'[ISN] Sun takes Solaris Security To Next Level'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Sun takes Solaris Security To Next Level
From:       mea culpa <jericho () dimensional ! com>
Date:       1998-12-25 4:43:19
[Download RAW message or body]


http://www8.zdnet.com/pcweek/stories/news/0,4153,380640,00.html
By Jim Kerstetter and Scott Berinato, PC Week Online
December 22, 1998 9:00 AM ET

Sun Microsystems Inc. is taking security to the heart of its Solaris
operating system. 

Over the next six months, Sun plans to augment Solaris with security
capabilities including PKI (public-key infrastructure), IP Security-based
virtual private networking and more tightly integrated firewalls. 

Sun (Nasdaq:SUNW) wants to make it easier for IT administrators to
implement and manage security while pulling new technologies such as
public-key encryption into the mainstream. 

The company is targeting the much-publicized security features slated for
Microsoft Corp.'s (Nasdaq:MSFT) Windows 2000, which is expected by the
middle of next year. Both companies, however, are taking a different tack
from vendors such as Novell Inc. (Nasdaq:NOVL), which believes security
features are best kept separate from the core operating system. 

Some IT managers would prefer to see security embedded directly into the
operating system. 

"It's harder to get around security if it's part of the OS," said Marc
Hollander, vice president of software development at MovieFone Inc., in
New York. "If someone is trying to get in, this makes it harder to defeat
the security." 

Embedded security also makes it easier for IT managers to implement
security functions properly, said Dan Kusnetzky, an analyst at
International Data Corp., in Framingham, Mass. 

"If security is part of your OS, you'll at least start thinking about
formulating a security strategy," Kusnetzky said. "Now, many security
breaches occur because some feature isn't turned on.  Bringing features
like PKI into the OS--suddenly they're not so mysterious." 

Sun will embed PKI support into Solaris by next summer via new AMI
(Authentication Management Infrastructure) technology, making such a
complex, digital certificate-based authentication system considerably
easier to roll out and manage. Users will be able to generate public keys
from AMI, which will also be sold as a stand-alone package, said Walt
O'Malley, a group marketing manager for Sun's Solaris division, in Santa
Clara, Calif. 

Using Solaris' Lightweight Directory Access Protocol support, an
administrator can still tie in PKI capabilities from third-party vendors.
The Solaris PKI will also support smart cards for authentication. 

Sun also will support in Solaris the IPSec specification for VPNs (virtual
private networks). IPSec has been a touchy subject for Sun, which
initially refused to support the protocol's IKE (Internet Key Exchange)
method for exchanging encryption keys. Sun had a competing protocol called
SKIP (Simple Key management for Internet Protocols) that it claimed
performed faster than IKE. 

                                         SKIPing with IPSec
                                                  
Sun's planned support for the complete IPSec specification for VPNs is a
dramatic turnaround, considering that Sun: 

  * Released its SKIP specification nearly three years ago
  * Embedded SKIP in Solaris in 1996
  * Submitted SKIP to the Internet Engineering Task Force for standard
    consideration in 1996 but lost to Internet Security Association Key
    Management Protocol/Oakley, now called IKE
  * Initially refused to adopt IKE and in February launched a campaign to
    market SKIP over IKE
    
But Sun has changed its tune, enabling Solaris to support both SKIP and
IKE. This will allow companies to use SKIP while keeping the door open to
IPSec interoperability, said Stephen Borcich, Sun's director of product
development. 

For firewall support within Solaris, Sun is planning a major overhaul of
its SPF-200 and EFS (Encryption Firewall Server) SunScreen firewalls.
Version 3.0 of the products, due next summer, will be more tightly
integrated with Solaris and with each other, Borcich said. 

Sun plans to sell Solaris with both SPF-200 and EFS; users will have the
option of running SPF-200 on a dedicated server or with Solaris and EFS,
which offers much better performance. 

"A lot of companies have remote sites that could be running firewalls or
setting up a VPN to send data back to the main office if they had it right
there on the OS," Sun's O'Malley said. 

The stealth features of SPF-200 also improve Solaris' security; the
product doesn't have its own IP address, which makes it hard for hackers
to locate the server on which it's running. SPF-200 also inspects IP
packets as they come through the firewall, a process similar to the
stateful inspection technology of Check Point Software Technologies Ltd.'s
Firewall-1. Sun will add new failover capabilities so that if one firewall
crashes, the other takes over. Sun will also provide a central management
application for firewall farms at major companies, O'Malley said. 

All these security features, to be released in Solaris 7.x over the coming
year, will match the security features Microsoft is building into Windows
2000. For nearly a year, Microsoft officials have been evangelizing
Windows 2000's security benefits, including PKI and IPSec support and
smart-card integration. 


-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic