|
Dieses Gerät hat auch andere Anweisungen:
Anleitung Zusammenfassung
The Coming of Age of
Client Security Technology
The Need to Secure the Network's Point of Entry — the Desktop or
Notebook Client — Becomes More Visible to Executive Management
Analyst: Roger L. Kay
A lthough security technology has progressed tremen- unknown proportions — the degree of penetration was dif-
dously over time, awareness of the need for security on the
ficult to assess — a hacker from St. Petersburg, the intel-
part of people who use computers — both consumers and
lectual seat of the old Soviet Union, broke into Microsoft's
businesspeople — has not in general kept pace. Essen-
network and absconded with a large number of important
tially, there is plenty of technology on hand, but the under-
files, including, purportedly, an unknown quantity of Win-
standing of what it does and how to use it has lagged.
dows source code files. Naturally, Microsoft never adver-
However, much has changed since the attacks of Septem-
tised the extent of the damage — if, indeed, it is actually
ber 11th. CEOs and IT managers everywhere drew
known. And if a company at the epicenter of the informa-
lessons from the differing
tion technology business is
fates of companies that had
vulnerable (and by infer-
backup and restore proce-
ence should know better),
Lunchtime Attacks
dures and those that didn't.
truly, no company is safe
Data recovery is, of course,
The Microsoft intrusion was a so-called "lunchtime
from attack.
only one piece of the securi-
attack," named for the archetypical scenario in which an
The security threat is
ty pie, but as political ten-
employee goes out to lunch, leaving his or her computer
growing in several dimen-
sions have increased on the
on, and an intruder simply sits down at the absent work-
sions at once. The amount
macro level, this and other
er's desk to feast on whatever privileges that user
of value flowing across the
security concerns have risen
enjoys, including access to files, programs, and ser-
network — in the form of
in visibility with top man-
vices.
actual money, but also busi-
agers. "To what degree is
Without having to resort to social engineering, a
ness plans, intellectual
our data — and therefore
lunchtime attack can be thwarted quite easily by a vari-
property, and strategic doc-
our business — safe?"
ety of authentication methods based on client-level hard-
uments — is rising by leaps
CEOs are now asking in
ware encryption. For example, the operating system can
and bounds. And value is at
ever greater numbers and
be set to lock out access after a short period of time if it
risk in less obvious ways. A
with increasing vehemence.
receives no further input and be reactivated only via bio-
reputation can be damaged
"Just where are we with
metric recognition, a proximity badge, or both, eliminat-
irreparably by an attack,
security?" they want to know
ing the need for passwords, which can be forgotten or
business can be lost as a
of their CIOs.
stolen. If the network had been able to interrogate the
result of down time, and the
This shift in attitude repre-
remote client to find out whether or not it was autho-
trust on which ebusiness is
sents an evolution from the
rized, Microsoft would likely have been able to prevent
based can be destroyed
pre-September 11th state,
the attack. Had appropriate fail safes been in place, the
permanently. Identity theft,
which was characterized by
hack would likely not have been successful.
which has become a verita-
a vague awareness of some
ble cottage industry, must
subset of security issues,
be added to the growing list
but a misunderstanding of the complete security picture
of imaginative crimes. In addition, malicious hackers are
and a widespread lack of adoption and deployment.
getting more sophisticated. Malevolent programmers are
not only figuring out more effective ways to harm busi-
Now managers are beginning to assess their vulnerability
nesses and individuals, but they are also publishing their
and to ask what their alternatives are.
tricks on Web sites for other less creative, but perhaps
more vindictive, people to find and use.
In most corporations, the security infrastructure is still
inadequate and full of holes. Even the most sophisticated
In this environment, client security can be one of
organizations are vulnerable. In one incident, widely
weakest links in the chain. Despite the availability of
reported in the press, that had an impact of major but
operating systems with improved security features, desk-
5 Speen Street • Framingham, MA 01701 • Phone (508)872-8200 • Fax (508)935-4015
...