With the increasing take-up of Windows NT for mission critical applications, Tel Aviv-based Memco Software Ltd is launching an NT version of its Unix-based SeOS Security for Open Systems secure access control software. It will be available by the middle of the year. Memco says SeOS for NT will address specific security holes in the […]
With the increasing take-up of Windows NT for mission critical applications, Tel Aviv-based Memco Software Ltd is launching an NT version of its Unix-based SeOS Security for Open Systems secure access control software. It will be available by the middle of the year. Memco says SeOS for NT will address specific security holes in the operating system including TCP/IP security protection. It claims the release will enable administrators to manage NT and Unix security using the same tools and that developers will be able to move Unix policies across to NT. SeOS monitors, updates and configures security policies. SeOS 2.0 contains some small enhancements over previous versions for generic file rules. Memco also believes that Microsoft Corp is, as Computergram heard last week, set to dump NT’s current Domains-based security model in favour of Unix’s Kerberos (CI No 3,112), and thinks it’s a good thing. Memco expects Microsoft’s endorsement to help ensure Kerberos becomes less of a lock-in strategy. At the moment Kerberos requires changes to client and server components of an application. It hopes that one day application vendors will integrate Kerberos into their software so that, for example, Sybase could read a Kerberos ticket natively. Memco says it will work with whatever kind of authentication is used under the hood, be it Kerberos, tokens or something else.
Memco is also preparing a second run at a single sign-on product after its initial Kerberos-based offering crashed and burned due to lack of interest. This time it is creating a single sign-on framework to work with whatever mechanism a user prefers, be that Kerberos, passwords, Smart Cards, tokens or public key encryption. The new framework is due by mid year. According to Memco, most technical issues to do with encryption or authentication mechanisms have already been resolved. It believes the key security issue which still needs to be addressed is deployment, part of which also means the widespread adoption, use and implementation of an authentication programming interface. It doesn’t seem too thrilled by either the GSS Generic Security Service or Tivoli Systems Inc authentication interfaces currently on offer. 55% of Memco’s $15.3m 1996 turnover came from direct sales, the rest from its reseller agreements with Platinum Technology Inc, Tivoli and others. Memco would love to become the Oracle Corp of security but believes that because the market is so diverse, embracing everything from firewalls and virus protection to encryption, smart cards, alerts and alarms, that no one single player is likely to dominate.