- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Start-up Trusted Network Technologies is preparing an upgrade to its unique authentication and access-control offering that could prompt businesses to rethink their use of firewalls.
TNT's Identity consists of an agent called I-Host that runs on PCs and servers, an appliance called I-Gateway that enforces authentication and access policies, and software dubbed I-Manager with which administrators set access policies.
Identity works by setting and enforcing policies that link users to network assets. I-Host embeds in each packet a unique identifier based on users' identities and the identity of the machine being used. I-Gateway sits on the network in the traffic stream, reads the identifiers and enforces policies to allow or deny sessions as they are requested. I-Manager is browser-based software with a graphical user interface for setting policies and managing and gathering activity audits.
All this is done within standard TCP/IP packets without adding overhead or altering network infrastructure, the company says.
An I-Gateway placed in front of a firewall can block unauthorized traffic before it reaches the firewall, says TNT CTO David Shay.
The University of Georgia College of Pharmacy in Athens is considering Identity to protect key administration applications in its network, says John Anderson, management information specialist. The two-factor identification tied to a specific person and a specific machine is potentially less vulnerable to spoofing attempts than a firewall, Anderson says. IP addresses are susceptible to spoofing if a hacker within an organization puts a legitimate IP address on a nearby machine on the same network to exploit internal firewalls, he says.
He is concerned that the Identity system is vulnerable to session hijacking, in which a hacker takes over an established session after I-Gateway has let it be set up.
Shay says I-Host monitors the state of established sessions to prevent hijacking.
I-Gateway also protects networks from hackers by dropping the unauthorized session requests they use to probe networks, says TNT CEO Steve Gant. When hackers get no response, they interpret that as having probed an empty network segment, says Gant, a former vice president at Internet Security Systems.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment