|
Posted by wt.eric@gmail.com on September 4, 2006, 10:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Saqib Ali wrote:
> A recent "self-serving" report by Phoenix Technologies indicated that
> 84 of attacks could have been prevented only if Device Authentication
> was used in addition to user authentication.
>
> - Evidence Abound:
> =B7 Losses from stolen IDs and passwords far exceeded damages from
> worms, viruses, and other attack methods not utilizing logon accounts
> =B7 Vast majority of attackers, 78 percent, committed crimes from their
> home computers; most often using unsanctioned computers with no
> relationship to the penetrated organization
> =B7 88 percent, of those crimes were committed from a home PC using
> stolen IDs and passwords and following normal logon procedures.
>
> - Link to full report:
> https://forms.phoenix.com/cybercrime/docs/cyberdoc.pdf
>
> -Their solution?
> Use Trusted Platform Module to authenticate devices.
>
> - Problem?
> TPM can also be used to force DRM. (EFF and ACLU member don't like DRM
> to say the least)
>
> - Alternatives?
> 1) Be a sitting duck. Passwords WILL stolen and USED to cause financial
> damage;
> 2) Use software based device authentication. e.g. Passmark as used by
> Bank of America
> 3) Create a world-wide PKI, issue SSL certificates to machines as well
> as users, and then perform client side authentication from the server.
> 4) Use IP addresses to perform machine authentication.
>
> - Read more at:
> http://www.xml-dev.com/blog/index.php?action=3Dviewtopic&id=3D243
>
> Any thoughts?
I think some problems should be considered:
(1) Privacy: using such device authentication, every things that
everyone do can be recorded.
(2) System cost: security solution always consume many system
resources. if each operation of each computer should authenticated,
what will happen? Should a router authenticate each tcp packages
passing it?
(3) Convenience: in fact many existing systems have mature security
measurements but for convenience they are usually abandoned and
reversely these system are blamed for security risk (such as domain
server authentication and administration in WIN 2000/XP)
(4) How to prevent cheating of device: an hacker may imitate the tcp
packages he get from the network, etc.
| 
XML site map