LAS VEGAS -- Less than a week after admitting that a disk with sensitive employee information was lost or stolen, Alcatel-Lucent (Quote) today introduced a networking card designed to lock in data on laptops.
Alcatel-Lucent unveiled the OmniAccess 3500 Nonstop Laptop Guardian at the 2007 Interop networking show in Las Vegas, though the company first previewed the product at the Demo show in February.
The Guardian is a Linux-based notebook PC card loaded with security software that checks against a remote server to validate that the notebook hasn't been reported lost or stolen.
Unlike local PC-based solutions, which rely on a client PC stored encryption key, OmniAccess 3500 Nonstop Laptop Guardian is controlled by a remote server that is accessed by either wired LAN (define), WLAN (define) or a wireless 3G connection.
OmniAccess
OmniAccess 3500 Nonstop Laptop Guardian.
Source: Alcatel-Lucent
Alcatel-Lucent officials argue this approach provides remote-user, data-loss prevention by locking notebook data as soon as a notebook is lost, stolen or otherwise unaccounted for.
"What the product does is it solves what CIOs often refer to as the mobile blind spot... as soon as I unplug my laptop and leave the enterprise there really is a lack of visibility and control," Dor Skuler, general manager of enterprise security products at Alcatel-Lucent, told internetnews.com.
"The way the solution works is its based on a PCMCIA card with a hardened version of Linux, its own battery and a 3G modem. The benefits enterprises get are the ability to have notebook visibility and control anytime anywhere."
For the card to work, users install the Guardian and turn the notebook on. The card negotiates with the central server to identify the notebook and unlocks user data and access. In case the notebook is reported lost or stolen, the central server administrator can revoke the notebook's certification and encryption keys.
At that point, the notebook's data is encrypted and the data is secured. The encryption keys don't exist on the local PC and only exist on the server, making it nearly impossible for an unauthorized entity to access the data.
Skuler explained that as long as the card is plugged in users can still log into their machines. But there is a timer-based system on the card so the user needs to connect to the central server at regularly specified times, which are defined by the IT organization.
For example, if the user is in the mountains without any access either by wired, wireless or cellular 3G beyond the preset time period, the timer will lapse and the notebook will be locked. The user would then have to call their IT department and let them know and they need to reset in order to regain access.
In addition to the lock-down benefits provided by OmniAccess 3500 Nonstop Laptop Guardian, the card also provides improved security overall for remote users.
Instead of connecting to the public Internet over an unsecured connection, the OmniAccess 3500 Nonstop Laptop Guardian provides an automatically established VPN (define) tunnel back to the enterprise so all data transport is encrypted and secured by an enterprise's existing security policies and infrastructure.
While VPN usage is often associated with reduced-access speeds, Skuler noted that with the Alcatel-Lucent solution the notebook user's performance is actually improved.
"We're taking away processing time from the notebook, with VPN tunnel processing all done on the card," Skuler said. "There is also a hardware accelerator both on the card and on the hardware appliance to compress traffic."
Though the hardware side of the equation is obviously a key part of the Guardian, software plays a key role, too. While the card is intended to run on Windows PCs, the card itself runs Linux.
Skuler declined to comment on which particular vendor of version of Linux Alcatel-Lucent was running on the card other than to say it's from a major Linux vendor.
He also noted that Alcatel-Lucent hardens the Linux operating system on the card and does not allow it to run any executables other than control functions from the central server.
That said, the card is running a fully featured version of Linux and runs the application and personal firewalls, IPsec VPN (define) client, encryption-key functionality and Web proxy as part of the solution.
In combination with Alcatel-Lucent's OmniAccess Safeguard product, the OmniAccess 3500 Nonstop Laptop Guardian can also be brought into full compliance with a NAC (network access control) policy.
"We can enforce NAC policies at the notebook level making sure that they are always enforced regardless of the network," Skuler said. "We're calling that LAC -- local access control."
OmniAccess 3500 Nonstop Laptop Guardian is expected to be generally available later this year.
http://www.internetnews.com/security/article.php/3679026