Lenovo ThinkCentre M50 IDC white paper titled "The Coming of Age of Clien - Page 2

Microsoft Outlook, American Express, and MasterCard. - desktop pc

Get Lenovo ThinkCentre M50 PDF manuals and user guides View all Lenovo ThinkCentre M50 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 2 highlights

In this environment, client security can be one of the weakest links in the chain. Despite the availability of operating systems with improved security features, desktop and notebook PCs still often have only a Windows password protecting them, and, in older Windows versions, these flimsy mechanisms are easy to crack. Once inside the organization by way of an unprotected node, a malicious hacker has the run of the place to the extent that the legitimate user of the system did. From this position, the intruder can execute transactions as if he were the victim. And worse, in this era of the Internet, the perpetrator does not even have to be physically onsite, but can reach the system remotely. And if the hacker is sufficiently sophisticated, he may be able to get at the most sensitive areas of the network, pillaging information, destroying functionality, or even potentially turning computer after computer into a rogue slave that does his bidding. Even if other security measures - such as physical access control, firewalls, network security, software security, database encryption, and server-level intrusion detection - have been instituted, the client node may indeed represent a weak point in the corporation's armor. Although the mathematics of security are theoretically solid, a secure implementation depends on both the embodiment of the algorithms and the procedures for handling sensitive data and the keys used for encryption and decryption. Although modern encryption is virtually uncrackable, encryption implemented in software is an open door to hackers. In software encryption, various ways exist to sniff the most important element - the user's private key. To address this weakness, IBM has embedded the entire process in hardware. An industry group composed of all the major manufacturers and suppliers and many smaller ones has agreed to drive the standard into the marketplace. The Trusted Computing Platform Alliance (TCPA to its friends) is now in the second revision of the standard, and this revision is expected to be incorporated into Microsoft's Palladium security infrastructure, due to hit the market in 2004 or 2005. Although IBM acted unilaterally to design and implement its hardware solution, key players in the industry have acknowledged the design point. The TCPA was inaugurated with IBM, Hewlett-Packard, Compaq, Intel, and Microsoft as founding members. Since, its inception in October 1999, more than 190 firms have signed up, including Dell. TCPA wants its security technology to be universal in the computing industry, and IBM has committed to making it available via license to anyone who wants one. IBM itself has moved on from the original embodiment of the TCPA standard, a security chip or cryptographic microprocessor that was soldered onto the system board of the client and connected to the main processor by a local bus, and now offers an implementation as a modular daughter card. There is no way a Trojan horse can sniff the chip on the card because all private key operations take place within a protected hardware environment. Since its key-management structure is hierarchical, a single private key can be used to secure a large number of certificates (issued, for example, by diverse entities such as a senior citizens group, a corporate employer, Microsoft Outlook, American Express, and MasterCard). The hardware is designed to work with a suite of other security elements, such as firewalls, antivirus software, security policy software, and Internet Protocol Security (IPSec), to provide a complete security solution. In addition to being extremely secure, the hardware is simple to use and inexpensive. In an ebusiness world, trust, protection of privacy, and a secure operating environment are essential. The benefits of hardware-based security are obvious: Private keys are truly safe from malicious hackers, multiple secure keys can be generated to facilitate ecommerce with a wide variety of entities, and, combined with a full security suite, hardware encryption enables another layer of security, making ebusiness more viable. The simple conclusion is this: If your client-level security isn't implemented in hardware, your systems are more vulnerable. In this environment, client security can be one of the weakest links in the chain. Although modern encryption is virtually uncrackable, encryption implemented in software is an open door to hackers. The simple conclusion is this: If your clientlevel security isn't implemented in hardware, your systems are more vulnerable. 2 #3577 ©2003 IDC

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
2
#3577
'2003 IDC
In this environment, client security can be one of the weakest links in the chain.
Despite the availability of operating systems with improved security features, desktop
and notebook PCs still often have only a Windows password protecting them, and, in
older Windows versions, these flimsy mechanisms are easy to crack. Once inside the
organization by way of an unprotected node, a malicious hacker has the run of the
place to the extent that the legitimate user of the system did. From this position, the
intruder can execute transactions as if he were the victim. And worse, in this era of
the Internet, the perpetrator does not even have to be physically onsite, but can reach
the system remotely. And if the hacker is sufficiently sophisticated, he may be able to
get at the most sensitive areas of the network, pillaging information, destroying
functionality, or even potentially turning computer after computer into a rogue slave
that does his bidding. Even if other security measures ° such as physical access
control, firewalls, network security, software security, database encryption, and
server-level intrusion detection ° have been instituted, the client node may indeed
represent a weak point in the corporation’s armor.
Although the mathematics of security are theoretically solid, a secure implementation
depends on both the embodiment of the algorithms and the procedures for handling
sensitive data and the keys used for encryption and decryption. Although modern
encryption is virtually uncrackable, encryption implemented in software is an open
door to hackers. In software encryption, various ways exist to sniff the most important
element ° the user’s private key. To address this weakness, IBM has embedded the
entire process in hardware. An industry group composed of all the major
manufacturers and suppliers and many smaller ones has agreed to drive the standard
into the marketplace. The Trusted Computing Platform Alliance (TCPA to its friends)
is now in the second revision of the standard, and this revision is expected to be
incorporated into Microsoft’s Palladium security infrastructure, due to hit the market in
2004 or 2005. Although IBM acted unilaterally to design and implement its hardware
solution, key players in the industry have acknowledged the design point. The TCPA
was inaugurated with IBM, Hewlett-Packard, Compaq, Intel, and Microsoft as
founding members. Since, its inception in October 1999, more than 190 firms have
signed up, including Dell. TCPA wants its security technology to be universal in the
computing industry, and IBM has committed to making it available via license to
anyone who wants one.
IBM itself has moved on from the original embodiment of the TCPA standard, a
security chip or cryptographic microprocessor that was soldered onto the system
board of the client and connected to the main processor by a local bus, and now
offers an implementation as a modular daughter card. There is no way a Trojan horse
can sniff the chip on the card because all private key operations take place within a
protected hardware environment. Since its key-management structure is hierarchical,
a single private key can be used to secure a large number of certificates (issued, for
example, by diverse entities such as a senior citizens group, a corporate employer,
Microsoft Outlook, American Express, and MasterCard).
The hardware is designed to work with a suite of other security elements, such as
firewalls, antivirus software, security policy software, and Internet Protocol Security
(IPSec), to provide a complete security solution. In addition to being extremely
secure, the hardware is simple to use and inexpensive.
In an ebusiness world, trust, protection of privacy, and a secure operating
environment are essential. The benefits of hardware-based security are obvious:
Private keys are truly safe from malicious hackers, multiple secure keys can be
generated to facilitate ecommerce with a wide variety of entities, and, combined with
a full security suite, hardware encryption enables another layer of security, making
ebusiness more viable. The simple conclusion is this: If your client-level security isn’t
implemented in hardware, your systems are more vulnerable.
In this environment,
client security can be
one of the weakest
links in the chain.
Although modern
encryption is
virtually uncrackable,
encryption
implemented in
software is an open
door to hackers.
The simple conclusion
is this: If your client-
level security isn’t
implemented in
hardware, your
systems are more
vulnerable.