Lenovo ThinkPad X30 IDC white paper titled "The Coming of Age of Client S - Page 3
Phellips, Queen Elizabeth's decipherer, broke Mary Queen of Scots' simple offset - ibm )
View all Lenovo ThinkPad X30 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 3 highlights
The Microsoft intrusion was a so-called "lunchtime attack," named for the archetypical scenario in which an employee goes out to lunch, leaving his or her computer on, and an intruder simply sits down at the absent worker's desk to feast on whatever privileges that user enjoys, including access to files, programs, and services. Without having to resort to social engineering, a lunchtime attack can be thwarted quite easily by a variety of authentication methods based on client-level hardware encryption. For example, the operating system can be set to lock out access after a short period of time if it receives no further input and be reactivated only via biometric recognition or a proximity badge, or both, eliminating the need for passwords, which can be forgotten or stolen. If the network had been able to interrogate the remote client to find out whether or not it was authorized, Microsoft would likely have been able to prevent the attack. Had appropriate fail-safes been in place, the hack would likely not have been successful. The need for stronger security is well demonstrated, and effective measures to protect data and users exist in the marketplace today. We're not talking about something two or three years down the road. IT managers should look into these technologies now. THE SECURITY LANDSCAPE In this paper, we will cover a number security-related topics, including: ! Business managers' growing consciousness of security issues ! How the PC client can be the weak point in the security perimeter ! The rise in the value of data stored in insecure computing systems ! The scope of security measures ! Security history and current technology ! Client security implementations ! The advantages of IBM's hardware security implementation ! The evolution of industry standards for client security USAGE LAGS BEHIND TECHNOLOGY Security technology has come a long way since the day in 1586 when Thomas Phellips, Queen Elizabeth's decipherer, broke Mary Queen of Scots' simple offset code, an unfortunate event that led directly to Mary's trial and execution. Today, a malicious hacker trying to break so-called "Triple DES" encoding with all the computing power currently hooked up to the Internet simultaneously would need 64 quadrillion years to do the job, plenty of time to slip back over the border into Scotland. And Triple DES is by no means the strongest code out there. But usage of security measures in the data world has not tracked the technology itself. People just haven't gotten the message that security is important. For example, denial-of-service attacks involve the penetration and hijacking of innocent people's PCs unbeknownst to them and then unleashing the enslaved systems' power simultaneously in a stream of requests that block legitimate traffic to targeted servers. These attacks first surfaced in 1999, but the average user still hangs out on the Internet with unencrypted connections, vulnerable to getting picked off by a sniffer, A denial-of-service attack on the Internet's 13 root servers successfully crippled traffic on the Internet as recently as October 2002. ©2003 IDC #3577 3