Two Solutions For the Road
"As our government evolves and is becoming more mobile, workers are required to get out of the offices, and more and more of them are going wireless," says Kyle von Bucholz, senior wireless account manager for Chantilly, Va.-based PlanetGov, a VARBusiness 500 government reseller (No. 117). "But the federal government hasn't made it easy for its employees to go wireless because of security concerns." Von Bucholz cites the latest federal standard, called FIPS 140-2, which sets specifics on the various parameters of secured networks and what cryptographic techniques need to be employed (see csrc.nist.gov/cryptval/140-2.htm).
"While less than 5 percent of the federal government has gone wireless, that is mostly because of the security applications that have been lacking until recently," von Bucholz says. "The feds have mandated that wireless networks have to be protected and secured from outsiders, and, of course, we do a great business with these sorts of applications."
But as wireless proliferates, the opportunities for compromise become greater. The trouble is that even the best firewall isn't effective when someone brings a laptop into a network from the outside. The trick is being able to nip any infection at the source, before it starts to propagate around a corporate network. And while many government networks have policies and standards to install antivirus software and other protective measures on their desktops, they can't necessarily keep track of these roaming laptops.
Both San Francisco-based Zone Labs and Sunnyvale, Calif.-based SonicWall make use of software and hardware tools working together, though their products take different approaches. Zone Labs' Integrity Clientless Security software is an Active X control that is downloaded to what the company calls unmanaged end points when a user connects for the first time to the overall network. It works with Microsoft's IE Version 5 or better Web browser and can find keystroke logging tools, spyware, rogue dialers, hacker tools and other hard-to-detect, but undesirable, software. It is relatively simple to set up, consisting of a Java Servlet Page that is added to a Web server and running scripts to create the appropriate database tables and policies.
SonicWall's Global Security Client works in conjunction with its firewall appliances and a set of policies, which are enforced at the firewall and are set up via a series of simple Web pages, similar to how the other security features of the SonicWall products are configured. As with Zone Labs' solution, these policies can be centrally set and managed. And neither require additional IT support resources to install on each network client, something that has big appeal to busy VARs.
It's not easy to provide one set of wireless solutions because of all the various requirements and different federal agencies. "That's where we come in," von Bucholz says. "We brought up close to 17,000 remote clients to do wireless securely."