Lenovo ThinkCentre M50 Summary of IDC white paper titled "The Coming of A - Page 2

ed with IBM, Hewlett-Packard, Compaq, Intel, - windows 7

Get Lenovo ThinkCentre M50 PDF manuals and user guides View all Lenovo ThinkCentre M50 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 2 highlights

top and notebook PCs still often have only a Windows password protecting them, and, in older Windows versions, these flimsy mechanisms are easy to crack. Once inside the organization by way of an unprotected node, a malicious hacker has the run of the place to the extent that the legitimate user of the system did. From this position, the intruder can execute transactions as if he were the victim. And worse, in this era of the Internet, the perpetrator does not even have to be physically on site, but can reach the system remotely. And if the hacker is sufficiently sophisticated, he may be able to get at the most sensitive areas of the network, pillaging information, destroying functionality, or even potentially turning computer after computer into a rogue slave that does his bidding. Even if other security measures - such as physical access control, firewalls, network security, software security, database encryption, and server-level intrusion detection - have been instituted, the client node may indeed represent a weak point in the corporation's armor. Although the mathematics of security are theoretically solid, a secure implementation depends on both the embodiment of the algorithms and the procedures for handling sensitive data and the keys used for encryption and decryption. Although modern encryption is virtually uncrackable, encryption implemented in software is an open door to hackers. In software encryption, various ways exist to sniff the most important element - the user's private key. To address this weakness, IBM has embedded the entire process in hardware. An industry group, composed of all the major manufacturers and suppliers and many smaller ones, has agreed to drive the standard into the marketplace. The Trusted Computing Platform Alliance (TCPA to its friends) is now in the second revision of the standard, and this revision is expected to be incorporated into Microsoft's Palladium security infrastructure, due to hit the market in 2004 or 2005. Although IBM acted unilaterally to design and implement its hardware solution, key players in the industry have acknowledged the design point. The TCPA was inaugurated with IBM, Hewlett-Packard, Compaq, Intel, and Microsoft as founding members. Since its inception in October 1999, more than 180 firms have signed up, including Dell. TCPA wants its security technology to be universal in the computing industry, and IBM has committed to making it available via license to anyone who wants one. IBM itself has moved on from the original embodiment of the TCPA standard, a security chip or cryptographic microprocessor, which was soldered onto the system board of the client and connected to the main processor by a local bus, and now offers an implementation as a modular daughter card. There is no way a Trojan horse can sniff the chip on the card because all private key operations take place within a protected hardware environment. Since its key-management structure is hierarchical, a single private key can be used to secure a large number of certificates (issued, for example, by diverse entities such as a senior citizen's group, a corporate employer, Microsoft Outlook, American Express, and Master Card). The hardware is designed to work with a suite of other security elements, such as firewalls, antivirus software, security policy software, and Internet Protocol Security (IPSEC), to provide a complete security solution. In addition to being extremely secure, the hardware is simple to use and inexpensive. In an ebusiness world, trust, protection of privacy, and a secure operating environment are essential. The benefits of hardware-based security are obvious: private keys are truly safe from malicious hackers, multiple secure keys can be generated to facilitate ecommerce with a wide variety of entities, and, combined with a full security suite, hardware encryption enables another layer of security, making ebusiness more viable. The simple conclusion is this: if your client-level security isn't implemented in hardware, your systems are more vulnerable. The need for stronger security is well demonstrated, and effective measures to protect data and users exist in the marketplace today. We're not talking about something two or three years down the road. IT managers should look into these technologies now. The Coming of Age of Client Security Technology -2- Sponsored by IBM, January 2003

  • 1
  • 2
top and notebook PCs still often have only a Windows
password protecting them, and, in older Windows ver-
sions, these flimsy mechanisms are easy to crack. Once
inside the organization by way of an unprotected node, a
malicious hacker has the run of the place to the extent
that the legitimate user of the system did. From this posi-
tion, the intruder can execute transactions as if he were
the victim. And worse, in this era of the Internet, the per-
petrator does not even have to be physically on site, but
can reach the system remotely. And if the hacker is suffi-
ciently sophisticated, he may be able to get at the most
sensitive areas of the network, pillaging information,
destroying functionality, or even potentially turning com-
puter after computer into a rogue slave that does his bid-
ding. Even if other security measures — such as physical
access control, firewalls, network security, software securi-
ty, database encryption, and server-level intrusion detec-
tion — have been instituted, the client node may indeed
represent a weak point in the corporation's armor.
Although the mathematics of security are theoretically
solid, a secure implementation depends on both the
embodiment of the algorithms and the procedures for han-
dling sensitive data and the keys used for encryption and
decryption.
Although modern encryption is virtually
uncrackable, encryption implemented in software is
an open door to hackers.
In software encryption, various
ways exist to sniff the most important element — the
user's private key. To address this weakness, IBM has
embedded the entire process in hardware. An industry
group, composed of all the major manufacturers and sup-
pliers and many smaller ones, has agreed to drive the
standard into the marketplace. The Trusted Computing
Platform Alliance (TCPA to its friends) is now in the sec-
ond revision of the standard, and this revision is expected
to be incorporated into Microsoft's Palladium security
infrastructure, due to hit the market in 2004 or 2005.
Although IBM acted unilaterally to design and implement
its hardware solution, key players in the industry have
acknowledged the design point. The TCPA was inaugurat-
ed with IBM, Hewlett-Packard, Compaq, Intel, and
Microsoft as founding members. Since its inception in
October 1999, more than 180 firms have signed up,
including Dell. TCPA wants its security technology to be
universal in the computing industry, and IBM has commit-
ted to making it available via license to anyone who wants
one.
IBM itself has moved on from the original embodiment of
the TCPA standard, a security chip or cryptographic micro-
processor, which was soldered onto the system board of
the client and connected to the main processor by a local
bus, and now offers an implementation as a modular
daughter card. There is no way a Trojan horse can sniff
the chip on the card because all private key operations
take place within a protected hardware environment.
Since its key-management structure is hierarchical, a sin-
gle private key can be used to secure a large number of
certificates (issued, for example, by diverse entities such
as a senior citizen's group, a corporate employer,
Microsoft Outlook, American Express, and Master Card).
The hardware is designed to work with a suite of other
security elements, such as firewalls, antivirus software,
security policy software, and Internet Protocol Security
(IPSEC), to provide a complete security solution. In addi-
tion to being extremely secure, the hardware is simple to
use and inexpensive.
In an ebusiness world, trust, protection of privacy, and a
secure operating environment are essential. The benefits
of hardware-based security are obvious: private keys are
truly safe from malicious hackers, multiple secure keys
can be generated to facilitate ecommerce with a wide vari-
ety of entities, and, combined with a full security suite,
hardware encryption enables another layer of security,
making ebusiness more viable.
The simple conclusion is
this: if your client-level security isn't implemented in
hardware, your systems are more vulnerable.
The need for stronger security is well demonstrated, and
effective measures to protect data and users exist in the
marketplace today. We're not talking about something two
or three years down the road. IT managers should look
into these technologies now.
Sponsored by IBM, January 2003
– 2 –
The Coming of Age of Client Security
Technology