DARPA, NAI, and Munchkins

Keith Dawson (dawson@world.std.com)
Sun, 20 Dec 1998 09:47:00 -0500


The InfoSec News list carried this story from IDG, URL not given. Here's
the salient bits; entire story below.

- - - - -

...DARPA is also working on a program, dubbed "Active Networks," which
is seen as an interim step towards the next-generation 'Net, Benze
said. The program envisions improving today's Internet infrastructure
to provide for more flexible and dynamic loading and routing, she said.

Instead of today's static routers, an Active Network will feature
networking nodes that will process packet headers and information and
relay information around the Internet using executable smart packets, or
"active agents," rather than static packets, Benzel explained. "So every
piece of information flowing through the network carries with it all the
information needed for it to be executed in the Internet," she said.

- - - - -

DARPA hires Network Associates to help secure next-gen 'Nets
By Elinor Mills, IDG News Service, 12/16/98

Network Associates, Inc. (NAI) yesterday announced that it is developing
security protocols and products for the next generation of computer
networks funded by the Department of Defense's Advanced Research Projects
Agency (DARPA).

DARPA, which funded development of the Internet in the 1970s, is helping
develop the next-generation Internet, which will be an overhaul of the
current global network, said Terry Benzel, director of NAI Labs' Advanced
Security Research Division.

In the meantime, DARPA is also working on a program, dubbed "Active
Networks," which is seen as an interim step towards the next-generation
'Net, Benzel said. The program envisions improving today's Internet
infrastructure to provide for more flexible and dynamic loading and
routing, she said.

Instead of today's static routers, an Active Network will feature
networking nodes that will process packet headers and information and
relay information around the Internet using executable smart packets, or
"active agents," rather than static packets, Benzel explained. "So every
piece of information flowing through the network carries with it all the
information needed for it to be executed in the Internet," she said.

NAI has three contracts with DARPA for the Active Networks program. Under
those contracts, NAI will develop: a security policy and working
prototypes of an active network that knows how to move the dynamic
information around; AMP software nodes that know how to receive the
information; and new cryptography that will be needed to secure the new
networks, Benzel said.

DARPA's Active Networks program has been under way for about a year and
has two more years to go, she said. DARPA expects to demonstrate the proof
of its concepts, but not its products in mid-1999.

NAI will use the technology it develops to create commercial products
that could appear as early as mid- to late-1999, according to Benzel. "The
results will feed into 'active security' as a product for NAI" down the
road, she said.

The active security concept involves having different components of
security technology work together, she explained. For instance, if an
intrusion detection system notices a security breach, it could send a
message to the firewall which could then shut down the gateway, log the
event and notify the console operator, Benzel said.

Most of the participants in DARPA's Active Networking program are
universities, with the exception of NAI and GTE-BBN Internetworking, she
added.

For the past 10 years, DARPA has been contracting with Trusted
Information Systems (TIS), which was acquired by NAI earlier this year,
said Benzel.

As a result of a 1993 DARPA contract to investigate the ramifications of
connecting private networks to a public data network, TIS invented the
"fwtk" application proxy firewall toolkit, and later developed Gauntlet,
the first commercial firewall, an NAI statement said. Four years later,
DARPA awarded TIS several contracts to investigate the need for faster
proxy firewalls.

-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".