Abstracts of Recent Arficles and Literature

detection’ software and other audit tools that spot out- siders and suspicious network activity are less useful on intranets. It is better to have sophisticated new audit tools built for the Internet and intranets. These manage Web services, electronic mail, domain name service, file transfer protocol and Usenet news services. Intranet firewalls and passwords mean nothing if confidential data gets posted in a public place. It is best to post security documentation in hypertext on intranets. Com- puterworld Intranets,]uly 22, 1996,pp.Z-3.

A computer emergency response team policy, Charles Cresson Wood. This article points out the job security risk to those responsible for the security of computerized information systems in the event of sys- tem failure resulting in financial loss. It argues that prevention of system problems is far less expensive than after-the-event mitigation. It makes a distinction be- tween disasters and emergencies and focuses on the latter. The author recommends and provides guidelines for the establishment ofa computer emergency response team to provide accelerated problem detection, damage control and problem correction services. Information Management G Computer Security, Vol. 4, No. 2, 1996,~. 4.

Mobile secure telephones, Charles Brookson. This article describes GSM, a TMDA digital radio system which has more than 120 operators in over 60 countries and allows international roaming with only a contract between operators to initiate the agreement. The author details the security services provided for the protection of legitimate users, the measures taken to exclude un- authorized users and the procedures implemented to minimize international roaming problems. Information Management fi Computer Security, Vol. 4, No. 2, 1996, pp. 7-10.

Data security report. This article highlights the find- ings of an extensive, questionnaire-based programme of research into data security among medium-sized and large organizations in the UK. Comments are drawn on the ways in which new trends in information technol- ogy will affect data security and emphasizes the need for companies continually to re-evaluate and upgrade their data security measures. Information Management G Computer Security, bbl. 4, No, 2, 1996, pp. 14- 17.

Providing security for Unix networks, Bev Stymlest. This article describes the TurnStyle family of security products developed by Atlantic Systems Group to meet

the security needs of Unix-based networks. The author claims that the TurnStyle Security Systems’ product addresses internal security and offers powerful resistance to password-cracking programs run by hackers, while external access via the Internet can be securely control- led by the TurnStyle Firewall System and the TurnStyle Internet Module. Information Management fi Computer Security, Vol. 4, No. 2, 1996,~. 18-26.

Tough firewalls help users avoid getting burned, Gary Anthes. Firewalls are changing as fast as the Internet in order to keep up with new threats and changing usage patterns. Recent releases of improved usability, audit tools, multiprotocol support, protection against mali- cious Java applets and more. Because firewalls attempt to mirror often-complex user security policies, they can be tricky to set up and unforgiving or errors. Over recent months, the following companies have released Internet security products. Trusted Information Systems Inc. Has released version 3.2 of its Gauntlet Internet Firewall which blocks Java applets from attacking cor- porate hosts and can be managed from a central site. It also has the ability to encrypt communications among remote users and the corporate network.

Raptor Systems Inc. has introduced new versions of Unix and Windows NT-based Eagle firewalls. Eagle 4.0 for Unix offers encryption to secure data that travels over a public network. Network-l Software & Technol- ogy Inc.‘s FireWalVPlus 2.0 filters IP packets and can block other protocols as well. The company has added auditing and reporting tools to its InterLock firewall service. The company has added a filter that allows administrators to block access to particular Web sites and the ability to block Java applets. Computerworld,August 5, 1996, p. 58.

Teleworking: threats, risks and solutions, Alice Stur- geon. Here, the author provides a definition of, and background to, teleworking: points out the advantages to organizations and employees, and the economic and demographic factors which have encouraged its growth. The article examines the security threats and vulner- abilities which are inherent in teleworking and assesses the risks associated with employees working on sensitive material from a remote site. The author postulates a framework for threat and risk assessment with a generic model, and a specific example using a hypothetical telework situation. Information Management G Computer Security, Vol. 4, No. 2, 1996,~~. 27-38.

320