RALEIGH, N.C. -- Hoping to simplify policy control over far-flung security and network products, IBM's Networking Computer Software Division intends to make its suite of FirstSecure products centrally manageable.
FirstSecure's offering contains antivirus software, firewalls and encryption tools, among other products. The offerings are from IBM and other vendors. IBM says that over the next six months, it will offer a framework to make FirstSecure, along with products from other vendors, simpler to manage. As a result, IS staff will be better able to enforce security and quality-of-service (QoS) policy rules throughout the enterprise.
Security and other network vendors use a variety of ways to store data about users and applications, says Bob Madey, an IBM executive. A firewall may store directory data in one type of file, while a Windows NT server might have a different type of directory, and so on. As a result, it is difficult to get disparate directories to talk to each other, and thus ensure that users get appropriate resources and QoS guarantees.
IBM intends to overcome these difficulties by allowing two existing software products to share data: IBM's Lightweight Directory Access Protocol (LDAP)-based SecureWay Directory and the SecureWay Policy Director. SecureWay Directory, now in Version 3.1.1, is based on IBM's DB2 database and permits applications to authenticate end users to give them access to appropriate resources. The SecureWay Policy Director integrates the individual products in the FirstSecure lineup and ensures that network rules are enforced.
Additionally, IBM will implement a new method of formatting its directory data that will enable authentication and user privilege information to be shared across the entire network, regardless of the underlying security software platform. IS staff can thus avoid having to manually replicate the data for each individual security or network application, IBM claims.
These proposed directory schema are in the process of being approved by the Internet Engineering Task Force (IETF), IBM says. The first format IBM plans to add to the SecureWay Directory is code named "e-person." This format will let IS staff enter data about individual users -- including access rights and the priorities they receive when competing for the same applications.
Later, as the IETF standards are ratified, IBM will add the e-server and e-resource schema. E-server will be used to format information about the location and available re-sources on LAN servers. The e-resource schema will handle data about network applications, such as their locations and availability.
Any vendor that writes its applications to the LDAP standard can use SecureWay Policy Director. Currently, the director supports Distributed Computing Environment technology, but with FirstSecure 2.0 coming out in October, Policy Director will also support LDAP data.
IBM is taking a lead in directory-enabled networks, says Tim Sloane, an analyst with the Aberdeen Group consultancy in Boston. Other companies such as Microsoft and Sun are talking about creating schemas for centralized directories, but it remains unclear exactly how they will do it. "IBM is being aggressive and making all its services and systems adopt a standard," he says. "I haven't heard Oracle or Microsoft say how they're going to implement these standards."