PROTECTION OF STATE AND INDUSTRIAL SECRETS.
PROTECTION OF STATE AND INDUSTRIAL SECRETS
Computer security issues in the USA
As noted in Defense fe Security Electronics magazine, the problems of computer and information security today are formulated in President Clinton's Executive Order «On Classified Information Related to National Security» of April 17, 1995, which prescribes a uniform system for classifying, protecting, and declassifying information containing state secrets.
But it is not only the protection of information related to national security that is important to the country. Computer security and ensuring commercial secrets are also necessary for business and industry. For this purpose, several councils, committees and associations have been created in the United States. Among these organizations is the National Computer Security Association (NCSA), which has established September 9, 1995, as National Computer Virus Awareness Day. The threat to national security and business interests runs the gamut from viruses and hackers to international organizations whose affiliations and intentions can only be guessed at.
Below is a list of currently commercially available products that are examples of computer security solutions to combat unknown threats.
Fortezza Crypto Card, Spyrus Inc.This cryptographic PC card is a complete single-board computer on a PCMCIA board that can be used to provide secure data exchange. The card supports two levels of access control. The security officer uses a 12-byte alphanumeric code to gain access to the administrative functions of the card. The user gains access by entering another code of 4 to 12 bytes. The cryptographic interface library helps application developers use the security services offered by the card. This card supports the following algorithms: key exchange — KEA, encryption — SKIPJACK, key return — SHA-1 and signature -DSA.
Secure Military DMS by E-System, ECI Div.Group Wise combines Defense Messaging System (DMS) security with email, ease of use, and cross-platform capabilities. Features include DMS (email, encryption, and decryption for Internet use). DMS messages can include text, graphics, video, spreadsheets, sound clips, and faxes. Features include remote user directory browsing and push-to-talk functionality for Fortezza.
Server-Based Security Protocol, Cisco Systems Inc.The Terminal Access Controller Access Control System (TACACS) protocol provides network administrators with support for implementing a complete security system for dial-up users. TACACS+ evolved from a server security protocol first proposed to the PPA-Internet community in 1984. TACACS+ provides support for independent user authentication, access rights determination, and accounting between the server and a remote database. Multiprotocol authentication converts password type to ARA, SLIP, PPP PAP, and CHAP.
AX 200 Encryption Token, Information Resource Engineering Inc.This device, being a next-generation security device, identifies the remote user and then automatically encrypts the transmitted data. Unauthorized access to the computer network is prevented, and data such as passwords and other private information are not at risk. The device uses the identifier entered by the user from the keyboard to generate a random password, which is then used for identification. The identifier can be something that the user knows well.
Company usrES Software Inc.offers the ultra SECURE security software package for managing access to Macintosh platforms. Certified by Apple Computer Inc., this package provides compatibility with: Power PC NATIVE and ACCELERATED for Power Macintosh, Quadra 630, Power Book 150, Apple disk drives and IDE and HDT drivers; all Power Books, as well as System 7 and 7.5.1. This software package provides access control to the computer, disks, files, applications, direct access, communication channels, server and terminals. The system provides a virtually unlimited number of users, groups and access privileges, five levels of hierarchical user identification, including the main administrator, administrators, dispatchers, users and guests (and dispatchers have access to all subordinate servers).
DECoffers the confidential Unix-like operating system DEC MLS+3.1. This system provides a secure «windowing» and networking environment for a family of workstations and networking platforms based on the 64-bit Alpha microprocessor. It provides extensions to the Unix kernel and is designed to support the Bell-La Padula system, a mandatory access control system in which users cannot read data above their level or read data below their level. The system includes support for confidential network information services, network compatibility with the Confidential Systems Interoperability Group, and a configurable display with a security marker on the «window».
AXENT Technology offers the Onani Guard/EAC system, which provides protection for desktop and laptop computers based on Intel microprocessors against unauthorized access by internal users, computer thieves, and users on public networks such as the Internet. The system protects terminal hard drives and floppy disk drives, as well as network drives, through encryption. Its features include: control of network access through the communication machine only after proven authentication; configuration control to control access to network interface cards, providing a reliable barrier between the network and the workstation; protection of files stored on network drives, and workstation logs that are automatically updated.
Harris Computer offers Cyberguard Firewall.This system provides security for file transfer, web browsing, remote login, news service and email. The new generation of the system additionally includes high availability and performance, encryption and smart card support. The new generation of protection against the propagation of errors is fully compatible with previously installed versions of the system. In addition, consulting support is provided through the corporate network service.
Jones Futurex Inc. offers Sentry Link 576 and Sentry Link 144i, installed between computers and modems, asynchronous and synchronous data encryption. They provide a high level of protection for remote access to dial-up lines and for secure data transmission via modems. Sentry Link 576 uses DES and JFXE2 algorithms for encryption at a speed of 57.6 kbps. The exported Sentry Link 144i operates at a speed of 14.4 kbps and uses the JFXE2 encryption algorithm. Sentry Link 576, compatible with the standard Sentry Link 192.
Turning Point System Inc. offers the Electronic Document Tracking System (EDTS) for the needs of the US military command.
The document database was created according to the specifications set out in the Clinton order and includes the following features: destruction, declassification, downgrading of records by documentation or individual method, evaluation of required data by several criteria, ensuring overall accuracy in costing, effective standardization in the management of classified records. Instrumental policies change rapidly and are supported by a comprehensive training program.
Ascend Communication Inc. developed the MAX 4000 systemto concentrate 96 signals for transmission over a single digital line. This switch centralizes the security and network management system. It replaces a large number of additional lines, adapters, modem racks, etc. The system functions as an intelligent remote access server and performs full protocol routing, having the features of a reduced instruction set processor, a compression microprocessor, and a digital modem that supports users of the 48V.34 analog modem at speeds up to 28.8 kbps.
IS/Recon Database System, developed by the National Computer Security Association, contains thousands of articles, reports, message blocks, Usenet bulletins, Listserv news, CERT advisories, and the results of hundreds of legitimate and illicit searches conducted by National Computer Security Association analysts. The latest information on hacker and phreak trends, security incidents, Internet outages, antivirus developments, new threats, and other information amounts to more than 70 MB each month. The database uses the ZY index algorithm, which indexes every word in the database and allows for nearly continuous searching of the 700 MB database.
Secure Computing Corp. has developed the Sidewinder system for secure use of the Internet. It provides protection of the organization's information assets by implementing security in depth, transparent access to Internet services, remote user identification through a simultaneous challenge-response mechanism, rule-setting mechanisms, active protection, central administration security, and a security violation accounting service.
GTE Government System Corp. offers the SPANet 4000 switch, which is the fourth generation of asynchronous transfer mode switches with speeds from 5 to 10 Gbps. It includes the following features: user authentication, protection against false positives, privacy and cryptocell. Each factory port in the switch contains a minimum of 8000 buffer cells to provide huge data flows at variable traffic rates without loss of information (data and images).
DEC (Digital Equipment Corp) offers a Digital Firewall for Unix software package designed to provide secure computing on the Internet when operating on a single system with e-mail and file transfer. In addition, a special server is offered for companies with simple security requirements and a need for Internet access. The final product ties together a mid-complexity solution with service and additional security features.