Essays Tagged "Network World"
Page 1 of 1
Security in the Cloud
One of the basic philosophies of security is defense in depth: overlapping systems designed to provide security even if one of them fails. An example is a firewall coupled with an intrusion-detection system (IDS). Defense in depth provides security, because there’s no single point of failure and no assumed single vector for attacks.
It is for this reason that a choice between implementing network security in the middle of the network—in the cloud—or at the endpoints is a false dichotomy. No single security system is a panacea, and it’s far better to do both…
Is Two-Factor Authentication Too Little, Too Late?
Recently I published an essay arguing that two-factor authentication is an ineffective defense against identity theft (see www.schneier.com/essay-083.html). For example, issuing tokens to online banking customers won’t reduce fraud, because new attack techniques simply ignore the countermeasure. Unfortunately, some took my essay as a condemnation of two-factor authentication in general. This is not true. It’s simply a matter of understanding the threats and the attacks.
Passwords just don’t work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there’s an upper limit to how complex a password users can be expected to remember. About five years ago, these two lines crossed: It is no longer reasonable to expect users to have passwords that can’t be guessed. For anything that requires reasonable security, the era of passwords is over…
Microsoft's Actions Speak Louder Than Words
The security of your computer and network depends on two things: what you do to secure your computer and network, and what everyone else does to secure their computers and networks. It’s not enough for you to maintain a secure network. If other people don’t maintain their security, we’re all more vulnerable to attack. When many unsecure computers are connected to the Internet, worms spread faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. The more unsecure the average computer on the Internet is, the more unsecure your computer is…
Should Vendors be Liable for Their Software's Security Flaws?
Network security is not a technological problem; it’s a business problem. The only way to address it is to focus on business motivations. To improve the security of their products, companies – both vendors and users – must care; for companies to care, the problem must affect stock price. The way to make this happen is to start enforcing liabilities.
The only way to get many companies to spend significant resources to ensure the security of their customers’ data is to hold them liable for misuse of this data. Similarly, the only way to get software vendors to reduce features, lengthen development cycles and invest in secure software development processes is to hold them liable for security vulnerabilities in their products…
Security for Remote Access VPNs Must Be Simple
Unlike site-to-site VPNs, where remote offices are hard-wired to a central facility firewall, remote access VPNs are fraught with security problems. Much of the security consists of trusted passwords that traveling workers use on their notebook computers.
To be effective, a VPN’s security implementation must be user-friendly while not penalizing your enterprise in other ways, such as by degrading network performance or compromising corporate control of the remote access network.
Think of the lock on the front door of your home. It certainly is easy to use, and it doesn’t force you to endure undue hardship to install, maintain or control…
Electronic Speech – For Domestic Use Only
The U.S. State Department recently ruled that some forms of electronic speech are not protected by the First Amendment and can be prohibited from export. This decision raises questions about freedom of speech on the information superhighway. As business communications continue to migrate from paper mail to electronic mail, these questions will become more important. It is vital that laws address this new form of speech.
Last year, I wrote a book called Applied Cryptography> (John Wiley & Sons, 1994), which explains cryptography in nonmathematical language. It describes how to build cryptography into products, illustrates cryptographic techniques, and evaluates algorithms and makes recommendations on their quality. It even includes source-code listings that enable readers to implement many of the algorithms and techniques described…
CDDI Breathes Life into FDDI Standard
Why should anyone care about Fiber Distributed Data Interface (FDDI) anymore?
Wiring an office with fiber is expensive, as is purchasing fiberoptic switching and relay equipment. And with Asynchronous Transfer Mode (ATM) on the horizon, which promises flexible data rates of 150M to 600M bit/sec, FDDI’s 100M bit/sec data rate hardly seems worth it.
But the recent emergence of FDDI over copper wiring under the evolving Copper Distributed Data Interface (CDDI) standard changes all that. CDDI has breathed life into the protocol and given network managers a new option for wiring high-performance data networks…
Sidebar photo of Bruce Schneier by Joe MacInnis.