 |
The WAVE Report on Digital Media
3D --- Media Creation --- Shared Space ---Published by 4th Wave, Inc.--- Issue #0511------------------3/18/05 |
The WAVE Report is Searchable on
http://www.3dlinks.com
http://www.wave-report.com
--------------------------------------
0511.2 Publishing
Monotype Imaging Adds New Functionality and Products to Fonts.com
0511.3 Energy Conservation
Encore Clean Energy, Inc. to Demonstrate Breakthrough Power Source
0511.4 Semiconductors
0511.5 Biometric Sensors
Iridian Announces Country-Wide Iris Recognition Deployment in the Middle East
0511.6 Security Certification
0511.7 Identity Theft
New FACTA Regulations Hold Business Owners Responsible for Protecting Employees' Identity.
0511.8 Secure Internet Transactions
0511.9 Bandwidth Switching
0511.10 VPN Security
Allied Telesyn VPN Router Packs a Punch with High-end QoS, Security in a Single Box
--------------------------------------
***Biometrics Summit
By John Latta
Miami, FL
February 23 – 24, 2005
The Biometrics Summit is a small conference focused on how to use biometrics. Many in the audience come from local governments seeking to understand how to apply the technology. The speakers have described practical issues of making biometrics work. The result is a practical conference which attracts a broad cross section of users or potential users of the technology. Networking happens throughout the event as learning is an objective of the Advanced Learning Institute, who manages this conference. This is one of the few events which focuses on real case studies and as a result is quite insightful in the practical applications of biometrics.
Making Biometrics Learn in Large Projects
Joseph Atick, President and CEO, Identix reviewed the state of biometrics. He presented a summary of the major on-going efforts to apply biometrics. There are many success stories, some failures but the acceptance of biometrics continues to increase. He counseled that biometrics is not the means to the end but the real issue is human identity. To address these issues he proposed a “Universal Model of Identity Management.”
As lead speaker, Joseph Atick has many years experience in biometrics. His presentation looked at many projects, mostly large government ones, to critically assess the state of the industry. It had many interesting points which go well beyond just government projects.
USVISIT was described as a great success story. This uses 2 prints as the biometric but a photo is also taken for US entry and exit. (In a subsequent talk Neal Latta, stated that 20m individuals have been processed by USVISIT.)
Saudi Arabia has begun the CAFIS program which takes 10 prints and will enroll 30m individuals.
Jordon will begin a NationalID program which uses face, finger and IRIS.
The UK has a passport program which will also uses face, finger and IRIS. This was described as what to do wrong. The Human Factors issues were underestimated, the systems integrator lacked motivation and experience and as a result a large number of individuals could not enroll. The effort is being changed and it was described as back on track.
At the other end of the spectrum is the Swedish Passport program which is largely self service. It is based on finger and face biometrics and deployment is underway.
A bad eye was cast on the UAE deportation and visa program – the pun fits. This relied on IRIS scans and has demonstrated how difficult this is to accomplish. The problem is a high failure to enroll rate for IRIS. As a result, the effort is shifting to finger. Also in the UAE is eGate which is based on finger and this has worked very well.
Results were presented for facial which imply a new sense of confidence in the scalability of the technology.
There is a view that Tri-biometric enrollment: face, finger and IRIS, will provide for completeness. But this was countered that IRIS is only buying insurance with the expectation that it would improve. In other words – it may get better in the future.
Considerable emphasis was placed on the quality of the enrollment biometric and its subsequent collection. This certainly applies to finger and there is renewed emphasis on confidence in facial, based in part on image quality improvements. Along these lines a quality factor is being defined called “faceness” which is the closeness of the facial expression to an expressionless frontal view.
Joseph Atick went so far as to state that facial screening is coming back. Tried in the past this was a failure due to the high level of false positives.
When it comes to systems architecture, a significant case was made for the end of “proprietary end-to-end systems.” The elements of this approach include:
The integration of small su bsystems to form a larger system;
The components work to a Standards based API;
The system is not tied to a specific vendor;
The SI is about a process and not technology.
In these large systems the biometrics is well down the systems stack.
This led Joseph to state that biometrics is only a means and not the end. At the heart of these systems is human identity. Yet, because this is about identity the problems created relate to: fake identity, aliases, theft and mistrust.
From this Joseph outlined a “Universal Model of Identity Management.” This has four components: Trust, Identity, Actions and Reputation. All of these interact. Biometrics fits because this is a way to handle identity problems. Another factor is Knowledge Discovery – the finding of duplicate entries and uncovering risky identities. Feared is the dreaded “identity laundering” which is a bad identity getting into a identity management system.
Many of these issues are first being faced in ePassports. One of the contributions is that interoperability is a key requirement. Unfortunately the deadline of October 2005 is unrealistic and will likely not be met. For example, something as simple as readers is holding up progress. Further, there are many challenges such as identity laundering, compliance and trust across jurisdictional boundaries to be worked.
Joseph went so far as to suggest a “circle of trust” concept between countries. This is a difficult concept to accept. But he suggested that the visa waver program is similar in concept.
The bottom line is that Joseph feels we are 5 – 10 years away from these interoperable identity systems. But the only way to get there is to begin.
Beyond Physical Access Control
IBM described their Service Delivery Centers (another name for data centers). They gave a standard presentation on how a secure a data center installation can be accomplished with biometrics. Biometrics is essential to entry and exit. The focus is on effectively using biometrics and physical controls. In response to a question from the WAVE, it was stated that, yes, the tools used for physical access are also being used by some for logical access. That is, the biometrics for entry will work on both the physical space and the network log on.
Yet, this did not address logical access to the systems within the data center. When further asked by the WAVE, IBM stated this is a real issue. They have taken the same biometrics technology used for physical access and also use it for access to the network. However, at the present time its use is optional based on the individual.
When seen in the context of an Identity Management system this makes sense. That is, the ability to create identity problems such as a fake identity, aliases, theft and mistrust is severely limited when the physical controls are place. Thus, in this IBM example, logical access uses biometrics with high confidence when physical access controls are strong. The practical application of this approach is limited because most will not tolerate such physical controls.
Making Face Recognition work on the Street - Illinois
Illinois is a pioneer in that it was the first state to use a biometric in a driver’s license. Beth Langen of the Illinois Office of the Secretary of State described their efforts to apply facial recognition in driver license and identity card issuance. One of the problems is that the DL/ID (driver’s license and ID document) have become the de facto national identity document. In spite of the fear of many that this would happen, the process is already underway. As a result, the issuance of these documents is a gateway to crime. Thus, criminals are using fraud to gain one or more such documents to carry out other crimes. The expectation of society is that these documents are to be trusted since they are being issues by a government agency. What Illinois has done is to seek to increase the quality of the documents but applying a biometric and to improve the processes for their issuance.
When it comes to the issuance of the DL/ID the following are to be addressed:
Minimize traffic safety threats such as underage drinking;
Identity theft and fraud;
Balancing cardholder privacy with public and business interests; and
Public safety.
To increase the security of the cards, Illinois began in 1997, with first operational deployment in 1999, the use of facial biometrics. There has been nearly 100% enrollment. The implementation has not been static. For example:
2000 – Began to use “binning” to improve performance
2001 – The eye finding and processing algorithms improved and
2005 – The technology went from eigenvalues to Hierarchical Graph Matching (HGM) with a web based application.
The work flow in Illinois is that the DL/ID cards are issued on the spot but the fraud detection processing happens after the card was issued. If this should be changed is being considered.
The system captures 8,000 – 12,000 new images a day, of these 400 – 500 duplicates are detected. So far, the state has identified 1,800 fraud cases.
Some of the most interesting issues came from the description of future changes. Illinois cannot have a contract with one company for the same project for more than 10 years. As a result they are preparing to rebid this project and could well change the biometric being used. One of the reasons for the facial biometric was in 1997 this was the only biometric which was readily accepted by the public. That has now changed.
National Identity
The National Intelligence Reform Act, which was driven by the recommendation of the 9/11 Commission, set new standards for identity documents and this includes:
Proof of identity;
Verification of documents; and
Card security.
There is a requirement for compliance in 2 years. Many see this as setting the de facto DL/ID document in that the federal government can withhold funds for non-compliance.
All of this pales in comparison to the impacts of the REAL ID Act of 2005, (H.R. 418), if it is passed by the Senate. The bill has already passed the House and the President has voiced support.
H.R.418
REAL ID Act of 2005
Title: To establish and rapidly implement regulations for State driver's license and identification document security standards, to prevent terrorists from abusing the asylum laws of the United States, to unify terrorism-related grounds for inadmissibility and removal, and to ensure expeditious construction of the San Diego border fence.
Sponsor: Rep Sensenbrenner, F. James, Jr.
This, if law, would supersede the requirements of the National Intelligence Reform Act and be much more stringent. Individuals would have to have such a card to get access to any federal facilities – it would become a de facto national ID card. The use of biometrics has not been decided yet.
(Editor Note: particulars of the bill may be read at http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.00418:)
Enterprise Biometrics – Are the promises outpacing delivery?
Two cases studies were presented which used biometrics to secure a corporate environment: one inside and the other outside. Digital Persona, supplier for one of these case studies, is focused on the “password problem” and claims that “biometrics allows up to lock down the network.” Yet, we came away troubled – is this a solution or marketing?
There was little doubt about the value of a “biometrics solution” as expressed here. The words were appealing:
The password is going out of style.
Biometrics is a virtual smart card
Biometrics resulted in a 90% decrease in support calls; and
Better security is required, by mandates such as Sarbanes- Oxley, and biometrics provides what is needed.
Yet, when we asked the presenters of one of the case studies “have you done a risk assessment?” The response was “Testing has started of a post deployment testing of risk.” It seems obvious that confidence in risk reduction would not be possible without understanding the risks.
Locking Down ERP with Biometrics
Molded Fiber Glass (MFG) Companies worked with its vendor SAFLINK to implement a biometric protected access to its ERP application. At the same time this also implemented the domain log on. The context is that there was no security, other than a common group password, to access the corporate wide ERP software. The company was being hit each year by its outside auditor for the lack of security. It was felt that biometrics provided for:
It was easy to integrate and Install;
User Friendly;
Remotely administered;
Strong authentication; and
Standards based.
SAFLINK was chosen because it provided for the necessary network administration, allowed for different biometrics and had an SDK which could be integrated into the operations at MFG. The integration was accomplished in less than 3 days. The net result was that passwords have been eliminated. The solution was also used for active directory log on.
The cost per system was estimated to be $350 - $400 per desktop.
No risk assessment was performed.
Making online Banking Secure with Biometrics
United Bankers’s Bank and Digital Persona described how the latter’s technology was used to secure online access to bank accounts. Note that United Banker’s Bank is a commercial bank that offers services to other banks, similar to the Federal Reserve but on a smaller local scale in the mid-west. The contrast was striking. The FED access systems were described as onerous with multiple passwords and complex logons. However, most banks that use Banker’s Bank find that passwords are written down, shared, easily guessed, inconvenient and stolen. Further, a Trojan – BankHookA – will specifically target the logging of passwords used for bank accounts. In spite of the fact that more secure solutions exist one must balance cryptographic strength with the user. That is, how to get the user to participate in the security process and system. It was the experience of Banker’s Bank that a fingerprint augments secret-based authentication (passwords and smartcards) since it does not rely on the user.
Banker’s Bank selected Digital Persona because of its ease of use and ability to integrate into their environment. The product U.are.U online operates like a virtual smartcard which binds a fingerprint to a key pair. It can be readily integrated into web applications. A patented architecture ensures separation of fingerprint data from the user record.
The implementation of the online application used these additional security features:
TCP/IP Filtering
Sensor digital serial number filtering
Two long ons required
Time Limits for access
Transaction amount limits
User Lockouts
Backup dial up network
Catalog pricing was quoted as:
Host software - $25,000
User License - $13.33 each
Annual Maintenance
Persona fingerprint devices - $129
The bank gave to the customer one fingerprint reader per account and the customer bank had to buy any additional units.
Digital Persona quotes their False Accept rate at 1 in 100,000. But this company has not been shown on the NIST test activities and it is not clear that this performance has been independently tested. The company claims that 400,000 to 500,000 sensors have been deployed. The company has implemented a system within the Pentagon with 7,000 workstations in the Office of the Secretary of Defense and they claim a reduction of 90% in support calls.
WAVE Comments
Improvement of the security environment is a long term issue. In spite of the individual focus on biometrics elements such as an API, biometric, device, middleware or standards, the real issue of digital infrastructure security is that it is used by individuals and organizations to reduce risks from threats and damaging actions.
The intent of biometrics is the coupling of individuals with their actions or potential for action. It also recognizes that single individuals can cause significant harm. Reduced to its most basic form, biometrics, as it is evolving today, is about interfacing an aspect of personal identity to a digital infrastructure. It is assumed that the biometric used is not easily modified and can be readily reduced to a template which allows for ready transport and comparison across many biometric systems anywhere in a network. One’s description and its associated template, that is assumed unique to the individual, is a network directory component or a SQL data base entry.
Compared to other components of the digital infrastructure, biometrics has much higher failure rates. That is, false accept rates are much higher and the ability to spoof biometric systems is relatively easy. If any improvements in overall security system failure rates are to be accomplished, biometrics must be complemented with other forms of physical and logical security.
There are two different worlds of biometrics: public and private. The government uses biometrics to include identity documents, criminals, punishment for crimes, security of government transactions and comparison to established identity records. Business uses of biometrics include commerce, internal operations and network security. The reality is that the public use of biometrics is way ahead of the private use. For one, the government is making large investments from research to system deployment. The private sector has done little which compares. Yet, there are many forces to increase private use of biometrics and these relate to cost reduction, improved security and time saving. Unfortunately these savings have not been assessed. The impact on overall security has not been addressed.
When looking at the state of biometrics, as a technology, it is early in the technology life cycle. Consider these measures of immaturity:
The Understanding of the human factors use issues including enrollment and use is early in the life cycle;
Interoperability, based on thorough testing, is quite limited even between sensors of the same biometric;
There is very little multimodal testing;
Error rate assessment has been developed by NIST but not widely used other than in the government;
Risk assessment processes are poorly developed; and
Systems integration has just begun and again the public sector is leading.
Biometrics as the only measure to determine identity is risky as the primary means of risk reduction. In most cases, biometrics is combined with other biometrics and with physical and logical security. Many of these factors are assumed or taken for granted that they create a more secure environment. In the public sector other factors include seeing an individual along with a fingerprint – it may be a crude multimodal biometric but better than one biometric. In the private sector it may include restrictions on the access to a computer – physical constraints raise the security bar.
Missing from most private deployments of biometrics is a thorough assessment of risk vs. gain vs. cost. Unfortunately, the ease of use of a fingerprint biometric creates a perception that “security is for free.” That is not the case.
It should be noted that today’s security environment has major vulnerabilities. Frequent mandated password changes may make administrators comfortable along with stringent rules for password use but this is useless if the passwords are written down and the char force picks them up. Thus, as others have noticed security with biometrics has two sides: before and after biometrics. This is to be considered in the Risk assessment but as seen at the Biometrics Summit this was only simple observations. We saw no example of a thorough risk assessment.
The use of standards is critical for interoperability. Further, everyone but the vendors believe that no one vendor should drive system implementation. There are many standards efforts and the ones cited most frequently include INCITS M1 and JTC 1 SC 37.
Finally, privacy issues are everywhere. Even in enterprise use of biometrics, the question surfaced – will my fingerprint get sent outside of the company? As the public sector has responded with privacy plans we expect that this will be the case with private deployments, even if in-house within an enterprise.
***Monotype Imaging Adds New Functionality and Products to Fonts.com
WOBURN, MA
March 16, 2005
Monotype Imaging Inc. has enhanced Fonts.com with several features, including the ability to purchase multi-user licenses, establish user accounts and find fonts through added search capabilities. Fonts.com has also debuted typefaces from the Font Bureau and FontFabrik foundries, adding more than 1,200 products which can be viewed, purchased and downloaded from their website.
Standard licenses purchased through Fonts.com for most font products automatically protect up to five users. Customers seeking additional users on a single license can simply increase the number of users displayed in the shopping cart. A multi-user license is then created on a per-user basis at a discounted rate, instead of having to purchase the product multiple times to cover more than five users.
New user accounts allow customers to store contact information for faster check-out procedures. Customers can also manage subscription preferences for Fonts.com's electronic and hard copy newsletters, "Clicks" and "National Typographic."
Search options have been enhanced to include product searches by name, keyword, typeface classification, font foundry and typeface designer. The ability to display sample font images automatically while searching can be turned on or off. Visitors can also filter searches to limit results according to a specific computer platform or font format.
Additional detail is included on product pages when available, such as the typeface designer, font classification and whether the product contains the euro currency symbol. Product pages display all fonts included in the product and list other packages that contain any of the displayed fonts.
Also added are more than 1,200 products from two font foundries new to Fonts.com - Font Bureau and FontFabrik. Based in Boston, Font Bureau specializes in creating typographic identities for newspaper publishers. Font Bureau's Interstate(R) family is based on the signage alphabets of the U.S. Federal Highway Administration. FontFabrik of Berlin, Germany, is home to the LucasFonts(TM) collection. FontFabrik's Thesis(TM) family contains more than 300 fonts, including the Serif(TM) and The Sans(TM) typefaces.
***Encore Clean Energy, Inc. to Demonstrate Breakthrough Power Source
GULF PORT, Miss.
March 15, 2005
Encore Clean Energy, Inc. has announced the upcoming debut test of their new proto-type power source called the "Encore HeatSeeker". The test is scheduled for later this month.
A public summit, expected to be held in mid-April 2005, is to follow
the initial testing. This summit is expected to be attended by representatives
of military, commercial and investment banking sectors. The Encore
HeatSeeker is designed to convert both low and high temperature heat
resources into electricity. These heat resources can readily be found
in nature and in many industrial processes.
The HeatSeeker is expected to provide substantial advantages over competing legacy engine technologies:
-- lower cost per horsepower
-- higher operating efficiency
-- higher fuel efficiency
-- lower emissions and environmental impact
-- higher power density in a smaller size package
The creator of the Encore HeatSeeker, Mr. Robert Hunt, began his career as a nuclear designer for Newport News Shipping, then a division of Tenneco Oil Company, where he designed nuclear reactor components for the U.S.S. Nimitz Aircraft Carrier. He has since dedicated his time to the development and patenting of numerous alternative, clean-energy generating technologies, many of which are exclusively licensed to Encore.
The Company intends to focus its licensing, marketing and sales efforts for the Heat Seeker product-line on the following applications and commercial targets:
1. Waste heat recovery from coal, natural gas and nuclear power plants.
2. Industrial boiler, furnace and process heat recovery.
3. Hydraulic construction equipment tailpipe exhaust heat recovery
4. Hydrogen vehicle fuel cell waste heat recovery.
5. Hybrid vehicle gasoline engine exhaust heat recovery.
6. Rooftop solar-thermal heat-to-electricity conversion.
7. Geothermal heat recovery
http://www.encorecleanenergy.com
***Explosive Growth Forecast by In-Stat in FCSP Market
SCOTTSDALE, Ariz.
March 15, 2005
The Field-Configurable Standard Product (FCSP) market continues to be one of the few semiconductor product segments that consistently posts year-over-year dollar growth, even in down years, reports In-Stat. This market is forecast to grow from $92.8 million in 2004 to $476.9 million by 2009. FCSPs are typically high-volume, low-cost products, made for a wide variety of end-use applications.
A recent report by In-Stat found the following:
-- Communications, both wired and wireless segments, will dominate field-configurable standard product consumption, with the majority of applications being networking and telecom infrastructure, as well as a variety of wireless consumer-oriented products.
-- Of the five major product field-configurable standard product categories defined -- processor, DSP, PCI, SerDes, memory and other -- the SerDes segment will represent the largest dollar segment.
-- SRAM architecture will dominate FCSP shipments, followed by anti-fuse architecture. However, in the longer term, flash-based architecture will become dominant for size and cost reasons.
The report, "Field-Configurable Standard Products (FCSPs): Configure It Your Way" (#IN0501917DE), presents a comprehensive analysis of the Field-Configurable Standard Product (FCSP) market. The report forecasts future market growth and examines consumption of six functional categories by geographic region, along with comparisons of end-use consumption of this technology by geographic region. Also included is a discussion of the various players in the market, as well as those planning to enter the market within the next 24 months. For more information on this report, please visit:
http://www.instat.com/catalog/Scatalogue.asp?id=19
***Iridian Announces Country-Wide Iris Recognition Deployment in the Middle East
MOORESTOWN, N.J.
March 15, 2005
Iridian Technologies has announced that its Proof Positive iris recognition technology will be deployed on a country-wide basis in an unnamed country in the Middle East. The deployment will initially include passports, visas, and watch lists for border protection and law enforcement. Potential future applications include drivers' licenses and health care. At least one million people will be enrolled in the initial phase. The deployment will include over one hundred two-eye stationary iris cameras; other interoperable cameras are expected to be utilized in the future including the latest portable cameras from IrisGuard and Iridian.
This project represents the second country-wide deployment of iris recognition in the Middle East. In 2004, the United Arab Emirates deployed an iris-based expellee watch list in all their land, sea and air ports. With that system, they have apprehended over 29,000 people with fraudulent travel documents trying to re-enter the country under different identities.
Iridian has experienced accelerating adoption of its technology over the past two years with installations in the Canadian CANPASS program, the US/Canada NEXUS Air program, the U.S. Registered Traveler program, a United Nations refugee repatriation program and immigration programs in the Netherlands, the UK, Germany and Japan.
The Proof Positive hardware and software certification program from Iridian Technologies confirms that iris recognition cameras and software solutions meet critical standards for performance, interoperability, safety, security, scalability, usability and reliability. Certification includes a series of formal audits and evaluations, including conformance to Iridian's PrivateID and KnoWho application programming interfaces (APIs), data formats, encryption, and countermeasures. Proof Positive certified cameras are interoperable with other certified cameras, not only from the same vendor, but from other vendors as well. Certified cameras easily interface with Iridian's KnoWho server software for maximum performance in searches against millions of records.
***Stanford University Announces Online Computer Security Certificate Designing Secure Software From the Ground Up
STANFORD, Calif.
March 15, 2005
The Stanford Center for Professional Development announced a new online computer security certificate to teach software architects, engineers, designers, and development teams how to build security into programs from the initial design phase as well as techniques to improve existing software. The program consists of three online courses, each course approximately two hours in length. Courses are self-paced and available at any time.
Topics covered include buffer overflows, SQL-injection attacks, off-line dictionary attacks, authentication, access control, data integrity, symmetric encryption, public-key cryptography, and more.
The Stanford Center for Professional Development offers graduate degrees, credit courses, certificates and professional development courses to meet the career-long learning needs of engineers, scientists, technology professionals and managers. Courses are delivered via the Internet and local area broadcast as well as on campus.
Detailed information about the program and courses is available at
http://proed.stanford.edu/?security
***New FACTA Regulations Hold Business Owners Responsible for Protecting Employees' Identity.
DENVER
March 15, 2005
As part of the Fair and Accurate Credit Transactions Act (FACTA) business owners will play an increasing role in identity theft prevention. The new regulations require all businesses -- large and small -- to shred sensitive data relating to any personal information they hold on their customers and employees.
The laws, which go into effect this summer, address the growing problem of identity theft in the workplace. According to a January 2005 report by Better Business Bureau, 10 percent of all identity theft is the result of information stolen by employees.
DataGuard USA, a security and records destruction firm based in Denver, runs the ShredNations.com website that provides shredding solutions to businesses and consumers. One of DataGuard's most popular services provides for home and office pick up and delivery of these sensitive documents to certified shredders around the nation.
The service, called "Ship 'n' Shred" allows businesses to package up to 65 pounds of documents in a cardboard box. Using the website, they can order pickup of the documents from a home or office. The box is then delivered to the certified shredder. Once it is shredded, customers get an official document of destruction.
The FACTA legislation is tied to the explosive growth in identity theft over the past five years. 9.3 million people had their identities stolen in 2004, according to a study by the Better Business Bureau. Victims spend an average of 600 hours recovering from this crime, according to the Identity Theft Resource Group.
0511.8 Secure Internet Transactions
***Network General's New SSL Protocol Decode Helps Ensure Optimal Performance of Secure Online Transactions
SAN JOSE, Calif.
March 15, 2005
As the amount of data transmitted over the Internet continues to grow, it is essential that this information remains secure, while also making sure that network bottlenecks don't arise to inhibit these transactions. Network General Corporation has announced the capability to decode the Secure Sockets Layer (SSL) protocol to help ensure transactions are processed securely and seamlessly.
The SSL protocol is the de facto means for securely transmitting data over the Internet. The protocol is integrated into every browser and every Web server, allowing users to interact with Web sites in a secure manner. However, due to the processing-intensive authentication schemes and encryption/decryption algorithms, even if SSL functions are offloaded to a proxy server, performance on the proxy and the Web server can be significantly degraded jeopardizing customer satisfaction in the process.
Part of the industry's widest-array of protocol decodes, Network General's SSL protocol decode gives IT professionals the unique ability to look at configuration and timing issues associated with SSL transactions. IT professionals can reassemble and view the components of SSL traffic in order to determine if a problem is occurring during the set-up of the transaction or during the actual data transfer, then drill down to the specific problem area and resolve it. A baseline can also be determined for standard response times to show when traffic patterns are abnormal giving IT professionals a proactive way to ensure optimal performance. By looking at HTTP response times IT professionals can measure how quickly a server is responding to identify where, when and why a problem occurred enabling faster time to resolution which ultimately ensures overall customer satisfaction.
The Network General SSL v.3 protocol decode is available within Sniffer Decode and Expert Pack 2 which is supported via an inclusion or installation on InfiniStream 2.0, Sniffer Portable 4.8, Sniffer Distributed 4.5, Sniffer Distributed s6000 v1.5, and Netasyst Network Analyzer. Customers with a valid support agreement can obtain Pack 2 from the Network General Web site.
***SMC Workgroup Switch Makes High Bandwidth Affordable
IRVINE, Calif.
March 15, 2005
SMC Networks has announced the newest in its TigerSwitch family of high-performance switches, the TigerSwitch 10/100 Standalone 24-port 10/100 +2 1000Base-T/SFP Combo Ports (SMC6726AL2). On the heels of the larger-capacity TigerSwitch 10/100 Standalone 48-port 10/100 +2 10/100/1000Base-T +2 1000Base-T/SFP Combo Ports (SMC6752AL2) introduced earlier this month, the new SMC6726AL2 is available now. Priced to make performance accessible, its MSRP of $399.99 makes it affordable -- just over $15 per port.
The new SMC6726AL2 switch has 24 fixed 10/100 ports and two 1000Base-T/SFP combo ports. Providing the flexibility for fiber or copper connectivity, either or both of the combo ports can be upgraded to fiber with optional SX, LX or ZX SFP transceivers. Compact and efficient -- just 1RU high despite their high port count and advanced features -- these newest TigerSwitches are great for enterprise workgroup switching applications. Ideal for high-bandwidth applications in high-traffic environments, the SMC6726AL2 has a non-blocking switching architecture to ensure high performance, and all of the security and management features that today's businesses demand.
Delivering more than just high performance, the new SMC6726AL2 TigerSwitch 10/100 Standalone 24-port 10/100 +2 1000Base-T/SFP Combo Ports Managed Switch is loaded with advanced features that demanding environments need. Security is crucial in today's enterprise networks, and this new switch delivers, with ACLs and 802.1x for secure network access enabled by RADIUS and TACACS+; and SSH, SSL/HTTPS for secure management. Flexible traffic prioritization and rate-limiting enable Quality of Service across the network and network segmentation are provided by VLANs. For more powerful management applications, these new SMC6726AL2 TigerSwitches also offer the Spanning Tree Protocol (802.1D and 802.1w) and Multi-Trunking with LACP, for higher bandwidth and better performance. Built for robust workgroup switching today, the SMC6726AL2 has the flexibility to allow for growth and configuration changes, as well as enabling potential software upgrades in the future.
The TigerSwitch SMC6726AL2 and SMC6752AL2 Standalone Managed Switches, optional transceivers and redundant power supplies are available now.
***Allied Telesyn VPN Router Packs a Punch with High-end QoS, Security in a Single Box
BOTHELL, Wash.
March 15, 2005
Allied Telesyn has announced the availability of the AT-AR750S Modular VPN Router. A VPN router with advanced QoS and the powerful security of a dedicated appliance, the AR750S features a 533MHz CPU that offers more speed and headroom to high traffic small- to medium-sized enterprises (SME) that must support numerous remote users or branch offices.
The AR750S Secure Router lets SMEs provide secure and reliable WAN/Internet connection and encrypted VPN access to remote employees and remote offices, or may act as a cost-effective enterprise branch office router, with secure connections back to a central office. It is currently available and shipping, with a base list price of $1500.
The AR750S features two 10/100 Ethernet WAN ports, five 10/100 Ethernet LAN ports, one Async/Console, and two PIC slots. Modular, scalable, and highly affordable, this router is ideal for distributed small- and medium-sized enterprises with branch offices or remote users. PIC slots accommodate T1/EI PRI, ISDN, Sync or Async interfaces. Advanced QoS easily handles next-generation applications such as IP video and VoIP, and IPv6 capability and state-of-the-art encryption capacity ensure long-term viability. The secret to the AR750S' power is a 533MHz CPU, which easily manages up to 5,000 configured and 250 active IPsec VPN encrypted tunnels.
The latest generation 533MHz CPU ensures smooth performance of IP voice, video and data as well as supporting features such as: Stateful Inspection Firewall with NAT, QoS, Wirespeed IP Security VPN, Attack Detection, Integrated Hardware Accelerated Encryption, HTTP & SMTP Proxies, Traffic Filtering with event logging, AES / 3DES, SNMPv3 and 802.1x Authentication. SNMPv3 provides secure management, and load balancing offers both scalability and redundancy for more uptime.
For more information on the AT-AR750S and other Allied Telesyn products, please visit Allied Telesyn's website.
--------------------------------------
Copyright 2005 4th WAVE, Inc.
To subscribe to WAVE go to
To unsubscribe also use the Wave Report Home page or send the preformatted UNSUBSCRIBE message:
Previous issues of WAVE, as well as other info can be found at
http://www.wave-report.com
http://www.3dlinks.com
Comments on or questions about the WAVE may be sent to:
or the below individuals below:
John N. Latta - Editor-In-Chief
Michael Robertson - Web Editor
The WAVE Report may be redistributed in full for individual readership and posted to newsgroups, Web, and FTP sites. This publication may not be reprinted or redistributed for profit. Short quotes are permitted but must be attributed to the WAVE Report. 4th Wave retains the copyright to the WAVE Report.