A buyers guide for managers who need to understand security technologies is now available from the General Accounting Office (GAO). The guide focuses on five technology areas: access controls, system integrity, cryptography, audit and monitoring, and configuration management and assurance.
Access control technologies considered include firewalls, biometrics, and smart tokens, which authenticate a user's identity by using a chip in a device such as a smart card. System integrity tools highlighted include as antivirus and integrity-checking products; cryptography tools include virtual private networks and digital-signature products. Audit and monitoring technologies addressed in the report are intrusion detection and prevention systems, security event correlation products, and computer forensics tools. Configuration-management technologies considered in the report include scanners, patch managers, and policy enforcement products.
The 89-page report delves into the details of each device. For example, the document devotes nearly seven pages to firewalls, using illustrations to enhance descriptions of how the eight different types of firewalls work, how they're used, and how effective they are. The report also addresses defense-in-depth scenarios and gives pointers to other reports that address testing and evaluation of these cybersecurity products.
@ GAO report 04-467, Technologies to Secure Federal Systems, is available through SM Online.