{"id":8821,"date":"2007-02-15T09:39:00","date_gmt":"1999-11-29T20:00:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=8821"},"modified":"2007-02-15T09:39:00","modified_gmt":"1999-11-29T20:00:00","slug":"microsoft-identifies-5-security-technologies-to-watch","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=8821","title":{"rendered":"Microsoft Identifies 5 Security Technologies to Watch"},"content":{"rendered":"<p>I quickly read through an <a href=\"http:\/\/www.microsoft.com\/midsizebusiness\/security\/technologies-us.mspx\" target=\"_blank\" rel=\"nofollow\">article<\/a> on the Microsoft &quot;Midsize Business Center&quot; that lists 5 security technologies that we should watch.\u00a0 They are:<\/p>\n<ol>\n<li><strong>USB Authentication Tokens<\/strong>: The idea here is that we use USB tokens instead of smartcard to implement a 2-phase PKI authentication solution.\u00a0 The two phases consist of what you have (physical control of a token) and what you know (a 4 digit PIN).\u00a0 Smartcards have not worked out so well because vendors have come and gone and it requires buying card readers.\u00a0 All PC&#8217;s have USB slots and new ones make them accesible on the front of the case.\u00a0 I&#8217;ve used an EToken device before for VPN access.\u00a0 We probably had failures on around 1\/3 of them.\u00a0 Deployment was not so easy.\u00a0 This technology will probably improve.<\/li>\n<li><strong>Built-In Biometrics<\/strong>: This one keeps coming back.\u00a0 I think too many people watch bad spy movies.\u00a0 Biometrics are not secure and are not reliable.\u00a0 You have to place your hand\/thumb print down exactly the same way every single time.\u00a0 This can be fun when you&#8217;re in a hurry.\u00a0 Then there&#8217;s the possibility of faking a print.\u00a0 It can be done as was shown on the Mythbusters TV show.\u00a0 There are claims that sensors look for temperature and moisture but this can all be bypassed with a simple thin mould placed over the attackers thumb of the valid users thumb print that is lifted from the reader itself.\u00a0 I once worked in a place where access to the computer room was only granted by thumbprint.\u00a0 It usually took several attempts to get in.\u00a0 Again, maybe things will improve but I doubt it.<\/li>\n<li><strong>Self-Encrypting Hard Drives<\/strong>: The idea is that the hard drive encrypts itself.\u00a0 Nice idea.\u00a0 But I would require some sort of software control that allows centalised management of user access and password\/pin resets.\u00a0 can you imagine a phone call from a director or government minister at 03:00 from half way aroudn the world because they can&#8217;t boot up their encrypted PC and you couldn&#8217;t give them access?\u00a0 Have a look at <a href=\"http:\/\/www.safeboot.com\/\" target=\"_blank\" rel=\"nofollow\">Safeboot<\/a>.\u00a0 It works nicely.<\/li>\n<li><strong>Security-Aware Web Browsers<\/strong>: Your web browser is supposed to try protect your PC from your mistakes.\u00a0 IE7 works like this.\u00a0 The problem is, as the best security experts tell us, most holes in security lie somewhere between the keyboard and the chair.\u00a0 Until there are only security-aware users, there will always be problems.\u00a0 IE7 and Windows Vista made great strides in advising users but some people just don&#8217;t want to listen.<\/li>\n<li><strong>Mobile Device Security<\/strong>: I&#8217;ve been harping on about this one for ages.\u00a0 If you want to carry out espionage, then you want to get access to devices that are used by senior people, e.g. directors or ministers.\u00a0 These people usually have only one type of data: e-mail.\u00a0 They rarely type anything of interest.\u00a0 Everythign that can be used against them or their orgainisation\u00a0is sitting in their mailbox.\u00a0 We may secure access to the mailbox and encrypt their laptops but they often don&#8217;t even use them.\u00a0 I&#8217;ve had directors who had computers in several countries and never logged into them, even when they were sat at the desk.\u00a0 Their device of choice was a PDA or smartphone.\u00a0 And what happens to be on there completely unsecured?\u00a0 Everything they hold dear, their mailbox.\u00a0 Often there&#8217;s no pin and there is rarely any encryption.\u00a0 I&#8217;ve seen some talk about encyrpting SD cards but that is not enough.\u00a0 All internal storage needs to be protected.\u00a0 PIN numbers and remote wiping should also be implemented.\u00a0 Check out <a href=\"http:\/\/www.safeboot.com\/\" target=\"_blank\" rel=\"nofollow\">Safeboot<\/a> to see what they can do for you.\u00a0 I&#8217;ve tried it out and it worked nicely.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>I quickly read through an article on the Microsoft &quot;Midsize Business Center&quot; that lists 5 security technologies that we should watch.\u00a0 They are: USB Authentication Tokens: The idea here is that we use USB tokens instead of smartcard to implement a 2-phase PKI authentication solution.\u00a0 The two phases consist of what you have (physical control &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=8821\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Microsoft Identifies 5 Security Technologies to Watch&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-8821","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/8821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8821"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/8821\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}