- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Wireless dangers at airports. Listen now!
Most companies have a solid disaster recovery plan in place to handle a "complete failure" of its Active Directory, which is really quite rare. What most recovery plans are missing, and the most common scenario, is a means to efficiently restore single directory objects. In this paper, we'll explore what most disaster recovery plans already address, highlight potential weak points, and suggest solutions that help fill those gaps-without requiring you to completely re-do your existing plan.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch Raven Zachary, Research Director for Open Source at the 451 Group, an independent IT analyst firm, discuss the emergence of enterprise Linux and the role of Oracle Unbreakable Linux support.
hello cisco
- Anonymous
The National Institute of Standards and Technology last week raced to meet a weekend deadline to issue a smart-card standard that will be the basis for products that give federal employees and contractors secure access to networks and buildings.
President Bush imposed the deadline last August in a directive aimed at improving government security by having a common access technology adopted by next year.
The arrival of the Federal Information Processing Standard (FIPS) 201 is being met with a mix of optimism and anxiety. If it works out, the standard could provide a framework for adoption outside the federal government. But more immediately, government agencies are concerned about its costs and practical implementation.
The Department of Defense, the government's biggest user of smart cards, is most worried.
"We expect we're going to have to make some changes," says Mary Dixon, deputy director at the department's Defense Manpower Data Center. The group has issued more than 3 million smart cards based on the older Government Smart Card Interoperability Specification (GSCIS ).
In comments to NIST last December on the draft standards document, the Defense Department said FIPS 201 would force a "costly re-investment" that would "require [Department of Defense] to re-deploy desktop middleware to 2.2 million [Defense Department] computers," update 3.5 million Common Access cards and "impose an unproven solution with no supporting product."
The government did not release estimated costs to pay for Bush's mandate.
"[Department of Defense] CIOs and program managers will be hard-pressed to explain and defend this decision to their senior leadership," the department stated in its comments to the NIST, and added that the draft standard is at odds with changes planned by the agency this year. The Defense Department did not divulge those changes.
Dixon says the Defense Department will lobby for changes in FIPS 201 right up until its official publication.
The two NIST engineers who wrote FIPS 201, Cliff Barker and Jim Dray, aren't oblivious to the concerns surrounding the emerging standard.
"The majority of the controversies we enjoyed in the last few months are due to the legacy issues of the GSCIS world," said Dray said during a presentation he made two weeks ago at the RSA Conference. "But card management was one of the main things missing from GSCIS v.2.1."
The smart-card platform expected to be unveiled this week is a "virtual machine card" with common namespace definition, management, file IDs and application IDs.
The standard also will define procedures for establishing user identity before issuing a smart card. The NIST engineers said agencies, which use smart cards for access to networks or, less commonly, buildings, are going to have to get on board.
"We don't think it's going to be possible to have business as usual for agencies that don't want to change," Dray said.
The smart-card standard is expected to have two-fingerprint biometrics and a digital certificate for authentication. The smart card would support both "contact-based" and radio frequency identification (RFID)-based "contactless" methods for sharing data.
The contactless method has been controversial because of the concern that "you could come behind someone in an elevator and pull the biometric off a card using an RFID reader," says Dave Enberg, CTO at CoreStreet, which makes identity management and access control products for physical and logical systems.
"The whole process has gone through highs and lows in terms of the communications between staff at NIST, industry and the government agencies involved," says Randy Vanderhoof, executive director of the Smart Card Alliance in Princeton Junction, N.J., whose members include manufacturers such as Axalto and Gemplus.
Vendors to the government will inspect the published standard for how "tight the FIPS 201 specification would be in defining specific card data files and smart cards that would render existing systems incompatible." He adds: "The 'must' vs. 'may' vs. 'should' is critical to this process."
Two technical documents from NIST, Special Publications 800-73 and 800-76 expected out in March, will further define smart card hardware and biometrics requirements.
Gary Klinefelter, vice president of engineering at Fargo Electronics and chair of a group called Open Security Exchange, which advocates open standards for dual-use access methods, says smart-card manufacturers are going to have to determine whether they'll need to develop new chipsets for FIPS 201.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
