FOSE roundup

Security, open source highlight FOSE

Recognizing the demands on federal agencies to secure their systems, information technology vendors showcased products and services to help them meet compliance requirements and fortify their networks at the FOSE trade show last week in Washington, D.C.

Sessions about government use of Linux and moves by Fujitsu Computer Systems to let users run Linux and Microsoft Windows on the same hardware supported a growing consensus among industry experts that open-source software, particularly Linux, is here to stay.

The conference opened with a warning from Intel's incoming chief executive officer, Paul Otellini. He said the United States risks losing its competitive edge against other countries if industry and government officials don't change the nation's IT infrastructure, move to mobile technology and implement new policies.

"It's not that we slowed down," said Otellini, currently Intel's president and chief operating officer. "It's that other countries are moving more aggressively to deploy this [mobile] type of infrastructure."

But a mobile infrastructure must have more than adequate security. To that end, Senforce Technologies announced a new security enforcement technology for Wi-Fi endpoint devices. The system, called Senforce Connectivity Control, ensures that devices such as notebook and desktop computers and tablet PCs comply with government security mandates such as the Sarbanes-Oxley Act, the Health Information Privacy and Accountability Act (HIPAA), the Graham-Leach-Bliley Act and aspects of the Defense Department's Directive 8100.2 for the use of wireless technology.

The system can also help agency officials implement federal telework programs and enforce remote access policies. It makes users at public access wireless hot spots almost invisible to hackers.

Senforce Connectivity Control is based on the company's location-aware technology, which is customized to meet specific requirements of wireless security initiatives used by the military. One difference is that the technology resides at the driver layer. It can block and control all file executions and control endpoint devices. In addition, location-based policies can adapt to any networking environment, such as those based on Wired Equivalent Privacy.

An agent resides on every endpoint device and is distributed to clients via a central management module. Policies can be enforced for users in groups or by users' network locations without any end-user action.

Dell also launched a wireless network security-assessment service. It identifies wireless access points, including unauthorized or rogue access points, and measures security standards in use for each device.

"This wireless securityassessment service is designed to help prevent security breaches, enabling secure mobility in a wireless environment," said Troy West, vice president of Dell's federal business.

Corrent unveiled a new series of security appliances based on Microsoft Internet Security and Acceleration (ISA) Server 2004. Corrent officials take security software that runs on traditional servers such as Check Point Software Technologies firewall products and puts the software in a hardened appliance, said John Davis, Corrent's chief technical officer. Corrent officials also introduced the SR110 Web Security Gateway based on Check Point's Connectra software.

The two ISA Server-based appliances, SR125 and SR225, are designed for government agencies and organizations using Microsoft applications. They offer the ISA Server 2004's advanced application firewall, virtual private network and Web-caching capabilities to secure Microsoft applications such as Exchange Server and Outlook Web Access.

Intense School trains government

Intense School, a training company specializing in what its officials call boot camps for IT professionals, is strengthening its federal government appeal with new offices in Springfield, Va., a suburb of Washington, D.C. School officials are also offering more mission-based courses to better meet agencies' needs.

Just as security used to be an afterthought, training is also often forgotten until it is needed, said Barry Kaufman, chief technology officer and executive vice president of product development at Intense School. Training is an essential part of security, he said. "People are the first thing to patch in an organization," he said.

Mission-based training is aimed at helping agencies score better on measures such as those mandated by the Federal Information Security Management Act. Such compliance training allows school officials to draw on the firm's expertise in helping private-sector clients comply with regulations such as HIPAA and the Sarbanes-Oxley rules.

Fujitsu melds Linux, Windows

Meanwhile, officials at Fujitsu Computer Systems announced the introduction of PrimeQuest, a new line of servers that will offer users the ability to use Linux and Microsoft Windows on the same hardware. The first systems will begin shipping in June.

The line will join PrimePower and Primergy, the company's other servers. It is especially suitable for customers who need servers to manage large-scale databases, online transaction processing and other applications that call for high availability and performance.

Michael Hardy, Michelle Speir and Aliya Sternstein contributed to this article.