Portal Security on Campus -- Campus Technology

Portal Security on Campus

08/12/02

Securing campus Web portals involves addressing a host of issues—access control, authentication, privacy, and security management—while still providing the ease of use of a single sign-on. Because there are so many security products out there, we’ve chosen to focus this month’s Round-up on a few products that offer integrated solutions—that is, software that combines several approaches to the myriad portal security problems you might face.

Baltimore Technologies

Baltimore Technologies PLC offers several security solutions. SelectAccess 5.0 is the company’s newest access control product. With features designed to simplify deployment and make the product easy to use, Version 5.0 offers a single point of management for wired and wireless users; single sign-on; role-based access; concurrent, multiple directory support; and “management-free” installation and configuration. SelectAccess’s unique scanning mechanism automatically enumerates all network services and resources, such as URLs, dynamic pages, and portal links. By scanning the material, SelectAccess saves administrators from the time-intensive process of having to enter data by hand, which can result in typographical errors or simply the capturing of less data. SelectAccess components can be added in real time and configured automatically. In addition, SelectAccess supports many platforms and works with the leading Web and application servers, portals, and directories out of the box. Contact: Baltimore Technologies PLC, Needham, Massachusetts; (866) SECURITY; www.baltimore.com.

Entrust Secure Web Portal Solution

Entrust Inc. offers a suite of products designed to protect Web portals from unauthorized access and use. The suite—consisting of Entrust GetAccess, Entrust TruePass, and Entrust Authority software—provides identification, entitlements, verification, privacy, and security management capabilities for Web-based applications. Entrust GetAccess is standards-based entitlements software that serves as the security foundation for Web portals and includes support for wireless connections. Entrust TruePass, the company’s digital signature product, provides further customer identification and capitalizes on the strength of Authority, Entrust’s public-key infrastructure and security management portfolio. Entrust TruePass also provides transaction verification and audit trails. Because it works on both intranets and extranets, users can access a Web portal via the Internet or via their desktop intranet connections. TruePass 6.0 offers optional methods of authentication, such as smart cards and tokens. The suite is compatible with an array of Web portal applications. Contact: Entrust Inc., Addison, Texas; (888) 690-2424; www.entrust.com.

Aladdin’s eToken Enterprise

Unlike the other products profiled, the eToken secure access control product is a hardware, not software, solution. A portable USB device the size of a house key, eToken is now available in an enterprise version as a set of ready-to-use security solutions. For a campus portal, that might take the form of variously colored eTokens, with each color signifying a particular level of access to portal data. Staff might receive blue access tokens and students red access tokens, for instance. Systems administrators can easily integrate eToken into an existing security framework, providing increased protection for users’ everyday operations. Contact: Aladdin Knowledge Systems, Arlington Heights, Illinois; (800) 562-2543; www.ealaddin.com.

Netegrity’s Secure Relationship Management Platform

Netegrity Inc.’s Secure Relationship Management Platform provides customers with a platform for securing, delivering, and presenting enterprise resources for interactive e-businesses and campus portals. The platform combines identity management, single sign-on and access control with portal presentation and integration services. Integrated services are delivered as a set of shared services across all portal applications. Administrators can define user roles and resources as needed. The platform also offers integration with popular enterprise applications from Siebel Systems Inc., SAP America Inc., Lotus Development Corp., PeopleSoft Inc., and more than 75 other vendors. The suite consists of Netegrity’s Interaction Server 5.0, SiteMinder 4.6, SiteMinder Delegated Management Services 2.0, and Affiliate Management Services. Contact: Netegrity Inc., Waltham, Massachusetts; (800) 325-9870; www.netegrity.com.

Evidian’s PortalXpert

PortalXpert from Evidian offers plug-and-play centralized Web access control and single sign-on for intranet, extranet, and Internet users. PortalXpert builds an individual navigation menu for each user, based on institutional policy. Primary features include a welcome page customized for each user’s access profile, centralized auditing and tracking, and URL mapping, which enables administrators to hide confidential Web addresses behind the portal. Extended audit and alarm features enable security tracking and billing. A centralized security gateway acts as an intermediary between the browser and Web servers. PortalXpert plugs directly into existing Lightweight Directory Access Protocol (LDAP) directories and d'es not require any additional software, plug-ins, or cookies on either the browser side or the server side. It is compatible with leading portal and application server providers, which saves institutions from having to reinvest in order to achieve total integration. Contact: Evidian, Les Clayes-sous-Bois, France, www.evidian.com.

Sun ONE Portal Server

The Sun Open Network Environment (ONE) Portal Server (formerly iPlanet Portal Server) is the industry’s first identity-enabled portal server solution. It provides all the user, policy, and identity management tools to enforce security, single sign-on, and access capabilities for end-user communities. The Sun ONE Portal Server also delivers personalized content, applications and services to end users by dynamically aggregating information based on an end user’s role. The server works with a wide variety of authentication methods, such as Microsoft Corp. Windows NT domains, Unix, X.509 certificates, LDAP, Remote Authentication Dial-In User Service (RADIUS), and token-based mechanisms such as Secure Computing Corp.’s SafeWord, RSA Security Inc.’s SecurID, CryptoCard Corp.’s Cryptocard, Java Card technology, and smart cards. It can also provide access for various groups using a different authentication mechanism for each group. The Secure Remote Access Pack extends the capabilities of the Sun ONE Portal Server, delivering patented, on-demand, browser-based secure access to portal content and services from any remote device. It is a cost-effective, secure solution that is accessible to users from any device with a Java technology-enabled browser, eliminating the need for client software. Integration with the Sun ONE Portal Server ensures that users receive secure, encrypted access to the content and services that they have permission to access. Contact: Sun Microsystems Inc., Santa Clara, California; (800) 555-9SUN; www.sun.com.

E-Mail this page

Printable Format

Featured

Elon University and AAC&U Release Student Guide to AI

A new publication from Elon University 's Imagining the Digital Future Center and the American Association of Colleges and Universities offers students key principles for navigating college in the age of artificial intelligence.
NIST's U.S. AI Safety Institute Announces Research Collaboration with Anthropic and OpenAI

The U.S. AI Safety Institute, part of the National Institute of Standards and Technology (NIST), has formalized agreements with AI companies Anthropic and OpenAI to collaborate on AI safety research, testing, and evaluation.
Microsoft Intros Open Source Multi-Agent AI System

Microsoft researchers have unveiled a new open source multi-agent AI system, Magnetic-One, aimed to help enterprises automate complex tasks typically requiring human intervention.
New Research Confirms AI Can Exploit Image-Based CAPTCHAs, Alternatives Needed

Advanced AI can defeat CAPTCHAs designed to prove web actions are being performed by humans instead of machines, new research indicates.