Embed Size (px)
Citation preview
Network Security December 7 996
Hardware encryption technology complies with encryption regulations
Can a computer chip protect data and still comply with US Government rules on encryption? Hewlett-Packard, Intel and Microsoft are supporting HP’s International Cryptography Framework (ICF), reveals the Investor’s Business Daily. This technology would place a built-in chip in computers to encode data instead of using encryption software. The State Department has already found ICF has “sufficient technical controls to ensure compliance with US policy”. To comply with Government limits on exporting encryption technology, the ICF chip could be activated only with a special key, known as a ‘token’. Depending on which country a user is in, different strength tokens would be available to users to activate the encryption chip.
If a user tried to use encryption for a foreign country, the encryption feature would be automatically disabled. However, working with users in countries with strict limits on encryption would mean less secure communications. ICF assumes there will be always be restrictions on the use of encryption. Users could get tokens from secure servers. These sites would be run in compliance with national laws on encryption. Overseas, secure servers are likely to be operated by governments or their agents.
Because the encoding is done by the hardware, ICF can work with different types of software. And because it is designed to work in different countries, software firms would not have to write different programs for use outside the US.
ICF works with Microsoft’s CryptAPI. However, its backers admit that they haven’t as yet fixed all the encryption problems. The newest element of ICF is the ability to monitor digital signatures of software loaded onto an ICF machine. Different versions of software for different countries would alert the ICF system to which country the machine was operating in.
Increase in business useis needing the Internet
Check Point Software Technologies has announced the findings of a survey highlighting the need for corporations to provide employees with remote and mobile access via the Internet to sensitive company information. More than 87% of the network managers polled indicated that it
is critical to their business success to provide users with remote access to sensitive corporate data including financial information, employee training data, or business plans using the Internet as a transport mechanism. The findings highlight the need for network security products that provide secure remote access capabilities and those which enable organizations to deploy Virtual Private Networks (VPNs) that connect a private network segment (a LAN) with a public or untrusted network (the Internet).
Of the organizations questioned, two-thirds are already implementing an intranet and this number is expected to rise to 86% by the end of next year. Respondents indicated that their first priority is the ability to protect internal computers and specific subnets from unauthorized internal access.
4 01996 Elsevier Science Ltd
