SAN FRANCISCO — One day after the government released its proposed guidelines for cyber security, Sun Microsystems
called on industry leaders to use its platforms and initiatives to better safeguard the Internet.
The plan is heavily based on Sun’s new N1 distributed computing architecture for enterprise customers.
Company Chief Security Officer, Dr. Whitfield Diffie said companies should use comprehensive security systems, like its Trusted Solaris, Java and Liberty Alliance initiatives, as a shift away from what U.S. cyber security advisor Richard A. Clarke calls a “threat paradigm.”
“In the past security was something like insurance,” said Diffie. “A $100 lock on the door would protect your $1,000 asset. But things are in transition. Ten years ago, if you had lost your computers and kept paper records you were probably be ok. Now if you lost your computers, you would be skunked.”
The Palo Alto, Calif.-based networking giant even invited the cyber security czar to run the point home that the government cannot protect cyberspace in the same way, for example, that the U.S. military protects the country.
“As long as enterprises have vulnerabilities, it’s only a matter of time before someone uses them against your company or the country,” Clarke said. “Look for the vulnerabilities. Tell your company where the problems are and what you think you can do to help secure it.
Clark reaffirmed that the 65-page PDF plan proposes that businesses and private citizens, not the government, become protectors of the Internet.
Even Sun admits it cannot protect networks by itself.
“Networking by definition is difficult to protect,” said Sun CEO Scott McNealy. “The big problem is that we took the power of these huge mainframes and put them in smaller computers and put it on the desktop. Sun has tried to address this with things like its Trusted Solaris program and Java.”
To aid in its ongoing security fight, the company announced its iForce Perimeter and Secure Web Server and accompanying partner program. The collaboration between Sun and Check Point, Symantec, Trend Micro, Tripwire, e-Security, and Sanctum is designed around the Sun ONE Platform for Network Identity to help clients and service providers detect, prevent and respond to security threats.
new consulting services and a new, enhanced security training curriculum; the Secure Management Index; and security best practices and reference architectures.
The company also said it is open sourcing its Elliptic Curve Cryptographic (ECC) technologies to the OpenSSL Project, an open source implementation of the Secure Socket Layer (SSL). The mathematical computations help encrypt network capabilities to offer the same security with keys and registers.
In addition to ECC, Sun said it has now included Security Assertion Markup Language (SAML) in its Sun ONE architecture. The XML-based framework is used for exchanging security information.
Sun also announced its relationship with the Human Firewall Council to jointly develop a multi-tiered security management assessment that covers people, processes and technology. The first initiative Sun is sponsoring is the Security Management Index, a tool that benchmarks security management practices against international standards, currently outlined in ISO 17799. Co-sponsors of the project include PentaSafe Security Technologies, the Information Systems Security Association (ISSA), and the British Standards Institute (BSI).
The initiative covers ten critical security functions including Policy, Access, Intrusion Prevention, and Business Continuity. Participants receive an overall score against the ISO 17799 best practices standard and their ranking relative to peer companies.
Diffie boasted that Sun’s improvements made its products convenient enough for e-commerce and secure enough for homeland defense.