and delicate process of building consensus,” Hanna says in his NAC blog. “It looks like we’re headed toward consensus on these specifications, but it won’t be completely certain until years later.”
MORE OF THE SAME RE: LENOVO
They're going to have to get their act together if they want their HDD FDEs to go mainstream!
http://forum.notebookreview.com/showthread.php?p=3174165
Confusion reigns at Lenovo re:HDD FDE
(They should just preload Wave and avoid all this nonsense!)
http://forums.lenovo.com/lnv/board/message?board.id=Special_Interest_Utilities&message.id=360
(QUESTION FROM END USER)Has anybody gotten clarity on the encryption scene using a T61 with TPM, Seagate fde drive, Vista ultimate, considering:
• http://www.pc.ibm.com/us/security/securecomm.html says, quote: “SafeGuard® Easy is full hard disk encryption software …. SafeGuard® Easy from Utimaco Safeware comes from Lenovo with 1 year of MSU (Maintenance, Support and Upgrades).”
* But IBM tech at 800-426-7378 as of 3/27/2008 hasn’t heard of this software and refers the call to Lenovo sales, who can’t find anything about it. Ultimaco Safeguard Easy isn’t mentioned as preloaded software on the T61Datasheet either (accessible from a link on the page
http://shop.lenovo.com/SEUILibrary/controller/e/web/LenovoPortal/en_US/catalog.workflow:category.details?current-catalog-id=12F0696583E04D86B9B79B0FEC01C087¤t-category-id=19C791A03AF24034A0011B825513BCED
However, the sheet does state Client Security Solution is preloaded, and the sales pitch page cited above notes the software is part of it.
• Which leaves me right where I was when I did a search on my machine for Utimaco and for SafeGuard but came up dry. I also didn’t see it as a free-standing App when looking in the Apps folder of SWTools folder. (Is it maybe buried in some other folder? Wouldn’t a search on the machine have produced it if it is buried somewhere else?)
• So, what IS the fde mechanism, if it isn’t UtimacoSafeGuard Easy?
• And if it IS UtimacoSafeGuard Easy, wouldn’t it be helpful to know FAQs about this product as listed on the Utimaco website? FAQs such as:
• If you want to add additional hard disks to the system, you should consider to completly remove SafeGuard Easy from the system first. After removing, install the new hard disk and re-install SafeGuard Easy. http://americas.utimaco.com/support/faq/detail.html?ID=107783
• A computer on which the hard disk was divided into several partitions For some reason, the operating system was re-installed on the first partition without first uninstalling SafeGuard Easy. During the re-installation of the operating system, the c: drive was reformatted (and therefore is in plaintext).
Booting up the freshly set up computer, the d: drive is still visible in the Windows explorer, but the data on it cannot be accessed.
Is there a way to access the data on the d: drive? http://americas.utimaco.com/support/faq/detail.html?ID=106920
• It is not possible to change the configuration/partitioning, once a hard disk has been encrypted.
You must consider the partitions and their dimensions "frozen". http://americas.utimaco.com/support/faq/detail.html?ID=107074
* A phone call to Utimaco discloses the individual user does not have an agreement with Utimaco. IBM (or Lenovo?) does. So call them. (But I already did !!! …………… And for some reason I have the feeling that plunking down $100 for a chat with a live rep might not get me any farther down the road.
* Of course, if you have been so rash as to repartition or add another HD, there is the problem of: How do you reinstall this software if you can’t find it on your machine so that it’s presumably not on the “Recovery CDs” either. And what’s the status of your encryption which might be so important to you as to have paid a little extra to get it? And have you been flitting about thinking you’re protected when you haven’t been? And have you yet experienced any measurable losses because of your ignorance? Since money talks, ready, set, class: ACTION ! (Mercifully I will not be part of it since I only recently acquired this machine and haven’t experienced any losses I’m aware of (yet), and I sure do hope to stay out of any such class.
A little help, anybody?
Message Edited by Cripes on 03-29-2008 03:03 PM
03-29-2008 12:34 AM
(ANSWER FROM LENOVO)-Welcome to the forum Cripes. I love seeing a well thought out and documented post.
I think the central answer is that Safeguard Easy is not part of the standard software suite that is bundled with Lenovo products. It is a full disk encryption(FDE) product that is sold separately by Lenovo to compliment the security features bundled with the machines.
Client Security Solution is bundled with machines and available for download. It provides enhanced certificate and password security using the TPM hardware security chip.
Some models have a hard drive with "Disk Encryption". The encryption is done on the drive itself. Combined with a HDD password, this prevents unauthorized data recovery by software or even direct reading of the HDD platters.
Models with Windows Vista Utimate or Vista Enterprise installed support Microsoft Bitlocker which is another FDE alternative.
Hasty - First get the key on there and then it will open the door for the juggler, if you get my meaning. One step at a time, but in their own plodding manner things are converging quite nicely. Just hope the money doesn't run out just as we're getting so close. Cheers, Foam
HP Document (March 2008) citing Wave for key management
http://h20331.www2.hp.com/Hpsub/downloads/4AA1-8478ENW_Sec_and_Man_wp.pdf - 21 Mar 2008
Trusted Computing about to take off
I know that Wave is short of cash and all (and I don't think it's a negligible point), but it is important to keep the other side of the story in mind. Things are about to get explosive and maybe it's not the time to call it quits (Just my opinion, of course).
http://www.ratliff.net/blog/index.php/category/trusted-computing/
he was very excited to meet Steve Hanna. Steve says that 2008 is going to be the year that Trusted Computing breaks out.
http://investorshub.advfn.com/boards/read_msg.asp?message_id=27997184
Hans Brandl says:
Broad adoption can be expected for this year
Big corporations are starting to ask for TPMs
http://investorshub.advfn.com/boards/read_msg.asp?message_id=27943418
Janne Uusilehto of Nokia at a TC presentation is talking about:
“The Coming Invasion: Consumer Devices in the Enterprise”
Wave mention and excellent Grawrock presentation
All Trust2008 talks can be found here:
http://www.trust2008.eu/index.php?option=com_content&task=view&id=17&Itemid=52
http://www.trust2008.eu/index.php?option=com_content&task=view&id=12&Itemid=47
Excellent presentation by David Grawrock of Intel on the chain of trust and Gianluca Ramunno of Turin Technical University only mentions Microsoft Bitlocker and Wave Embassy Trust Suite on her talk that covers an OpenTC demonstration of trusted banking.
Insight into current TC market from Infineon
This is taken from Hans Brandl's talk (Infineon) at Trust2008:
Trusted Computing Market Situation
Most OEMs and ODMs are engaged in Trusted Computing
Basically every brand PC manufacturer is shipping TPM platforms
Factors driving this trend
OEMs: differentiation with security as a feature
Microsoft Vista requirement
Broad adoption can be expected for this year
Big corporations are starting to ask for TPMs
In many cases they need to utilize one feature first; will use other
functions later
Security level is important
Discussion on services based on Trusted Platform is increasing
Strong European engagement
Open Trusted Computing project funded by European Community
-Also some mention of Danbury in the talk and Mobile trusted module. Infineon is serious about moving in a big into what it sees as a huge market looming on the horizon!
European Commission talk on trust in network society
http://www.trust2008.eu/.../4_Dirk-van-Rooy-Trustworthy-Information-and-Communication-Infrastructure.pdf
Excellent IBM presentation on Trusted Virtual Domains
http://www.trust2008.eu/downloads/Keynote-Speakers/2_Ronald-Perez_Toward-Trusted-Cirtual-Domains.pdf
The TCG/TPM is clearly of fundamental importance here. Leveraging the TPM and by extension the tools that activate it (this is where Wave comes in) is clearly a "sine qua non" of future networking technology. This is definitely the value of Wave's technology for those debating this issue.