Focus on security
- By John Moore
- Oct 14, 2002
Security is one area of systems management development that may strike a chord with federal customers.
Vendors are taking different tacks in rolling out enhanced security features. Their objectives are to secure data polled from managed devices and prevent unauthorized users from wreaking havoc with enterprisewide management tools.
In June, TECSys Development LP added Secure Sockets Layer (SSL) and Secure Shell (SSH) capabilities to its ConsoleWorks product, a Web-based, out-of-band management tool. Together, SSL and SSH enable encrypted communication between the user's Web browser and the ConsoleWorks server, and between the ConsoleWorks server and managed devices.
"TECSys started hearing rumblings of SSL and SSH 13 months ago," said Phil Reinkemeyer, the company's vice president of sales and marketing. "Now every customer is interested in SSL/SSH capabilities."
Meanwhile, the National Information Assurance Partnership has given its seal of approval to BMC Software Inc.'s Patrol Perform/Predict Version 6.5.30, a security pack that ensures that unauthorized users cannot start a collection process, according to the NIAP Web site (niap.nist.gov). The group evaluates products to determine conformance with the Common Criteria, an international information technology standard used by federal agencies and industry.
Security has been an area of emphasis at BMC, said Craig Harper, its director of federal operations.
It is also a concern at Configuresoft, which added role-based access to the latest version of its Enterprise Configuration Manager (ECM) product. Role-based access controls the operations and data available to users and groups. That's important, because ECM 4.0 lets administrators change configurations on an enterprisewide basis.
E. Alexander Goldstein, Configuresoft's president and chief executive officer, said the company decided to implement role-based access before introducing features that would enable administrators to make such large-scale changes.