Alcatel-Lucent ‘Guardian’ Locks Up Your Data

LAS VEGAS — Less than a week after admitting that a disk with sensitive employee information was lost or stolen, Alcatel-Lucent
 today introduced a networking card designed to lock in data on laptops.

Alcatel-Lucent unveiled the OmniAccess 3500 Nonstop Laptop Guardian at the 2007 Interop networking show in Las Vegas, though the company first previewed the product at the Demo show in February.

The Guardian is a Linux-based notebook PC card loaded with security software that checks against a remote server to validate that the notebook hasn’t been reported lost or stolen.

Unlike local PC-based solutions, which rely on a client PC stored encryption key, OmniAccess 3500 Nonstop Laptop Guardian is controlled by a remote server that is accessed by either wired LAN , WLAN  or a wireless 3G


OmniAccess 3500 Nonstop Laptop Guardian.

Source: Alcatel-Lucent

Alcatel-Lucent officials argue this approach provides remote-user, data-loss prevention by locking notebook data as soon as a
notebook is lost, stolen or otherwise unaccounted for.

“What the product does is it solves what CIOs often refer to as the mobile blind spot… as soon as I unplug my laptop and leave the enterprise there really is a lack of visibility and control,” Dor Skuler, general manager of enterprise security products at Alcatel-Lucent, told

“The way the solution works is its based on a PCMCIA card with a hardened
version of Linux, its own battery and a 3G modem. The benefits enterprises
get are the ability to have notebook visibility and control anytime

For the card to work, users install the Guardian and turn the notebook on. The card negotiates with the central
server to identify the notebook and unlocks user data and access. In case the notebook is reported lost or stolen, the central server administrator can revoke the notebook’s certification and encryption keys.

At that point, the notebook’s data is encrypted and the data is secured. The encryption keys
don’t exist on the local PC and only exist on the server, making it nearly
impossible for an unauthorized entity to access the data.

Skuler explained that as long as the card is plugged in users can still
log into their machines. But there is a timer-based system on the card so the
user needs to connect to the central server at regularly specified times, which are defined by the IT organization.

For example, if the user is in the mountains without any access either by wired, wireless or cellular 3G beyond the preset time period, the timer will lapse and the notebook will be locked. The user would then have to call their IT department and let them know and they need to reset in order to regain access.

In addition to the lock-down benefits provided by OmniAccess 3500 Nonstop
Laptop Guardian, the card also provides improved security overall for
remote users.

Instead of connecting to the public Internet over an unsecured connection, the OmniAccess 3500 Nonstop Laptop Guardian provides an automatically established VPN  tunnel back to the enterprise so
all data transport is encrypted and secured by an enterprise’s existing
security policies and infrastructure.

While VPN usage is often associated with reduced-access speeds, Skuler noted that with the Alcatel-Lucent solution the notebook user’s performance is actually improved.

“We’re taking away processing time from the notebook, with VPN tunnel processing all done on the card,” Skuler said. “There is also a hardware accelerator both on the card and on the hardware appliance to compress

Though the hardware side of the equation is obviously a key part of the
Guardian, software plays a key role, too. While the card is intended to run on Windows PCs, the card itself
runs Linux.

Skuler declined to comment on which particular vendor of version of Linux
Alcatel-Lucent was running on the card other than to say it’s from a major
Linux vendor.

He also noted that Alcatel-Lucent hardens the Linux operating
system on the card and does not allow it to run any executables other
than control functions from the central server.

That said, the card is running a fully featured version of Linux and runs
the application and personal firewalls, IPsec VPN client,
encryption-key functionality and Web proxy as part of the solution.

In combination with Alcatel-Lucent’s OmniAccess Safeguard product, the
OmniAccess 3500 Nonstop Laptop Guardian can also be brought into full
compliance with a NAC (network access control) policy.

“We can enforce NAC policies at the notebook level making sure that they are
always enforced regardless of the network,” Skuler said. “We’re calling that
LAC — local access control.”

OmniAccess 3500 Nonstop Laptop Guardian is expected to be generally
available later this year.

News Around the Web