UAP gets the thumbs down

An initiative to integrate security and bandwidth management acrossed as 'pie in the sky'. an enterprise has been launched that could result in a drastic reduction in the admin burden placed on network professionals.

The DEN-style Universal Access Profile (UAP) is intended to slash the number of firewall databases and router access lists network operators must control and ensure there is no conflict.

Firewall vendor Check Point is pushing the idea which involves setting security policies around users accessing LDAP and DHCP on the Wan.

Steve Barnett, managing director of Check Point UK, explained UAP meant an individual could be defined once and run anywhere, whilst still having their own security privileges and bandwidth access.

"There is an infrastructure to manage hardware but no infrastructure to manage traffic on a policy basis," he said.

It is the lack of such a policy management infrastructure that led to City dealing rooms putting passwords onto noticeboards, he said.

Niall Moynihan, Check Point technical manager, said that at the moment routers are controlled through access control lists and it is difficult to know if they are in conflict with firewall policies.

"The more rules you apply to a firewall the bigger the chance you mess something up," Moynihan said. "We're trying to bring access and control together."

He said Check Point uses technology from acquired IP address management company MetaInfo to further the idea but currently UAP was still an RFC (Request for Comment).

However, network security consultant Tom Giangreco, of International Network Services, said this sounds like "pie in the sky".

He added: "Technology to implement integration between product lines runs into problems. For example, single sign-on was a great idea but vendors can't make it a reality."

John Botting, managing director of Security Dynamics UK, agreed that managing different databases was a headache and mistakes involved in the implementation of single sign-on must be avoided.