Het begint te dagen: extra ‘slot op de deur’ essentieel bij datacommunicatie

Steeds meer klanten van SRC Software Solutions combineren internetbeveiligingsprotocol SSL met SecureZIP waarin PKI-certificaten van andere certificaatautoriteit (CA) worden gebruikt

Amstelveen, 11 oktober 2011 – Met de recente berichtgeving rondom internetbeveiligingsprotocol SSL in het achterhoofd dringt het tot steeds meer ondernemingen en organisaties door: een tot in de puntjes geregelde beveiliging van datacommunicatie is essentieel. SRC Secure Solutions, leverancier van software voor databeveiliging ziet deze bewustwording bij zijn klanten met de dag groeien.

Internetbeveiligingsprotocol SSL zorgt ervoor dat via het internet uitgewisselde informatie versleuteld wordt verstuurd, zodat het voor derden niet leesbaar is en de gegevens dus niet gestolen kunnen worden. Hierbij wordt gebruik gemaakt van SSL-certificaten. Nationaal en internationaal zet men internetbeveiligingsprotocol SSL breed in voor het beveiligen van datacommunicatie, bijvoorbeeld tussen overheidsinstellingen onderling of met bedrijven (via certificaatsysteem PKIoverheid), tussen de overheid en burgers (via DigiD), tussen webshops en consumenten, en tussen banken en hun klanten. Door deze vorm van datacommunicatie te
combineren met datasecuritysoftware, zoals SecureZIP met digitale sleutels van een andere certificaatautoriteit (CA) dan die van internetbeveiligingsprotocol SSL, wordt de veiligheid aanzienlijk versterkt. De software van PKWARE fungeert dan vergelijkbaar met een ‘extra slot op de deur’. Diverse klanten van reseller SRC Secure Solutions, zoals enkele Nederlandse uitvoeringsorganisaties en een overheidsinstelling, beveiligen hun datacommunicatie al op deze manier.

Wereldwijd gebruiken meer dan 30.000 bedrijven en meer dan 200 overheidsorganisaties SecureZIP van PKWARE om bestanden te beveiligen die worden opgeslagen en uitgewisseld. De software van SecureZIP werkt volgens de ZIP-technologie; een standaard die beschikbaar is voor nagenoeg alle platformen en die databestanden in omvang reduceert met wel 95 procent. Naast comprimeren biedt SecureZIP ook de mogelijkheid data te encrypteren met een encryptiesleutel zoals een (breed) wachtwoord of een PKI-certificaat. De PKI-certificaten bieden voldoende waarborg voor een veilige opslag, op eigen systemen en in de ‘cloud’, en voor de uitwisseling van gegevensbestanden tussen eigen systemen en met die van partners.

Datacommunicatie op basis van internetbeveiligingsprotocol SSL wordt door de overheid toegepast om burgers informatie te laten opvragen en gegevens in bestanden te laten aanpassen: de burger gaat naar een beveiligde website en meldt zich aan met een gebruikersnaam en wachtwoord. De server van de overheid ‘herkent’ degene die zich aanmeldt en bouwt een beveiligde verbinding op, snel en doeltreffend, waarna de burger communiceert met de overheidssite. Bankinstellingen gebruiken een vergelijkbare technologie voor internetbankieren. Het inloggen is geavanceerder en per bankinstelling verschillend. Op basis van een bankpas en een te berekenen of via sms te ontvangen code wordt de beveiligde verbinding opgebouwd en via de beveiligde lijn worden betaalopdrachten uitgewisseld.

Een aantal van de eerder genoemde uitvoeringsorganisaties en de overheidsinstelling gaat echter nog een stapje verder: zij gebruiken bovenop internetbeveiligingsprotocol SSL ook SecureZIP met PKI-certificaten van een andere certificaatautoriteit voor het comprimeren en encrypteren van hun gegevensbestanden. Zo zorgen zij er als het ware met een ‘extra slot op de deur’ voor, dat persoonsgegevens en andere privacygevoelige informatie niet op straat komen te liggen.

SkyView Partners introduces SkyView Policy Minder for AIX 

---

SEATTLE, Wash – September 15, 2011 - SkyView Partners today announced an AIX version of the popular SkyView Policy Minder product.

“AIX is a new platform for SkyView and we are excited to show the AIX community a new way of addressing security compliance and administration. With security compliance and administration, the “devil is in the details”. As with Policy Minder in the IBM i world, we’ve put a lot of rich features in the product to make the life of the administrator much easier. A lot of administrators write scripts to get compliance information. While scripting may get the job done, it’s cumbersome to deal with across multiple partitions. With scripts, it’s difficult to weave in an easy-to-use reporting mechanism that aggregates the data from multiple partitions. With Policy Minder for AIX, we’ve provided a web-based interface that provides a centralized view of your compliance status as well as easy access to reports and the ability to launch compliance checks and fixes to security policy deviations across multiple partitions. ,”explains Carol Woodbury, President of SkyView Partners Inc. “We started with a spec and refined the product and spent a lot of time talking with customers as we moved from prototype to alpha and finally to beta. Beta testers really see the value in this product. They especially like the details of the compliance reports (that show exactly what’s out of compliance) as well as the FixIt function that resets the out-ofcompliant value. The FixIt function will also be useful for administrators for configuring new partitions. They can simply import the appropriate configuration settings from a pre-defined file and run FixIt on the new partition. ”

SkyView Policy Minder for AIX automates the compliance processes and security administration associated with an organization’s security policies.

The areas that the product examines include:

• Global security settings:
  • auditing attributes
  • group attributes
  • login defaults
  • password attributes
  • user account creation defaults
  • other, misc settings
• User account settings:
  • auditing attributes
  • group attributes
  • login defaults
  • password attributes
  • other, misc settings
• Directory and file permissions:
  • Owner
  • Primary group
  • Other
  • Attributes
    • SUID
    • SGID
    • SVTX
  • Extended permissions
  • SUID / SGID files
• Daemons
• Exported directories

Policy Minder for AIX features an admin console that allows the ability to administer one server or multiple servers at the same time. It also features a comprehensive message log for administrative tracking and debug. Further, security policies can be initialized – that is, current settings can be discovered and used as the policy setting.   read more:

SRC Invites you to attend the webinar -

Navigating the Legal Aspects of the Cloud:

Protecting Your Company and Your Data

Date: July 21st, 10:00AM CST  (17:00 CEST)

Ensure that your company and your data are protected in the cloud.

Register today! Attendance limited to first 1000 respondents

Register now

Clark Hill attorney Dan Graham will address the exponential growth and potential risks associated with cloud computing contracts.

This program, designed for CFOs, CIOs and IT directors, will discuss how to effectively negotiate cloud contracts to address security, performance, audit, remediation, and mobility rights, while outlining strategies that will properly protect information and core processes. 

Learn the legal implications of taking flight to the cloud:

• Explore five key sections of cloud contracts
• Understand seven cloud computing security issues
• Recommendations for data protection in the cloud

Develop a flight plan to navigate the legalities of cloud computing.

Register now

Afterwards, Susan Zaney, SVP at PKWARE will explore options for securing your data in the cloud, while mitigating risks, reducing costs and gaining efficiencies.

The PKWARE Solution is recognized as the only complete solution for reducing, securing, moving and storing data across the extended enterprise for more than 30,000 corporate entities and over 200 government agencies across the globe.

SRC Secure Solutions: Software for Data Protection and Security Administration & Compliance

Exposure of enterprise data (especially sensitive data) can present a huge risk to business continuity. You are obliged by standards, laws and regulations to secure your systems and protect your data against breeches.

You are required by your auditors to supply proof of the measures you have taken to strengthen your IT security. After all data breeches do occur – and frequently.

Security and compliance require you to properly monitor your network and systems on it.

All of this is only feasible by automating the processes of security administration, data protection and systems monitoring.

To help you reduce the risk of data breaches, to secure your systems and to stay in compliance with the regulations SRC Secure Solutions develops, supplies and installs a broad range of software solutions for most OS platforms. With our software we help companies comply with standards like ISO 27001, ISF Standard of Good Practice (SOGP) regulations such as Basel II/Basel III and laws like Sarbanes-Oxley (SOX).

SRC Secure Solutions was built on more than 20 years experience of supplying state-of-the art ICT solutions to large, medium and small organisations and companies.
Given that you must secure your systems and data, the solutions from SRC Secure Solutions can actually deliver you a return on investment in the short term.

Here are just a few of the ROI’s you can expect:
•    Reduction of labour costs by automating compliance
•    Reduction of storage costs by encryption!
•    Reduce the costs of external auditors by automating the audit
•    Protecting your data = protecting your business
•    Prevention is better than a cure!!

For more details on the Returns on your Investments please contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it

iSecurity for IBM-i Raz-Lee Security

 

SecureZip from SRC Secure Solutions as solution for FIPS 140-2 Compliance 

The Dutch Ministry of the Interior and Kingdom Relations secure sensitive data on Linux systems with SecureZIP

28 June, 2010. Following a successful test, a division of the Dutch Ministry of the Interior has chosen SecureZIP Enterprise Edition for Server as the solution to secure sensitive private data to be exchanged with authorized organizations. The choice for SecureZIP was made to due its FIPS 140-2 compliance, the availability of SecureZIP on all major computing platforms (including Windows and Linux) and the price performance ratio.  SecureZIP Server has been installed in the Linux production environment.

The Ministry of the Interior exchanges confidential data with a number of other services. The political and private sensitivity of this data is an important issue. So the Ministry must consider the public requirement to make this data available to authorized parties quickly and efficiently while protecting the privacy of the citizen and from identity theft etc. The Ministry is using FIPS 140-2 standards to protect this data. FIPS 140-2 is the most recent version of the US Federal Information Processing Standards specify requirements for cryptography modules which include both hardware and software components.

SecureZIP has been implemented by the Ministry of the Interior as part of a security regime for protecting data within computer systems. The current version of FIPS 140-2 was published by the US National Institute of Standards and Technology (NIST) and is valid from December 2006. One part of FIPS 140-2 covers the validation. The FIPS 140-2 validation certificate is based on the requirements published by NIST.

How does SecureZIP help meet FIPS 140 2 compliance standards?

SecureZIP by PKWARE fully addresses the standards outlined in FIPS 140-2 by strongly encrypting data to ensure it remains protected at its origin or destination, both in movement or storage. Because SecureZIP encrypts the data itself rather than the storage device, it remains protected even if placed on removable media that is lost or stolen during transit.

SecureZIP offers government agencies the ability to use validated cryptographic modules for protecting data when run in FIPS mode.

 

FIPS Validation	Cert #	FIPS Level
Win2K	103	140-1
WinXP	238	140-1
WinXP w/SP3	989	140-2
Vista	893/1002	140-2
Win2003	382	140-2
Win2008	1010	140-2
UNIX/Linux	918	140-2
Z900, z800	118	140-1
Z990, z890	524	140-2
Z990, z890, Z9EC, z9BC, z10EC	661	140-2

Carol Woodbury's article: Work Smarter, Not Harder!

I'm guessing it's due in part to how I was raised as well as my independent nature, but I tend to think that I can do everything myself and don't need to ask for help. Therefore, I probably took longer than most to realize that doing everything myself is not always a wise decision.  Sometimes I do need help and should ask for it. Also, there are times when it just makes much more sense to hire someone to do something rather than do it myself.

How does this confession relate to you? What are you not able to do because you are required to generate a compliance report? Or, what security administration task isn't being accomplished because you just can't get to it?

Raz-Lee Security is the leading security solution provider for iSeries (Power i or AS/400) servers. iSecurity, Raz-Lee's unique iSeries security suite, helps companies protect valuable information assets against insider threat and unauthorized external access. It offers end-to-end security solutions, from network security to application security. Raz-Lee's solutions enable enterprises to comply with the requirements of PCI, Sarbanes-Oxley (SOX) and HIPAA.

SRC Secure Solutions is proud to add iSecurity to its suite of IBM i Security and Compliance product suite, "These solutions complement SkyViews Security Compliance and Management solutions to ensure complete compliance and strong security on the IBM i system" Stephen Cheney, director SRC Secure Solutions bv.