GAO Outlines Gaps in Security

Vendors look to fill product void as federal General Accounting Office identifies technologies such as fingerprint recognition that could better protect networks.

A little over a year after the Federal Information Security Management Act went into effect, government agencies continue to be dogged by network vulnerabilities and slow reform. To point agencies in the right direction, the U.S. General Accounting Office last week enumerated 18 technologies in five categories to better protect networks.

With the GAOs advice as a backdrop, the Federal Office Systems Expo will open here this week with the spotlight on information security—and vendors are leaping to the call for help.

DigitalPersona Inc., in partnership with Microsoft Corp. and GTSI Corp., plans to roll out a new version of its enterprise password automation technology based on fingerprint identification. According to the Redwood City, Calif., company, Pro 3.0 will change password management by making it fully automated.

In its report last week, the GAO identified fingerprint recognition as a potentially helpful authentication technology for agencies but cautioned that it doesnt work for about 2 to 5 percent of people. In addition, the GAO said, fingerprint recognition scanners can be prone to error and some can be "tricked" into taking latent prints that were reactivated.

GAO security categories

  • Access control: To restrict unauthorized users
  • System integrity: To ensure that data is not corrupted
  • Cryptography: To ensure data is accessible only to authorized users
  • Audit and monitoring: To perform investigations during and after attacks
  • Configuration management: To change security settings

Valt.X Technologies Inc. will unveil Cyber Secure hard disk drives, which the Ontario company heralds as the greatest advance in securing hard drive data since the invention of the hard drive. The "Valt.X Security Computer on a chip" locks in place a known clean image of data, which prevents unauthorized changes by allowing users to revert to the clean data upon restarting a computer. With the new system, data on the hard drive is encrypted in real time, and the technology automatically deflects viruses, spyware and other hacker attacks.

While noting the importance of cryptography to agencies network security, the GAO warned that encryption technology, to be effective, must be an integral component of enforced security practices.

In the conferencing arena, even conferences over instant messaging technology can be secure, according to Scientific Devices Inc., which plans to announce a system that allows workers at remote offices to join calls for a cost-effective meeting. Audit trail functions come included in the new system from the Ridgefield Park, N.J., company.

In the wireless realm, Senforce Technologies Inc., a maker of location-based enterprise security software in Orem, Utah, is teaming with Panasonic Computer Solutions Co. and GTSI to offer a new way for organizations to deploy wireless technologies in robust notebook computers. The joint initiative is responding to a secure computing directive from the Pentagon, but it applies to enterprise mobile workers as well.