Microsoft Identifies 5 Security Technologies to Watch

I quickly read through an article on the Microsoft "Midsize Business Center" that lists 5 security technologies that we should watch.  They are:

  1. USB Authentication Tokens: The idea here is that we use USB tokens instead of smartcard to implement a 2-phase PKI authentication solution.  The two phases consist of what you have (physical control of a token) and what you know (a 4 digit PIN).  Smartcards have not worked out so well because vendors have come and gone and it requires buying card readers.  All PC’s have USB slots and new ones make them accesible on the front of the case.  I’ve used an EToken device before for VPN access.  We probably had failures on around 1/3 of them.  Deployment was not so easy.  This technology will probably improve.
  2. Built-In Biometrics: This one keeps coming back.  I think too many people watch bad spy movies.  Biometrics are not secure and are not reliable.  You have to place your hand/thumb print down exactly the same way every single time.  This can be fun when you’re in a hurry.  Then there’s the possibility of faking a print.  It can be done as was shown on the Mythbusters TV show.  There are claims that sensors look for temperature and moisture but this can all be bypassed with a simple thin mould placed over the attackers thumb of the valid users thumb print that is lifted from the reader itself.  I once worked in a place where access to the computer room was only granted by thumbprint.  It usually took several attempts to get in.  Again, maybe things will improve but I doubt it.
  3. Self-Encrypting Hard Drives: The idea is that the hard drive encrypts itself.  Nice idea.  But I would require some sort of software control that allows centalised management of user access and password/pin resets.  can you imagine a phone call from a director or government minister at 03:00 from half way aroudn the world because they can’t boot up their encrypted PC and you couldn’t give them access?  Have a look at Safeboot.  It works nicely.
  4. Security-Aware Web Browsers: Your web browser is supposed to try protect your PC from your mistakes.  IE7 works like this.  The problem is, as the best security experts tell us, most holes in security lie somewhere between the keyboard and the chair.  Until there are only security-aware users, there will always be problems.  IE7 and Windows Vista made great strides in advising users but some people just don’t want to listen.
  5. Mobile Device Security: I’ve been harping on about this one for ages.  If you want to carry out espionage, then you want to get access to devices that are used by senior people, e.g. directors or ministers.  These people usually have only one type of data: e-mail.  They rarely type anything of interest.  Everythign that can be used against them or their orgainisation is sitting in their mailbox.  We may secure access to the mailbox and encrypt their laptops but they often don’t even use them.  I’ve had directors who had computers in several countries and never logged into them, even when they were sat at the desk.  Their device of choice was a PDA or smartphone.  And what happens to be on there completely unsecured?  Everything they hold dear, their mailbox.  Often there’s no pin and there is rarely any encryption.  I’ve seen some talk about encyrpting SD cards but that is not enough.  All internal storage needs to be protected.  PIN numbers and remote wiping should also be implemented.  Check out Safeboot to see what they can do for you.  I’ve tried it out and it worked nicely.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.