Lenovo ThinkCentre M50 Summary of IDC white paper titled "The Coming of A
Lenovo ThinkCentre M50 Manual
 |
View all Lenovo ThinkCentre M50 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lenovo ThinkCentre M50 manual content summary:
- Lenovo ThinkCentre M50 | Summary of IDC white paper titled "The Coming of A - Page 1
Notebook intel- part of people recovery user enjoys, including access to files, programs, and services set to lock out access after a short period of time if it receives no further input and be reactivated only via biometric recognition, a proximity badge, or both, eliminating the need for passwords - Lenovo ThinkCentre M50 | Summary of IDC white paper titled "The Coming of A - Page 2
top and notebook PCs still often have only a Windows password protecting them, and, in older Windows versions, these flimsy mechanisms are easy to crack. Once inside the organization by way of an unprotected node, a malicious hacker has the run of the place to the extent that the legitimate user of
-
1 -
2
 |
 |
5 Speen Street • Framingham, MA 01701 • Phone (508)872-8200 • Fax (508)935-4015
The Coming of Age of
Client Security Technology
The Need to Secure the Network's Point of Entry —
the Desktop or
Notebook Client — Becomes More Visible to Executive Management
Analyst: Roger L. Kay
lthough security technology has progressed tremen-
dously over time, awareness of the need for security on the
part of people who use computers — both consumers and
businesspeople — has not in general kept pace. Essen-
tially, there is plenty of technology on hand, but the under-
standing of what it does and how to use it has lagged.
However, much has changed since the attacks of Septem-
ber 11
th
. CEOs and IT managers everywhere drew
lessons from the differing
fates of companies that had
backup and restore proce-
dures and those that didn't.
Data recovery is, of course,
only one piece of the securi-
ty pie, but as political ten-
sions have increased on the
macro level, this and other
security concerns have risen
in visibility with top man-
agers.
"To what degree is
our data — and therefore
our business — safe?"
CEOs are now asking
in
ever greater numbers and
with increasing vehemence.
"Just where are we with
security?" they want to know
of their CIOs.
This shift in attitude repre-
sents an evolution from the
pre-September 11
th
state,
which was characterized by
a vague awareness of some
subset of security issues,
but a misunderstanding of the complete security picture
and a widespread lack of adoption and deployment.
Now managers are beginning to assess their vulnerability
and to ask what their alternatives are.
In most corporations, the security infrastructure is still
inadequate and full of holes. Even the most sophisticated
organizations are vulnerable. In one incident, widely
reported in the press, that had an impact of major but
unknown proportions — the degree of penetration was dif-
ficult to assess — a hacker from St. Petersburg, the intel-
lectual seat of the old Soviet Union, broke into Microsoft's
network and absconded with a large number of important
files, including, purportedly, an unknown quantity of Win-
dows source code files. Naturally, Microsoft never adver-
tised the extent of the damage — if, indeed, it is actually
known. And if a company at the epicenter of the informa-
tion technology business is
vulnerable (and by infer-
ence should know better),
truly, no company is safe
from attack.
The security threat is
growing in several dimen-
sions at once.
The amount
of value flowing across the
network — in the form of
actual money, but also busi-
ness plans, intellectual
property, and strategic doc-
uments — is rising by leaps
and bounds. And value is at
risk in less obvious ways. A
reputation can be damaged
irreparably by an attack,
business can be lost as a
result of down time, and the
trust on which ebusiness is
based can be destroyed
permanently. Identity theft,
which has become a verita-
ble cottage industry, must
be added to the growing list
of imaginative crimes. In addition, malicious hackers are
getting more sophisticated. Malevolent programmers are
not only figuring out more effective ways to harm busi-
nesses and individuals, but they are also publishing their
tricks on Web sites for other less creative, but perhaps
more vindictive, people to find and use.
In this environment, client security can be one of
weakest links in the chain.
Despite the availability of
operating systems with improved security features, desk-
Lunchtime Attacks
The Microsoft intrusion was a so-called "lunchtime
attack," named for the archetypical scenario in which an
employee goes out to lunch, leaving his or her computer
on, and an intruder simply sits down at the absent work-
er's desk to feast on whatever privileges that user
enjoys, including access to files, programs, and ser-
vices.
Without having to resort to social engineering, a
lunchtime attack can be thwarted quite easily by a vari-
ety of authentication methods based on client-level hard-
ware encryption. For example, the operating system can
be set to lock out access after a short period of time if it
receives no further input and be reactivated only via bio-
metric recognition, a proximity badge, or both, eliminat-
ing the need for passwords, which can be forgotten or
stolen. If the network had been able to interrogate the
remote client to find out whether or not it was autho-
rized, Microsoft would likely have been able to prevent
the attack. Had appropriate fail safes been in place, the
hack would likely not have been successful.
A