our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/

Like all enterprise security frameworks, TriStrata's security solution is not designed to patch specific security holes. Instead, existing network security products cover a range of services. Dozens of firewalls and VPN (virtual private network) technologies address the problems of secure communications at the network layer. Meanwhile, an array of secure messaging, file encryption, single sign-on, and file- and application-server security systems attempt to provide secure and manageable application-layer security services.

But unlike other frameworks, such as CORBA (Common Object Request Broker Architecture), or Microsoft Corp.'s DCOM- (Distributed Component Object Model) or Open Group's DCE (Distributed Computing Environment)-based frameworks, TriStrata's framework exposes its services at both the application and network-transport layers.

Enterprise Security Framework

While TriStrata's enterprise security product is not a new release (at press time, the vendor was preparing its second-generation product), the company has only recently introduced itself to the industry. When first briefed earlier this summer, I was intrigued by the vendor's use of one-time pad encryption and solid concentration on security management--namely, policy enforcement and key recovery. TriStrata's security service offers another unique feature: It fully complies with federal export restrictions and is licensed for export outside the United States and Canada.

Currently, all of TriStrata's products are Microsoft-centric. The security server runs on a specially hardened version of Windows NT 4.0 Server, while desktop applications support Windows95, Windows98 and NT 4.0. The vendor plans to add support for other platforms, but is concentrating present development efforts on Windows desktops and application services. At press time, TriStrata had four primary applications--desktop file encryption, secure messaging, secure network transport (VPN) services and a software development toolkit--integrated into its security framework, in addition to its Enterprise Security Server.

I tested two desktop applications--file encryption and secure messaging--in Network Computing's Real-World Labs® in San Mateo, Calif., while connected to TriStrata's internal security server via the Internet. The Document Security System (DSS) file-encryption component is an extension to Microsoft's desktop that allows drag-and-drop file encryption and decryption. It also works via file dialog boxes in applications such as Microsoft Office.