Sun unveils network security roadmap
New integrated security software to be announced at RSA Data Security conference
Sun will announce new versions of its SunScreen EFS firewall and Sun Security Manager software; the availability of a Windows 95/NT SKIP client; and SunScreen Secure Net, an integrated product that includes SunScreen EFS, Sun Security Manager, and SKIP (simple key management for Internet Protocol) services.
Sun OEMs its Security Manager product from Sweden's Dynasoft AB.
Sun sees the shift to integrated security services, like those it will provide with Secure Net, as part of a sea change in the industry, with security services like encryption, firewalls, and policy management becoming a required part of the network infrastructure. Product manager Walt O'Maley says, "We really see this whole market changing. The stand-alone firewall market will be dead and shift to a platform market."
O'Maley says that the key addition to SunScreen EFS 2.0 is a Java-based GUI. With version 2.0, administrators will also be able to screen specific Java applets by using digital signatures, he says.
In order to service this network security "platform," Sun plans to integrate its security products with its Enterprise Manager network management product and with its LDAP (Lightweight Directory Access Protocol) services by the end of this year. O'Maley says that Sun will produce an application that "sits on top of Enterprise Manager," allowing administrators to implement security policy network-wide via the Enterprise Manager console. He says network managers could do things like automatically encrypt e-mail from specific user groups with this technology.
In 1999, Sun plans to introduce an EFS Network Services API that will allow customers to hook in things like UDP (Unregistered Datagram Protocol) services to the Sun's security products. It also plans to include its SPF "stealth" feature in the SunScreen EFS firewall around that time. The "stealth" feature hides the firewall's IP address from potential intruders.
By midyear 1998, the product roadmap calls for Sun to integrate SKIP encryption features into its Solaris operating system, and to provide basic packet filtering services and ISAKMP (Internet Security Association and Key Management Protocol) and Oakley encryption support for every Sun server shipping. ISAKMP and Oakley encryption is the IETF encryption standard supported by Sun's rival in the network security platform game, Cisco Systems, Inc.
Jim Hurley, director of information security with Boston's Aberdeen consulting says that by providing the security infrastructure behind virtual private networks, Sun could be tapping into a large, if nascent market. "There's a huge demand for virtual private network solutions right now," he says.
O'Maley says he expects to compete with Cisco and, "potentially," Microsoft in this market. "We see that it's going to be a platform play," he says, adding, "It wouldn't surprise me if Microsoft just bought a firewall company and included it in NT." Microsoft is expected to have some degree of packet filtering in its forthcoming NT 4.0.
By baking encryption and authentication capabilities into the OS, Sun hopes to simplify the life of people like Nancy Parker, the senior vice president of technology with the Federal Home Loan Bank of Dallas. Parker says her company had been using SKIP encryption to communicate externally, but wasn't using anything internally. "In putting SKIP in solaris, they're allowing me to take that same security concept and put in on my internal network," she says.
SunScreen Secure Net will be available in March, priced at $3,000 for 100 nodes, and $10,000 for an unlimited node license.
If you have technical problems with this magazine, contact email@example.com