IBM Announces Security Software and Services to Protect the Enterprise

SOMERS, NY, September 27, 1995 . . . As part of its long-standing
commitment to data security, IBM today announced enhancements,
availability and pricing for a broad range of I/T security products and
services designed to protect the enterprise from intrusion.

The announcement includes:

o  the launch of the Emergency Response Service, which
   provides expert incident management skills to clients during and
   after electronic security emergencies;

o  a Customized Infiltration Tool Kit, to detect the most
   subtle weaknesses in a customer's Internet connection;

o  significant enhancements and price reductions on IBM's
   firewall product;

o  the announcement for secure Web servers and browsers;

o  enhancements to IBM AntiVirus software to support Windows 95;

o  the availability of a new version of RACF, IBM's award-
   winning Resource Access Control Facility, which now provides
   password synchronization across your RACF managed systems;

o  and the announcement of Internet-secure OS/400, the operating
   system for the world's most popular business computing system.

Emergency Response Team Operational Worldwide

In response to concerns about network infiltrations, IBM announced that its
Emergency Response Service for commercial businesses is now operational
for customers throughout the world. Chartered to provide swift, expert
incident management skills to clients during and after electronic security
emergencies, the emergency response team specializes in electronic
disasters that affect data processing capabilities, and is available to
customers on a subscription basis via IBM's Integrated Systems Solutions
Corporation (ISSC).

This global service periodically checks customers' networks and can act as
an extension of clients' I/T staffs.  In the event of a network break-in,
the team helps customers detect, isolate, contain and recover from
unauthorized network infiltration.  They are on call 24 hours a day, seven
days a week around the world. IBM team members, who have extensive
incident management experience, develop an understanding of customers'
networks and system architectures, as well as how their firewalls are
configured and maintained.

Customized Weakness Detection Kit

IBM's Customized Infiltration Tool Kit, a sophisticated set of tools to
detect security weaknesses in clients' Internet connections, is available
today.  With these tools, IBM can probe the subtlest weaknesses that the
most sophisticated hackers might try to exploit.

These tools exercise network connections that go beyond the capabilities of
most existing tools on the market and are customized to match clients'
specific network configurations.

The Customized Infiltration Tool Kit is part of IBM's I/T Security
Consulting offering, and was developed in conjunction with IBM Research's
Global Security Analysis Labs in New York and Zurich.

Advanced Firewall Security

As part of today's security announcements, IBM announces a new release and
a price reduction for its firewall, the Internet Connection Secured
Network Gateway, to promote its wider availability and advance the state
of security on the Internet. Formerly known as the NetSP Secured Network
Gateway, the Internet Connection Secure Network Gateway will be available
to the public on October 27.

The firewall now supports AIX 4.1.3, and operates with the popular RISC
System/6000 workstation.  It contains an encrypted IP tunnel that encodes
data from one firewall to another using DES, the Data Encryption Standard
invented by IBM more than 20 years ago, and Commercial Data Masking
Facility (CDMF), an exportable encryption technology used outside of North
America. The IP tunnel and key distribution is one of the first that is
based on the latest IETF specifications, providing the most advanced
technology for firewalls currently available.

The Internet Connection Secured Network Gateway also includes remote
administration and an alarm capability that allows a user to set alerts
that are triggered when certain errors or other security violations
occur.

Secure Web Servers and Browsers

IBM is also announcing the IBM Internet Connection Secure Web Servers for
the OS/2 and AIX platforms and IBM's Internet Connection Secure
WebExplorer for OS/2 Warp.  Using the industry standard protocols Secure
HyperText Transfer Protocol (S-HTTP) and Secure Sockets Layer (SSL), these
secure Web servers and browser will be commercially available on December
8.  IBM Internet Connection Secure Servers provide several security
methods for conducting commerce over the Internet, including public key
data encryption technology and the use of digital signatures.

Digital IDs Enhance Secure Web Clients and Servers

VeriSign and IBM are working together to allow users of IBM Internet
Connection Secure Web Browsers and Servers to enroll and receive their own
unique Digital IDs  using VeriSign's Digital ID Service, which ensures the
authenticity and privacy of electronic transactions and communications.

"IBM's commitment to security, both on the Internet and in the enterprise,
is further exemplified by our association with VeriSign," said Kathy
Kincaid, Director of I/T Security Programs, IBM.  "We are pleased to offer
Digital IDs to our customers to safely conduct business transactions over
the Internet."

"VeriSign is pleased to be working with IBM to provide our Digital ID
services to users of IBM Internet Connection Family of products," said
Stratton Sclavos, President and CEO of VeriSign, Inc.  "Digital IDs from
VeriSign will enhance IBM's innovative use of digital signatures, message
authentication and data encryption for secure WebExplorer for OS/2 Warp
clients and secure servers for AIX and OS/2 Warp."

VeriSign, a spin-off of RSA Data Security, provides Digital ID products and
services to open the electronic commerce marketplace to all consumers.

Anti-Virus Software and Services

IBM also announced that its IBM AntiVirus software will be available for
the Windows 95 platform in November.  IBM AntiVirus software provides
comprehensive virus detection, removal and protection for over 6,000 known
computer viruses, and is widely available on the OS/2, DOS, Windows,  and
NetWare platforms for $49.

IBM AntiVirus scans memory, hard disks, floppy drives and network servers
for thousands of viruses, including polymorphic viruses that change to
avoid detection, and viruses previously considered impossible to discover.
 To uncover unknown viruses, the software contains heuristics that attempt
to find viruses by watching for behavior that is characteristic of
viruses. IBM's anti-virus software products are available on the Internet
via IBM's AntiVirus home page at http://www.brs.ibm.com/ibmav.html.

RACF 2.2 Debuts

IBM's acclaimed Resource Access Control Facility (RACF) for MVS will debut
Version 2.2 this week on September 29.  RACF is a versatile, effective
security tool that protects MVS system resources from inadvertent damage
and deliberate misuse of data. New features for RACF 2.2 include password
synchronization and the ability to administer multiple remote RACF
databases with a single command, without logging onto the remote systems. 
RACF 2.2 also features a "remove ID" utility that eliminates security
problems created by old, unneeded user ID's, and has expanded its support
for OpenEdition MVS by providing security checking and auditing for the
XPG4 environment.  RACF 2.2 also provides enhancements to its PassTicket
support, an alternative to RACF passwords.  With RACF 2.2 you can now use
unique PassTicket keys for different RACF users and groups who need access
to the same secured application.

These new features build upon support provided in RACF 2.1, such as RACF's
sysplex data sharing support which uses the System/390 parallel sysplex
services to cache RACF data.  RACF also uses these services to transmit
selected administrative commands to peer RACF systems.  The administrator
can send these commands from one system to take effect on all systems
enabled for sysplex communication.

IBM has previously announced its intention to enhance RACF for VM by
providing support for the OpenEdition POSIX and Shared File System
features of VM/ESA.

Internet-Secure OS/400

IBM's AS/400 operating system, OS/400, offers a fully integrated set of
security features that have been evaluated to meet the U.S. Government C2
security criteria.  OS/400 Version 2 Release 3 is scheduled to receive the
C2 rating at the National Security Conference in October.  Subsequent
releases of OS/400 have been designed to meet C2 and IBM intends to
continue to participate in the government evaluation process.  Included in
the C2 evaluation was the AS/400 relational database DB2/400, which is
integrated into the operating system, and utilizes the same security
mechanisms as OS/400.  This ensures the integrity of information stored in
OS/400, as well as the security of user access to AS/400 computing
resources, providing customers with unmatched security for midrange system
computing.

IBM's AS/400 provides full individual accountability via a centralized
identification and authentication built into the system.  Users are
uniquely identified by a one-way DES encrypted password.

Since all sharable data is contained in encapsulated objects, discretionary
access control is maintained by each object manager using a system-wide
access algorithm.  Access to objects may be controlled through public,
private, or adopted authorities and may be managed through user groups and
common object authorization lists.

Additionally, AS/400 provides a highly configurable set of auditing
capabilities selectable to individual users, objects, or events.

Hardware and software encryption/decryption capabilities supporting data
confidentiality, non-repudiation, authentication, and data integrity are
also available on AS/400.

Today's announcements complement a wide range of I/T security offerings
already available from IBM -- from encryption hardware and software,
access control products, firewalls and security management and
administration, to DCE security services, IBM Global Network security
services and implementation services. Additional information on these
offerings can be found through the IBM I/T Security home page, at
http://www.ibm.com/Security.

IBM's security products support the security component of the Open
Blueprint.  A white paper with information about security in the Open
Blueprint is available for reference on the Internet at:
http://www.torolab.ibm.com/openblue/openblue.html.

For more information about other IBM products and services, see the IBM
home page on the World Wide Web, located at http://www.ibm.com.
 
 =========================================================
 From the 'New Product News' Electronic News Service on...
 AOL (Keyword = New Products) and Delphi (GO COMP PROD)
 =========================================================
 This information was processed from data provided by the
 company/author mentioned. For additional details, please
 contact them directly at the address/phone# indicated.
 Trademarks are the property of their respective owners.
 =========================================================
 All submissions for this service should be addressed to:
 BAKER ENTERPRISES,  20 Ferro Dr,  Sewell, NJ  08080  USA
 Email: rbakerpc@delphi.com  -or- RBakerPC (on AOL/Delphi)
 =========================================================
