Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

November 03, 1997, Section: News

NCSA initiatives target Net fraud

By Charlotte Dunlap

Carlisle, Pa. -- In an effort to curb fraud and hacking on the Internet, the National Computer Security Association is offering two new certification programs aimed at VARs.

The NCSA, which will change its name, effective Jan. 1, to International Computer Security Association (ICSA), began a campaign a few years ago to combat illegal activity over the Internet.

As more companies became networked, the organization began offering certification programs to insure security within enterprise networks.

While initial programs addressed combating virus attacks, the two newest programs are aimed at firewall technology and filtering capabilities in corporate networks.

Under the Firewall's Buyers Guide, NCSA offers instructions on how to choose a firewall technology and which of the vendors reviewed are certified under the NCSA program.

The firewall guide provides information on what a firewall is, risks it is intended to deal with and how to select one.

Over 30 firewall products have been tested against a comprehensive set of threats and vulnerabilities. Once a vendor's product has been approved, it then can place the NCSA logo on its product packaging, indicating the product adheres to NCSA guidelines, officials said.

Because VARs typically integrate and manage enterprise networks linked to the Internet, the NCSA is gearing the programs at the distribution channel.

"The whole point of certifying a Web site is to validate that it's secure through deployment of security technology such as firewalls, antivirus software and authentication software. Our Web-certification program is a VAR-based program," said Bob Bales, chief operating officer and co-founder of Carlisle-based NCSA.

The association also is unveiling a program called the Security Internet Filtering Technology (SIFT) consortium, formed around the need of companies to better monitor and regulate the use of their computer resources in the Internet.

It is similar to technology currently used by parents to control what their children view on the Internet.

Under this program, "manufacturers have gotten together to address issues needed dealing with filtering information," Bales said. "In the corporation, the intent is less to protect the employees as to protect the corporation from a variety of things, including lost employee productivity."

Vendors participating in these two programs currently have products in the NCSA's test labs. Products which comply with the tests will be available in December.

"We'd like to achieve better consumer awareness as they make transactions on Internet to protect themselves appropriately from fraud," Bales said. "If you see the NCSA Web-certification logo, that should be an indication that your transaction is as safe as it is going to get."

The group also has teamed with the Electronic Frontier Foundation (EFF) to attach the EFF's own certification initiative called Trustee, to NCSA's certification.

Trustee is aimed at guarding Web users so that sites collecting information do not misuse their personal data.

The services NCSA provides are critical, Bales said. "There is nobody else doing it. In the past, we've relied on the government for this kind of service, but as the Internet is a global infrastructure and crosses geographical boundaries, no single government can address all the issues."