C.1.0 INTRODUCTION
Security consists of policies, practices, and the information technology to support policy implementation to protect data, host computer resources, and the reputation of the system owner. While the implementation of security for the DCN/ICN focuses on network security of the MOCC, common sense and security vigilance on the part of subscribers and information content providers are needed to protect both the producers and consumers of CALS information.
C.2.0 SECURITY RISK ANALYSIS
The analysis of the DCN/ICN services and potential security risks has identified the following threats to data and information resources required to support the DCN/ICN:
· Virus attack of clients and servers from Internet sources via download/upload of unscanned files.
· Unauthorized intrusion into the DCN/ICN through password compromise.
· Unauthorized access to DCN/ICN information or collaboration services.
· Compromise of financial or sensitive information by intruders.
· Unauthorized access to privileged accounts on DCN/ICN servers through attack using known UNIX security weaknesses.
The security measure responses to these perceived risks are summarized in Table C.2.0-1 MOCC Security Threat and Related Security Measures.
Table C.2.0-1 MOCC Security Threat and Related Measures and Candidate Products/Services
Threat |
Security Measure |
Related Product/Service |
Virus Attack from Internet Sources |
Virus Detection and Virus Removal |
(1) VirusScan for Windows based PC's18
|
Unauthorized Access to DCN/ICN Services |
Bastion Firewall |
(1) Gauntlet COTS Firewall from Trusted Information Systems19
|
Password Compromise |
Single Use Passwords to access DCN/ICN resources |
(1) Single Use Password (SecurID Personal Computer Memory Card International Association (PCMCIA) card or SoftID software) Security Dynamics20 |
Electronic Mail Content Compromise |
Encryption of E-Mail Contents |
(1) Power One-Time Pad (POTP) Secure Mail software (Elementrix Co., New York, NY)21 or (2)Fortezza Technology implemented in PCMCIA Cards + Application. Software Products with embedded Fortezza APIs, (e.g., Netscape, Oracle) |
Unauthorized Intrusion |
Firewall Security Testing and Intrusion Detection |
1. COPS V1.0422
|
Intrusion Detection Notification |
COURTNEY software (on the firewall)25 | |
Accurate Timing of Messages, Packets between client and server |
Clock synchronization sites for international time authentication | |
Compromise of Financial Data Transmitted Over the Internet |
Use SET compliant products to encrypt Financial Data (e.g., Credit Card Numbers) |
Netscape LivePayment Software Encryption |
Category 1 Security Incident |
Defense Information Systems Agency (DISA) Security Incident Response Team (ASSIST) |
ASSIST Consulting Service/Security Advisories26 |
C.3.0 SECURITY REQUIREMENTS
DCN/ICN security requirements include physical security of the MOCC and security of the information and collaboration services provided by the MOCC. Security of subscriber facilities remains with the individual subscriber or subscriber's parent organization.
C.3.1 Subscriber Facility Security Requirements
Security for the subscriber's facility is the responsibility of the subscriber or the subscriber's parent organization or enterprise. The DCN/ICN will provide a list of the security products that it uses to protect the MOCC and the information repositories under its control. Part of the security architecture will include the use of one time passwords as part of the user authentication strategy. Products for this function will be specified as part of the hardware/software qualification matrix for pilot program end users. In addition, the DCN/ICN will provide security alerts to its subscribers, should a security threat or incident be discovered.
C.3.2 MOCC Facility Security Requirements
The MOCC facility security will include security of the MOCC hardware, software and information repositories that provide information and collaboration services to DCN/ICN subscribers.
Table C.3.2-1 DCN/ICN Security Requirements
Requirement ID |
Requirement Description |
10 |
Monitor all incoming files, programs for viruses. |
20 |
Monitor all information server storage devices and main memory units for viruses. |
30 |
Inoculate all MOCC workstations with anti-virus software and refresh the inoculation on a monthly or event-driven basis. |
40 |
Log all security events and provide periodic security event reports. |
50 |
Authenticate all producers and consumers of DCN/ICN resources. |
60 |
Safeguard all personal subscriber, content provider, or advertiser information including credit card numbers and financial information. |
70 |
Implement intrusion detection mechanisms to detect unauthorized users of DCN/ICN resources. |
80 |
Control access to MOCC hardware and software resources. |
90 |
Control access to Mailing List Groups to authorized subscribers. |
100 |
Control access to forums to authorized subscribers. |
110 |
Control access to Comment/Annotation tools to authorized subscribers. |
120 |
Control access to newsgroups to authorized subscribers. |
130 |
Control access to E-Mail addresses to authorized subscribers. |
140 |
Control access to organizational directories to authorized subscribers. |
150 |
Control access to publications to authorized subscribers. |
160 |
Control access to application sharing programs to authorized subscribers. |
170 |
Control access to file transfer privileges to authorized subscribers and MOCC personnel. |
180 |
Control access to Java applets to authorized subscribers and MOCC personnel. |
190 |
Control access to Audio-Conferencing Collaboration Tools to authorized subscribers and MOCC personnel. |
200 |
Control access to MOCC Web information servers to authorized subscribers and MOCC personnel. |
210 |
Report category 1 security incidents to DISA ASSIST. |
C.4.0 INITIAL MOCC SECURITY ARCHITECTURE
The MOCC security architecture consists of security policies, and supportingnetwork, software and hardware products that implement these policies. The policies are derived from the security requirements identified in Table C.3.2-1.
C.4.1 Security Policy and Architecture Overview
A summary of the top-level security policy areas, policies, supporting architecture and candidate products is shown in Table C.4.1-1.
Table C.4.1-1 MOCC Security Policy Area, Policy and Supporting Architectures
Security Policy Areas |
Requirement ID |
Preliminary Policy |
Supporting Architecture |
Candidate Products |
Access Control |
||||
Local Access |
80 |
All MOCC support personnel using local access machines will have user identifications and passwords for access to the Information Servers or MOCC operational support software. Passwords will be changed at least every 90 days. |
COTS Software: Local Area Network Solaris User ID/Passwords for Web server (Galaxy) and database server (Condor) User ID and Password for Oracle Database Instance |
Solaris Operating Systems (in-house); Oracle RDBMS (in-house) |
Remote Access |
80 |
All MOCC support personnel using remote access will use one time passwords. |
COTS hardware and software: Remote Access Communication Server |
Shiva Remote Access Server (in-house) |
Internet Access |
80 |
All users with Internet access to DCN/ICN resources will use one-time passwords. |
COTS Authentication Client/Server hardware and software |
SecureID, SoftID for clients27; ACE/Server® security software for UNIX server |
User Authentication |
||||
Strong User Authentication |
50 |
All DCN/ICN subscribers will be authenticated for each DCN/ICN session. |
COTS Authentication Client/Server (client software and PCMCIA token cards; server software) |
SecureID, SoftID for clients28; ACE/Server® security software for UNIX server29 |
Virus Risk |
||||
Virus Inoculation |
30 |
Workstation and server resources will be inoculated with anti-virus programs and re-inoculated on a monthly or event-driven basis. |
COTS Virus Inoculation Software for UNIX servers and client Windows 95 workstations |
|
Virus Detection |
10,20 |
All E-Mail, and files uploaded from any source to the DCN/ICN information servers will be scanned for software viruses. |
COTS Virus Detection Software for UNIX servers and client Windows 95 workstations |
VirusScan for Solaris; VirusScan for Windows 95 |
Virus Identification |
10,20 |
Identify all detected viruses and include description in security event reports. |
COTS Virus Identification Software for UNIX servers and client Windows 95 workstations |
VirusScan for Solaris; VirusScan for Windows 95 |
Virus Eradication |
10,20 |
Eradicate all identified viruses and include action in security event reports. |
COTS Virus Identification Software for UNIX servers and client Windows 95 workstations |
VirusScan for Solaris; VirusScan for Windows 95 |
Data Protection |
60 |
All personal information including names and credit card numbers will be safeguarded from interception during communication between authorized subscribers and the MOCC. |
COTS E-Mail Security for MIME: |
1)TIS/MOSS SW encryption program using DES32 for E-Mail33
|
External Hacker and Espionage |
||||
Intrusion Detection |
70 |
All user logins will be written to a security log file. |
Bastion Firewall |
|
Functional Security |
||||
130 |
E-Mail addresses will be hidden except to authorized DCN/ICN subscribers. E-Mail directory services will require strong authentication for authorized DCN/ICN subscribers. |
COTS Bastion Firewall E-Mail Proxy Server COTS whois Proxy Server |
Gauntlet Internet Firewall Simple Mail Transport Protocol (SMTP) Proxy39 Gauntlet Internet Firewall whois Proxy | |
Newsgroups |
120 |
Newsgroups services will require strong authentication of authorized DCN/ICN subscribers. |
COTS Bastion Firewall or shareware Network News Transfer Protocol (NNTP) server |
Gauntlet Usenet News (NNTP) Proxy |
Mail-Lists |
90 |
Mail Lists services will require strong authentication of authorized DCN/ICN subscribers. |
COTS Bastion Firewall E-Mail Proxy Server |
Gauntlet Internet Firewall SMTP Proxy40 |
Forums |
100 |
Forums will require strong authentication of authorized DCN/ICN subscribers. |
COTS Bastion Firewall HyperText Transfer Protocol (HTTP) Proxy Server |
Gauntlet WWW (HTTP, SSL, and SHTTP) Proxy |
Application-Sharing |
160 |
Application Sharing services will require strong authentication of authorized DCN/ICN subscribers.41 |
Confirm/authenticate participants by separate channel (e.g., telephone) |
NA |
File Transfer |
170 |
File transfers (uploads) to information servers will require strong authentication of authorized MOCC personnel. File transfers (downloads) will require strong authentication of authorized DCN/ICN subscribers. |
COTS Bastion Firewall File Transfer Protocol (FTP) Proxy Server |
Gauntlet Internet Firewall FTP Proxy42 |
Comment-Annotation Servers |
110 |
Comment/Annotation services will require strong authentication of authorized DCN/ICN subscribers. |
COTS Bastion Firewall HTTP Proxy Server |
Gauntlet WWW (HTTP, SSL, and SHTTP) Proxy |
Web Access Control |
200 |
Access to Web information services will provide strong user authentication of authorized DCN/ICN subscribers. |
COTS Bastion Firewall HTTP Proxy Server with Web Access Control |
Gauntlet WWW (HTTP) Strong User Authentication43 |
Audio-Conferencing |
190 |
Access to Web audio conferencing services will provide strong user authentication of authorized DCN/ICN subscribers. |
Verify E-Mail address of authorized DCN/ICN users through authenticated whois server on Firewall |
Gauntlet "whois" proxy server |
Java Servers |
180 |
Information services will require strong authentication of authorized DCN/ICN subscribers. |
COTS Bastion Firewall HTTP Proxy Server |
Gauntlet WWW (HTTP, SSL, and SHTTP) Proxy |
Security Audits and Event Monitoring |
||||
System Security Check-Up |
40 |
Periodic system security check-ups will be performed to assess security health of DCN/ICN resources. |
Application gateways (or proxies) Bastion Firewall |
TIS Gauntlet44
|
System Security Reporting |
40 |
Periodic system security reports will be provided to the MOCC Manager. |
Audit Logs from Bastion Firewall Electronic-Mail |
TIS Gauntlet provides audit logs. Lotus cc:Mail (in-house) may be used to disseminate reports. |
Category 1 Security Events |
210 |
Category 1 Security Events will be immediately reported to the MOCC Manager and to DISA ASSIST. |
Telephone |
N/A |
A pictorial view of the Firewall Architecture (Figure C.4.1-1) as part of a perimeter network shows a Bastion Host that acts as the firewall between the remote users on the Internet and the DCN/ICN Web and information servers that reside on an internal network within the MOCC. The Bastion Host provides transparent proxy services for dynamic Web page access, file transfer, and E-Mail services. A user authentication server also on the Bastion Host provides authentication of remote users who use authentication software or authentication token (PCMCIA) cards to request services with one-time passwords.
Figure C.4.1-1 MOCC Firewall and User Authentication Architecture
C.4.2 Security Component Features/Functions
The security component in the DCN/ICN includes the following COTS products:
· Gauntlet Firewall (Trusted Information Systems).
· SecureID and SoftID Authentication Tokens (Security Dynamics).
· AceServer Authentication Server (Security Dynamics).
· Antivirus Software for both Windows clients and Sun Solaris servers (McAfee Associates).
· POTPTM Secure E-Mail (Elementrix).
C.4.2.1 Trusted Information Systems Gauntlet Firewall
The Gauntlet Internet Firewall is an application-based firewall, featuring the most secure firewall design in the industry. The Gauntlet product features:45
· Complete firewall transparency through the proxies (and so, without sacrificing security),
· Industry standard firewall-to-firewall encryption (strong encryption that is exportable),
· The only "Crystal Box" firewall -- source code standard,
· Support for more strong user authentication devices than any other firewall,
· Secure, integrated GUI management tools (via any web browser),
· A cryptographic system integrity checker,
· Built in "smoke alarms" -- allowing real-time notification of unauthorized activities,
· Secure information gateway allowing safe deployment of web or FTP server on firewall system, and
· A set of application gateways (proxies) for services (see services below) integrity checker.
The Gauntlet Internet Firewall includes proxies for the following services:
· Terminal Services (TELNET, Rlogin, TN3270).
· File Transfer Protocol (FTP).
· Electronic Mail (SMTP, POP3).
· WWW (HTTP, SSL, and SHTTP).
· Gopher.
· X Window System (X11).
· Printer.
· Remote Execution (Rsh).
· RealAudio.
· Sybase SQL.
There is also a proxy that acts as a "patch panel" for simple services in a one-to-one or one-to-many configuration, called the "plug gateway." Through this gateway, the Gauntlet Internet Firewall supports:
· Finger.
· Usenet News (NNTP).
· Whois.
· The HTTP proxy supports Java Guard.
The Gauntlet Internet Firewall supports the following devices:
· CryptoCard, from CryptoCard.
· Digipass.
· Fortezza from NSA (as an option).
· SafeWord AS from Enigma Logics.
· S/Key software from Bellcore (freely available).
· SecurID from Security Dynamics.
· SecurNet Key from Digital Pathways.
· Vasco.
C.4.2.2 Security Dynamics User Authentication Tokens
User authentication is provided by either a PCMCIA token or software on the client PC and an authentication server on a security server computer.
C.4.2.2.1 SecurID User Authentication Token
The SecurID token provides an easy, one step process to positively identify network and system users and prevent unauthorized access. Used in conjunction with Security Dynamics' hardware or software Access Control Modules (ACMs), including ACE/Server®, the SecurID token generates a new, unpredictable access code every 60 seconds. SecurID technology offers crackproof security for a wide range of platforms in one easy-to-use package. To identify and authenticate an authorized system user, two factors are necessary. Factor one is something secret the user knows: a memorized Personal Identification Number (PIN) or password. The second factor is something unique the user possesses: the SecurID token. The SecurID product features include46
· Easy, one-step process for positive user authentication.
· Prevents unauthorized users' access to information resources.
· Authenticates users at network, system, application or transaction level.
· Generates unpredictable, one-time-only access codes that automatically change every 60 seconds.
· No token reader required; can be used from any terminal, PC, laptop or workstation -- ideal for remote access.
· SecurID tokens may be used across all ACMs for multiple platform enterprise security.
· Lifetime warranty.
· Tamperproof.
C.4.2.2.2 SoftID User Authentication Software
SoftID one-time password software provides an easy, one-step process to positively identify network and system users and to prevent unauthorized access. Used in conjunction with Security Dynamics' ACE/Server® Network Security Software or hardware-based Access Control Modules (ACMs), SoftID is a client side software packge based on the award-winning, patented, SecurID® technology. Generating a new, unpredictable access code every 60 seconds, SoftID provides a cost-effective and easy-to-use security solution for network users. The SoftID product features include47
· Software-based one-time password user authentication.
· Generates an unpredictable, one-time-only access code that automatically changes every 60 seconds.
· Provides a higher level of security than the reusable password.
· Easy, one-step process for positive user authentication.
· Prevents unauthorized user access to information resources.
· Centralized network authentication and administration via ACE/Server.
· SoftID may be used across all ACE/Server and ACM protected networks for multiple platform enterprise security.
· Allows for manual authentication procedures using familiar SecurID-like interface at the login screen.
C.4.2.3 AceServer Authentication Server
ACE/Server® security software is the first step in securing enterprise network environments. Operating on a wide variety of UNIX®-based platforms, ACE/Server establishes a protective perimeter around selected network-based resources. Used in conjunction with a SecurID® token, ACE/Server centrally authenticates a user's identity, allowing only authorized users access to protected network resources. For the user, logon procedures are quick and simple. Administration time and effort is reduced thanks to an easy-to-use point-and-click interface and central management of all administrative and reporting functions. The AceServer product features include:
· Cost-effective access security scaleable to enterprise networks.
· Easy to manage, centralized network authentication and administration.
· Supports enterprise user populations.
· Easy-to-use point-and-click administration.
· Customizable auditing and reporting.
· Provides seamless integration with existing enterprise applications.
· Compatible with leading products of remote and ISDN access, Internet firewall, communication server and network application vendors.
· Authentication API available.
· Slave server available as hot back-up to ensure accessibility of authentication services.
· Operates on Sun, IBM and Hewlett-Packard UNIX platforms.
C.4.3 Antivirus Software
Computer viruses are computer programs that attack a computer's hardware or software often destroying data, application software or the hosts's operating system either in memory or stored on a computer's hard disk. These viruses are unintentionally received through disks, bulletin boards, E-Mail, the Internet, and networks. More than 5000 viruses have been detected and identified and it is estimated that more than 100 new viruses are created each month. Antivirus software detects and removes known viruses.
C.4.3.1 VirusScan for Windows 95 Platforms
VirusScan for Windows 95 from McAfee Associates is the leading antivirus COTS product for Windows 95 based platforms. VirusScan superior detection rates are the envy of the industry, more than 20% better than the number two market leader. VirusScan provides the following features:48
· Consistently detects over 96% of the more than 5000 known viruses maintained by independent testing labs.
· Awarded Windows 95 logo - meets standard Microsoft Windows 95 requirements.
· Award-winning, patented Code Trace(tm) and Code Matrix(tm) technology to efficiently pinpoint known, generic and even new and unknown boot, file, multi-partite, stealth, mutating, polymorphic and encrypted viruses.
· World Proven -- employed by more than 20,000 corporations and organizations worldwide.
C.4.3.2 VirusScan for Sun/Solaris Platforms
VirusScan for Solaris includes everything needed for quick, easy installation onto the Solaris 2.4, Sun OS 4.1x, or Linux versions of UNIX. It provides on-demand detection of PC viruses hosted on UNIX systems and includes the following UNIX Native features:49
· Supports standard UNIX command line conventions to allow combined use with third-party applications.
· Supports scheduled operation via Cron.
· Optional symbolic link resolution.
· Recursive directory tree scanning.
· Compressed file scanning.
· Ability to restrict scans from crossing file system boundaries.
· Alerts and logging on virus incidents.
C.4.4 E-Mail Encryption Software
Protection of a subscriber's E-Mail messages is achieved through software encryption.
C.4.4.1 POTPTM Secure E-Mail (Elementrix)50
The new POTP(TM) Secure Mail encrypts the entire message, including attachments, before it leaves your PC. The entire process is automatic. There is no need for any manual key distribution, key management or trusted third parties. POTP(TM) Secure Mail is a POP3/SMTP client that works over TCP/IP protocol. POTP(TM) Secure Mail is based on Pronto/IP by CommTouch Software, Inc of San Mateo, CA. Pronto is the basis for a number of popular E-Mail clients, such as the Internet Messenger module of Delrina's Communication Suite. Pronto/IP supports PCs running under Windows that communicate with a host via TCP/IP or related protocols. It requires a TCP/IP stack on the PC side and POP3/SMTP on the host side. Some of the features of POTP include:51
· No Encryption Passwords.
· No Public or Private Keys.
· No Master or Session Keys.
· No Key Management Required.
· No Key Escrow or Trusted Third Parties.
· No Key Distribution Servers.
· No Access Codes.
· No Substantial Overhead on the line (< 1%).
· No Special Training Required.
· Real Time Encryption.
C.4.4.2 PC CryptoTM(Mcafee) 52
PCCryptoTM allows users to easily secure documents, spreadsheets, graphics, and PC data on desktops and laptops from hackers and information brokers in an easy to use Windows based interface.
PCCryptoTM features include:
· Encrypt/decrypt files, email and clipboard information with pass-phrases up to 50 characters.
· Options to compress data before encrypting, and record activity and track passwords in logfile.
· Strong encryption of 160-bit and 40-bit keys to stop unwanted viewers and information theft.
· Unique secure-self extracting files users can send to anyone without PCCrypto at the receiver.
Easy to Use Encryption
· Unique secure self-extracting file option allows users to send private information to anyone, using just one copy of PCCrypto.
· Encrypt up to 1,000 files into a single secure file or self-extracting file.
· Decrypt entire secure file or select desired files inside to decrypt individually.
· LZ77 data compression to reduce encrypted file sizes for Internet transfers.
· Password manager and logfile for auditing and password tracking of encrypted data.
· Easy to remember pass-phrases up to 50 characters.
· Wipe utility to permanently erase files, clean excess disk memory.
· File before Encryption.
System Requirements
· CPU running Windows.
· Windows 3.x/95/NT.
· One MB Space on HD.
New Features in V.1.01
· Windows NT Support.
· Long file names.
18 McAfee Associates; Internet URL: http://www.mcafee.com.
19 Source: Internet URL: http://www.tis.com.
20 Source: InternetURL: http://www.securid.com.
21 Source: Internet URL:http://draco.centerline.com: 8080/~franl/crypto/one-time-pad.html.
22 Managed/largely written by Dan Farmer, COPS is a suite of shell scripts that forms an extensive security testing system; there's a rudimentary password cracker, and routines to check the filestore for suspicious changes in setupid programs, others to check permissions of essential system and user files, and still more to see whether any system software behaves in a way that could cause problems. V1.04 is written in Perl and UNIX shell scripts. The latest version is very up-to-date on UNIX Security holes. Internet URL: http://www.cis.ohio-state.edu/in-line/faq/usenet/security-faq/faq.html.
23 Gene H. Kim, Eugene H. Spafford, Tripwire v1.2. Abstract: Tripwire is a highly portable, configurable tool to monitor changes in a UNIX file system. It keeps a database of inode information and message digests of file and directory contents based on a user-designed configuration file. When rerun, Tripwire will compare the stored values against the configuration flags and warn the operator of any deviations (changes, additions, accesses, etc.). Tripwire is extensively documented, has been ported to over 30 varieties of UNIX, and is highly recommended by anyone who uses it. Internet URL: http://www.cs.purdue.edu/coast/archive/data/categ2.html.
24 SATAN tests UNIX host systems to determine which Internet services are present and whether those services are misconfigured or contain vulnerabilities that an intruder could exploit. SATAN provides limited information on how to correct the vulnerabilities it identifies as well as a modest tutorial on host system security. SATAN can test individual hosts or entire networks of host systems. SATAN is an analysis and reporting tool only and does not break into systems or exploit new and/or rare vulnerabilities. Internet URL: http://csrc.ncsl.nist.gov/first/satan/satan.html#SATAN.
25 Courtney is a software product of the U.S. Department of Energy Computer Incident Advisory Capability (CIAC). It monitors the network and identifies the source machines of SATAN probes/attacks. Courtney receives input from tcpdump counting the number of new services a machine originates within a certain time window. If one machine connects to numerous services within that time window, Courtney identifies that machine as a potential SATAN host. Internet URL: http://ciac.llnl.gov/ciac/ToolsUNIXNetMon.html#Courtney.
26 DISA Center for Information Systems Security http://www.disa.mil/line/ cissmid.html.
27 Security Dynamics SecureID and SoftID Products; Internet URL: http://www.securid.com/ID233.22009/Security/softdata.html and http://www.securid.com/ID233.22009/Security/tokens.html.
28 Security Dynamics SecureID and SoftID Products; Internet URL: http://www.securid.com/ID233.22009/Security/softdata.html and http://www.securid.com/ID233.22009/Security/tokens.html.
29 Security Dynamics: AceServer Product: Internet URL: http://www.securid.com/ID233.22009/Security/ACEdata.html.
30 McAfee Inc. VirusScan for Solaris; Internet URL: http://www.mcafee.com/.
31 McAfee Inc. VirusScan for Windows 95; Internet URL: http://www.mcafee.com/.
32 Trusted Information Systems Crypto-Survey- Domestic Products; Internet URL: http://www.tis.com/docs/research/crypto/survey/dompage.html.
33 Trusted Information Systems TIS/MOSS Product Description: Internet URL: http://www.tis.com/docs/research/network/moss95.html.
34 Netscape: Netscape LivePayment White Paper (September 16, 1996); Internet URL: http://www.netscape.com/.
35 POTP(tm) Product Description from Elementrix; Internet URL: http://www.elementrix.co.il/elm_mail.html.
36 Trusted Information Systems Firewall Product, Gauntlet; Internet URL: http://www.tis.com/docs/products/gauntlet/summary.html.
37 The Gauntlet Internet Firewall supports the following devices: (1) CryptoCard, from CryptoCard; (2) Digipass; (3) Fortezza from NSA (as an option); (4) SafeWord AS from Enigma Logics; (5) S/Key software from Bellcore (freely available); (6) SecurID from Security Dynamics; (7) SecurNet Key from Digital Pathways; and (8) Vasco; Internet URL: http://www.tis.com/docs/products/gauntlet/summary.html.
38 Trusted Information Systems Internet Firewall Toolkit; Internet URL: http://www.tis.com/docs/products/fwtk/index.html.
39 Trusted Information Systems Firewall Product, Gauntlet; Internet URL: http://www.tis.com/docs/products/gauntlet/summary.html.
40 Trusted Information Systems Firewall Product, Gauntlet; Internet URL: http://www.tis.com/docs/products/gauntlet/summary.html.
41 Point-to-Point Application Sharing (PP-AS)may occur outside of the DCN/ICN collaboration/information servers. In this situation, confirm schedule by telephone for intended PP-AS sharing.
42 Trusted Information Systems Firewall Product, Gauntlet; Internet URL: http://www.tis.com/docs/products/gauntlet/summary.html.
43 Trusted Information Systems Firewall Product, Gauntlet; TIS' implementation supports strong user authentication by enforcing an uninterrupted connection from the client to the HTTP proxy. Internet URL: http://www.tis.com/docs/products/gauntlet/gauntletfaq.html#24.
44 Trusted Information Systems Firewall Product, Gauntlet. The Gauntlet Internet Firewall provides detailed audit logs of sessions. Internet URL: http://www.tis.com/docs/products/gauntlet/summary.html.
45 Trusted Information Systems Gauntlet Firewall Product FAQ; Internet URL: http://www.tis.com/docs/products/gauntlet/gauntletfaq.html#31.
46 Security Dynamics SecurID Token Product Description; Internet URL: http://www.securid.com/ID70.1290644817047/Security/tokens.html.
47 Security Dynamics SoftID Product Description: Internet URL: http://www.securid.com/ID70.1290644817047/Security/softdata.html.
48 McAfee Associates VirusScan for Windows 95 Product Description; Internet URL: http://www.mcafee.com/.
49 McAfee Associates VirusScan for Solaris Product Description; Internet URL: http://www.mcafee.com/.
50 Elementrix's POTPTM Secure E-Mail Product Description: Internet URL: http://www.elementrix.co.il/elm_mail.html#General.
51 Dynamic Key (POTP) Encryption Technology; Internet URL: http://www.potp.com/potp\potp.htm.
52 Mcafee PC Crypto Data Sheet, Internet URL: http://www.mcafee.com/prod/security/pccdatas.html.
