UPDATE ON WINCOM PARTNER: SISTEX
a subsidiary of INFO TEX
Sistex Takes Over Secure NetWare Card
By SHARON FISHER
Sistex Inc. has taken over development and marketing of a networking card that gives NetWare LANs a government approved level of security.
The Rockville, Md.-based company has taken over the secure Ethernet card produced by Cordant Inc., according to Sistex president Howard Morrison. In fact, Cordant has ceased development of the card, he said.
The Defense Department's National Computer Security Center, part of the National Security Agency, defines two types of C2 security. One, specified by the Trusted Computer System Evaluation Criteria (known as the "Orange Book"), covers stand-alone systems. The other, specified by the Trusted Network Interpretation (known as the "Red Book"), includes networked components as well.
The cards let Novell promote NetWare 4.1 as Red Book C2-compliant, as opposed to Orange Book C2-compliant. In comparison, Microsoft's Windows NT Server is certified as a stand-alone workstation, but without a comparable card offering, such a server is no longer C2-compliant as soon as it is plugged into a network.
C2-level security is only required for certain levels of government interactions, but analysts have said that any user concerned about security--such as those dealing with electronic commerce on the Internet--might wish to take advantage of it.
C2 security covers four basic functions:
*Identification and authentication, such as through a login and password procedure.
*Discretionary access control, or the assignment of privileges based on authenticated users' access rights.
*Auditing of security-related events.
*Object reuse, or the operating system's ability to purge data from areas such as random-access memory and disk space before the area is assigned to another user.
In addition, the security mechanisms must be protected from unauthorized modification and must control all access.
Users need to follow many policies and procedures for a network to remain in C2 compliance--simply having a C2-evaluated network operating system is not enough. For example, organizations must change their passwords every 30 days.
Sistex has announced its implementation of the card, which it is calling the Assure EC. In addition, the company said the card will work with IntranetWare and NetWare 4.11.
The company also said it would release versions of the product for Windows 95 and for Windows NT early next year.
Assure EC for NetWare is due to ship at the end of next month. It is expected to be completed with government evaluation in late January. Pricing was not disclosed.
techweb.cmp.com |
