In-Depth

HP Throttles Viruses, Cracks OpenView Identity

The latest security announcements from Hewlett-Packard

• By Mathew Schwartz
• 12/15/2004

Virus troubles? Just throttle them.

A new initiative from HP would allow security managers to decrease the bandwidth allowed to viruses, slowing their spread and mitigating network denial of service, a common side effect of today’s fast-spreading viruses and worms.

“We have seen a rapid increase in threat velocity, meaning it’s more difficult for consumers and administrators to protect their systems,” says Tony Redmond, vice president and chief technology officer of HP Services.

The virus-throttling announcement is part of the HP Security Incident Management Program, one of several new HP announcements of services and software for consumers, small to medium-sized businesses, and large enterprises. The Security Incident Management Program is actually a package of services for protecting against a range of security threats, including threat analysis and response, vulnerability detection, antivirus, and intrusion detection and response. It should be available in early 2005.

Why is HP doing this? “We want security features to be built in—not bolted on—to proactively help defend all types of technology environments, from a home PC to a data center,” says Redmond, noting today’s security measures are too reactive. “We believe a new approach is necessary, to drive more intelligence into the computers we use, so they can resist attacks—purely, if anything, to give back time to human administrators.”

Virus throttling, for example, would buy administrators remediation time by reducing network connectivity for computers displaying virus-like behavior—say, attempting to send 50 e-mail messages per minute, or scanning all IP addresses on a network segment. While virus throttling will initially be network-centric technology, “the expectation is, as this progresses, we’ll eventually be applying this to the PC client as well,” says Scott Swist, the worldwide marketing manager for HP’s security and personal systems group.

Trusted Computing Initiatives

HP also announced its PCs will work with Trusted Computing Group (TCG) standards, which include hardware-based methods for improving the trust of endpoints. Besides HP, other TCG participants include AMD, IBM, Intel, and Microsoft.

“We’re now providing multifactor authentication” for notebooks, and some workstations, says Swist, provided they have the new AMD chipset that supports the Trusted Platform Module (TPM) specification. According to “The Role of TPM in Enterprise Security,” an IBM white paper, “establishing trust in a remote computer system is an essential building block for distributed system. Unfortunately, trust is a hard property to achieve without appropriate hardware support.” Hence the use of TPM. One of its more-notable duties, says the report, is protecting against “system software.”

To implement TPM, HP Protect Tools software on HP PCs now has a credential manager IT managers can use to more easily manage BIOS and smart cards, roll out automatic encryption for hard drive contents, or to allow single sign-on across the network from the PC’s log-in screen. That all goes “a long way to taking down to the end user the ability to apply, and the practical means to apply, practical authentication. So you’re not going to have the need anymore for customers to remember all these IDs and password credentials to get into every account. Now they can actually use a long and difficult password,” Swist explains.

Extending Federated Identity Management

As identity management programs mature, businesses want to stitch their authentication capabilities together with partners and suppliers. Hence HP added new capabilities to HP OpenView, widely used enterprise management software. In particular, customers were asking for “the ability to authentic a much broader audience … allowing partners and external folks to all be authenticated,” says Swist.

The new HP OpenView Select Federation will allow users to deploy federated identity management services, including single sign-on. The same is true for Web site and applications using HP Select Access, Web-based, single sign-on software that’s also part of HP OpenView. These capabilities, says HP, allow users “to offer their business partners and end-users secure, personalized access to information that may reside on systems and Web sites operated by trusted third parties.” Also for managing these cross-enterprise permissions, “we’re connecting all the dots, and providing this centralized console, for safer focus,” says Swist.

HP OpenView Select Federation comes in two versions: “enterprise” covers business-to-business and cross-enterprise applications, while “premium” is for customer-facing applications, including telecommunications and mobile industries. Both work with Liberty Alliance, SAML, and WS-Federation protocols.