NCR's Top End Adds E-Commerce

Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

January 05, 1998, Issue: 770
Section: Features:Internet Servers

Keeping Net Servers Safe And Sound

William Terdoslavich

Waltham, Mass. -- Keeping the system safe while interfacing with the Internet is the job of SiteMinder 2.1, Netegrity Inc.'s latest Internet gateway product.

SiteMinder is priced at $3,995 for the server and $595 for the Web Agent.

In this latest version of SiteMinder, support was added for Netscape Servers running off server hardware from Sun Microsystems Inc. This extension of support enables Netscape Communications Corp. customers to centrally manage access across Web systems, as well as enable network administrators to add Sun servers to their cross-platform repertoire.

The extension also provides a choice of Unix-based Web servers to customers who already possess Windows NT-based Web systems. But the additional support of yet another platform increases the utility of SiteMinder, company executives said, because corporate networks are usually heterogenous and networks are constructed over time, with different components added with each expansion.

Another feature added to SiteMinder 2.1 is Active Attributes, which is a way to retrieve information from an external database at the time of user authentication, said Steven Hanlon, SiteMinder product manager at Waltham-based Netegrity.

"We wanted to integrate existing user information into SiteMinder," he said. "We are leaving the data where it is at and expanding user properties."

A part of that extension also increases SiteMinder's usefulness in its security mission. If a Web-based application has to access multiple databases, SiteMinder 2.1 can act as a centralized intermediary, standing between the user and the databases to provide access control, Hanlon said. As intermediary, SiteMinder would do the work of answering user queries and retrieving data from the databases, provided the user is cleared for that access, Hanlon said.

Active Attributes also permits network administrators to build Credential Management Systems that provide one map-set of authentication credentials that can be passed from one Web application to another. Dynamic access control decisions also can be made based on information stored in databases.

Another product feature of SiteMinder is the ability it gives to Web site administrators to construct and manage applications that distribute confidential information securely.

Netegrity is looking at a number of features to add to its next version of SiteMinder, scheduled to come out in the first quarter of 1998, Hanlon said. One feature being considered is support for LDAP (Lightweight Directory Access Protocol), which would increase databank access, Hanlon said.

In other Netegrity developments, the company said Web service provider GTE Internetworking has selected SiteMinder 2.1 to perform security management for GTE's DiaLinx SM, a nationwide private-label remote-access service.

DiaLinx uses RADIUS (Remote Access Dial-In User Service), a protocol that gives a company final authentication of a dial-in user prior to allowing access. SiteMinder 2.1 will work with RADIUS to control outside access.

GTE officials said their purpose in adopting SiteMinder is to give clients a cost-effective way of combining security and administration in one package. SiteMinder's administration is browser-based, allowing a network administrator access to hundreds of sites by way of a single server.

GTE also was pleased with Netegrity's willingness to tailor SiteMinder to work with RADIUS, GTE officials said.