RE: application security

From: Venkat, Sanjay (svenkat@kpmg.com)
Date: 04/05/02


From: "Venkat, Sanjay" <svenkat@kpmg.com>
To: "'Tejinder Singh'" <tsingh13@earthlink.net>, Idan Dolev <IDolev@interwise.com>, "Secuirty-Basics (E-mail)" <security-basics@securityfocus.com>
Date: Fri, 5 Apr 2002 10:10:31 -0500 

Idan

There are multiple areas that you need to consider to secure your
application.

1. Securing Authentication into the applications
2. Securing Access control to resources in the application
3. Of course hardening the network and OS level is important too.

Netegrity plays a role in Authentication and Access control

Okena is at the host bases intrusion detection level puts checks at the OS
level by preventing an application from performing a set of tasks.

You will need to identify the areas that need most attention and select the
right product.

If you are trying to build the most secure application, then you might need
multiple products.

Sanjay

-----Original Message-----
From: Tejinder Singh [mailto:tsingh13@earthlink.net]
Sent: Wednesday, April 03, 2002 3:51 PM
To: Idan Dolev; Secuirty-Basics (E-mail)
Subject: Re: application security

Try Okena,

You can find it at www.okena.com

Tsingh

At 11:09 AM 3/31/2002 +0300, Idan Dolev wrote:
>Hi,
>
>We are looking into a product that will secure our application. Do you know
>where can I get a competitive analysis of the current products ?
>
>Pros and Cons for Appshile or Siteminder ?
>
>Best regards,
>
>Idan Dolev
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************