New Linux Security Products Glimmer On Horizon
What Linux Brings: Security and Flexiblity
Beyond displaying an extensive slate of existing Linux products, vendors at this week's InfoSecurity show pointed to possible future offerings ranging from a Linux client for a CD-ROM encryption system to a Linux-enabled all-in-one device for securing both physical access and video surveillance.
In a sign of the growing convergence between information security and physical security, the InfoSecurity conference was combined this year with the East coast edition of the ISC show, another perennial event at New York City's Javits Center.
Conference sessions tended to skirt matters specific to OS and interoperability, focusing instead on convergence issues such as organizational restructurings and information sharing, as well as on what general types of tools to deploy against the latest nuances in bots, pharming, and other cyberattacks.
But on the show floor and in other conference byways, vendors and government contractors happily discussed OS platforms, including their reasons for favoring particular Linux distributions.
PD Inc., for example, is using a COTS implementation of embedded Linux in its all-in-one device for physical access, video surveillance and analysis, and storage now being developed under contract to the US Navy.
"We're getting everything that Red Hat would provide, while keeping the costs lower," according to Jason Pyeron, senior consultant at PD. The integrated device uses CAC cards with single sign-on (SSO) for authentication, along with a modular overall structure for quick expandability, Pyeron said, during an interview with LinuxPlanet at the show.
The contractor is currently testing the integrated appliance internally. But Pyeron anticipates a pilot test by the Navy in 2007.
Symark on the other hand, offers its PowerBroker and PowerPassword software on both Red Hat and Debian Linux, along with other varieties of Unix, said Carla Davies, sales engineer, in a meeting with LinuxPlanet on the show floor.
PowerBroker is designed to let organizations delegate Linux or Unix administrative privileges to trusted users without divulging the root password.
PowerPassword is a program for managing passwords across multiple authentication systems complying with the PAM specification.
For its part, Cyberoam has chosen embedded Red Hat Linux as the platform for Unified Threat Management, a gateway-enabled security appliance just now becoming available in the US.
The appliance combines a firewall with identity management, anti-virus, anti-spam, content filtering, intrusion detection and prevention, bandwidth management, VPN, and systems management capabilities, said Hermal Patel, CEO, in another interview.
Patel sees SonicWave and FortiNet as the company's primary competitors. "Unlike [the others], though, we are identity-based," he told LinuxPlanet.
India-based Cyberoam has been selling the appliance through Ernst & Young and Avaya on the Indian subcontinent.
Now, however, Cyberoam has opened a sales office in New Jersey, and it's looking to sign up distributors in North America. CCNY is the first to be inked.
Why did Cyberoam decide on Linux as its embedded environment? "Flexibility," Patel responded. In addition to creating an interface aimed at "ease of use," Cyberoam has added device drivers to the embedded platform.
An anti-spyware appliance from mi5networks, also shown at InfoSecurity, is based on embedded Linux, too. But "hardened" security is the main reason why.
Doug Camplejohn, CEO and founder of mi5, said that his company opted to use Fedora Linux because of the need for a hardened kernel.
The appliance uses three different scanning technologies to check incoming traffic for spyware on-the-fly. "We can block spyware before it 'phones home,'" Camplejohn contended.
Meanwhile, other vendors are giving thought to enabling their Windows-based products for use on Linux servers and/or desktops.
Although the news hasn't yet been announced, Secured eMail has now definitely decided to produce a Java client for its Simple Encryption Platform, a system that encrypts mail authored on Microsoft Exchange and Windows editions of Lotus Notes, according to Daniel Nilsson, business development manager.
Via the Java client, users will be able to view the encrypted mail on Linux and other non-Windows-based mail systems, Nilsson told LinuxPlanet.
Also for access from non-Windows systems, DolphinSecureWare, Inc. provides a Web browser interface to Purifile, a new software product for removing "sensitive information" that users might have hidden--either accidentally or deliberately--inside Microsoft Office files.
Dolphin, another federal government contractor, first developed Purifile for the Dept. of Defense, said John E. Ivory, program manager, and John P. Cappelli, commercial sales manager.
The company is now in the process of introducing the Microsoft Office file inspection application to the commercial space.
At the same time, Global Technologies Group, Inc. (GTGI) is planning an Apple Macintosh client for SecureDisc, its Windows XP-based system for encrypting CD- and DVD-ROMs.
"After the Mac client, our next client will probably be for [desktop] Linux," said GTGI's George W. Allen.
One common use of SecureDisc is to encrypt payroll files. Once the files are encrypted on the disks, the files are sent by overnight mail to payroll processing firms, according to Allen.
But other vendors aren't so sure yet about adding either Linux enablement or access to their currently 'Windows only' line-ups.
"It's all about demand," said Bobby New, federal sales engineer at SenForce, the makers of a system known as Endpoint Security Suite.
"In other words, in order to [start offering products for Linux], we'd need to have a request from a customer," according to New.
But at Promisec, makers of Spectator Professional software for endpoint security management, the thinking around staying on 'Windows only' is somewhat different.
"We're concentrating on 'end points' right now, and about 98 percent of the end points out there run on Windows," said Hillik Koffer, co-founder and VP of business development
"If we do anything with Linux, it'll be on Linux servers. And we don't want to do that right now, because it would only confuse the issue. What we're talking with [customers] about now is end point security."
But crossplatform support works the other way around, too. For instance, long-time Linux and Unix player Symark recently came out with PowerKeeper, a "hardened" appliance for managing administrative passwords for Red Hat and Novel SuSE servers and workstation desktops, as well as for Windows servers and desktops, Unix, IBM AS/400, Cisco routers, and multivendor databases and firewalls.
"There's quite a need out there for Windows administrators to be able to manage passwords, too," Davies told LinuxPlanet.