Lenovo ThinkCentre M50 IDC white paper titled "The Coming of Age of Clien - Page 3

Phellips, Queen Elizabeth's decipherer, broke Mary Queen of Scots' simple offset

Get Lenovo ThinkCentre M50 PDF manuals and user guides View all Lenovo ThinkCentre M50 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 3 highlights

The Microsoft intrusion was a so-called "lunchtime attack," named for the archetypical scenario in which an employee goes out to lunch, leaving his or her computer on, and an intruder simply sits down at the absent worker's desk to feast on whatever privileges that user enjoys, including access to files, programs, and services. Without having to resort to social engineering, a lunchtime attack can be thwarted quite easily by a variety of authentication methods based on client-level hardware encryption. For example, the operating system can be set to lock out access after a short period of time if it receives no further input and be reactivated only via biometric recognition or a proximity badge, or both, eliminating the need for passwords, which can be forgotten or stolen. If the network had been able to interrogate the remote client to find out whether or not it was authorized, Microsoft would likely have been able to prevent the attack. Had appropriate fail-safes been in place, the hack would likely not have been successful. The need for stronger security is well demonstrated, and effective measures to protect data and users exist in the marketplace today. We're not talking about something two or three years down the road. IT managers should look into these technologies now. THE SECURITY LANDSCAPE In this paper, we will cover a number security-related topics, including: ! Business managers' growing consciousness of security issues ! How the PC client can be the weak point in the security perimeter ! The rise in the value of data stored in insecure computing systems ! The scope of security measures ! Security history and current technology ! Client security implementations ! The advantages of IBM's hardware security implementation ! The evolution of industry standards for client security USAGE LAGS BEHIND TECHNOLOGY Security technology has come a long way since the day in 1586 when Thomas Phellips, Queen Elizabeth's decipherer, broke Mary Queen of Scots' simple offset code, an unfortunate event that led directly to Mary's trial and execution. Today, a malicious hacker trying to break so-called "Triple DES" encoding with all the computing power currently hooked up to the Internet simultaneously would need 64 quadrillion years to do the job, plenty of time to slip back over the border into Scotland. And Triple DES is by no means the strongest code out there. But usage of security measures in the data world has not tracked the technology itself. People just haven't gotten the message that security is important. For example, denial-of-service attacks involve the penetration and hijacking of innocent people's PCs unbeknownst to them and then unleashing the enslaved systems' power simultaneously in a stream of requests that block legitimate traffic to targeted servers. These attacks first surfaced in 1999, but the average user still hangs out on the Internet with unencrypted connections, vulnerable to getting picked off by a sniffer, A denial-of-service attack on the Internet's 13 root servers successfully crippled traffic on the Internet as recently as October 2002. ©2003 IDC #3577 3

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
'2003 IDC
#3577
3
The Microsoft intrusion was a so-called "lunchtime attack," named for the archetypical
scenario in which an employee goes out to lunch, leaving his or her computer on, and
an intruder simply sits down at the absent worker’s desk to feast on whatever
privileges that user enjoys, including access to files, programs, and services.
Without having to resort to social engineering, a lunchtime attack can be thwarted
quite easily by a variety of authentication methods based on client-level hardware
encryption. For example, the operating system can be set to lock out access after a
short period of time if it receives no further input and be reactivated only via biometric
recognition or a proximity badge, or both, eliminating the need for passwords, which
can be forgotten or stolen. If the network had been able to interrogate the remote
client to find out whether or not it was authorized, Microsoft would likely have been
able to prevent the attack. Had appropriate fail-safes been in place, the hack would
likely not have been successful.
The need for stronger security is well demonstrated, and effective measures to
protect data and users exist in the marketplace today. We’re not talking about
something two or three years down the road. IT managers should look into these
technologies now.
THE SECURITY LANDSCAPE
In this paper, we will cover a number security-related topics, including:
!
Business managers’ growing consciousness of security issues
!
How the PC client can be the weak point in the security perimeter
!
The rise in the value of data stored in insecure computing systems
!
The scope of security measures
!
Security history and current technology
!
Client security implementations
!
The advantages of IBM’s hardware security implementation
!
The evolution of industry standards for client security
USAGE LAGS BEHIND TECHNOLOGY
Security technology has come a long way since the day in 1586 when Thomas
Phellips, Queen Elizabeth’s decipherer, broke Mary Queen of Scots’ simple offset
code, an unfortunate event that led directly to Mary’s trial and execution. Today, a
malicious hacker trying to break so-called "Triple DES" encoding with all the
computing power currently hooked up to the Internet simultaneously would need 64
quadrillion years to do the job, plenty of time to slip back over the border into
Scotland. And Triple DES is by no means the strongest code out there.
But usage of security measures in the data world has not tracked the technology
itself. People just haven’t gotten the message that security is important. For example,
denial-of-service attacks involve the penetration and hijacking of innocent people’s
PCs unbeknownst to them and then unleashing the enslaved systems’ power
simultaneously in a stream of requests that block legitimate traffic to targeted servers.
These attacks first surfaced in 1999, but the average user still hangs out on the
Internet with unencrypted connections, vulnerable to getting picked off by a sniffer,
A denial-of-service
attack on the
Internet’s 13 root
servers successfully
crippled traffic on the
Internet as recently
as October 2002.