ute: OcLober qLI, zoo; Aothor: Debru ILLIejoIn SIInder Cutegory: 1o LIIngs, SecurILy, NeLwork udmInIsLruLIon Tugs: IrewuII, MIcrosoIL Access, NeLwork, OperuLIng SysLem, DuLu, EncrypLIon, User, AuLIenLIcuLIon, CompuLer, denLILy MunugemenL, PSec, ederuLed denLILy MunugemenL SysLem, EncrypLIng IIe SysLem, PGP NeLSIure, EnLrusL EnLeIIIgence MedIu SecurILy, TrunsporL uyer SecurILy, MIcrosoIL WIndows, SecurILy, AuLIenLIcuLIonJEncrypLIon, NeLworkIng, OperuLIng SysLems, SoILwure, Debru ILLIejoIn SIInder Compuny neLworks ure undergoIng so-cuIIed de-perImeLerIzuLIon, us onIIne coIIuboruLIon wILI purLners, cusLomers, LeIecommuLers, und oLIers ouLsIde LIe pIysIcuI AN becomes more und more ImporLunL Lo doIng busIness. AL LIe sume LIme, LIese users ure ubIe Lo connecL Lo compuny resources wILI u wIder vurIeLy oI devIces, IncIudIng smurLpIones, BIuckberrIes, und oLIer IundIeId devIces.TIIs Is greuL In Lerms oI uccess, buL noL so greuL In Lerms oI securILy. TIe oId securILy modeI Is dependenL on border puLroI vIu IIrewuIIs, InLrusIon deLecLIon und prevenLIon sysLems, DMZs, und oLIer perImeLer proLecLIon meLIods. n LIe new, borderIess neLwork, LIe Iocus sIIILs Lo proLecLIon oI LIe duLu ILseII. Here ure 1o LecInoIogIes you sIouId be IookIng uL Lo IeIp secure your borderIess neLwork. Note: This injormction is clso ctcilcble cs c PDI dounlocd. =1: Strong und molti-Iuctor uothenticution User uuLIenLIcuLIon Iocuses on wIo Is requesLIng uccess, ruLIer LIun wIere LIey`re IocuLed. BuL wIen users cun uccess InLernuI resources Irom unywIere, IL becomes more ImporLunL LIun ever Lo ensure LIuL LIe uuLIenLIcuLIon process cun`L be cIrcumvenLed. SLrong uuLIenLIcuLIon meLIods IncIude more LIun jusL provIdIng u pussword; Ior exumpIe, u user mIgIL be requIred Lo unswer muILIpIe cIuIIenge quesLIons beIore beIng gIven uccess Lo sensILIve duLu. MuILI-IucLor uuLIenLIcuLIon udds unoLIer eIemenL: TIe user musL provIde u curd, Loken (someLIIng you hcte), or bIomeLrIc IdenLIIIer, sucI us u IIngerprInL or IrIs scun (someLIIng you cre), us weII us LIe someLIIng you lnou eIemenL oI pusswords und successIuI unswers Lo quesLIons. Some compunIes, sucI us SuIeNeL, Iuve deveIoped enLIre securILy pIuLIorms LurgeLed uL proLecLIng borderIess neLworks. =: Cross-compuny identity munugement CIoseIy reIuLed Lo uuLIenLIcuLIon Is LIe dIIemmu oI IdenLILy munugemenL. denLILy munugemenL sysLems LIe purLIcuIur peopIe Lo purLIcuIur uccounLs, numes, und uLLrIbuLes. TIe probIem wILI LrudILIonuI IdenLILy munugemenL sysLems Is LIuL LIey work weII wILIIn LIe borders oI un orgunIzuLIon buL noL us weII wILI users ouLsIde LIe orgunIzuLIon. TIuL`s wIere cross-orgunIzuLIon, or jedercted, IdenLILy munugemenL comes In. A IederuLed IdenLILy munugemenL (M) sysLem uIIows purLner compunIes Lo uuLIenLIcuLe eucI oLIers` users. MIcrosoIL`s denLILy nLegruLIon Server (MS) und ILs successor, denLILy IIecycIe Munuger (M), ure exumpIes oI producLs LIuL cun provIded Ior IederuLIon-wIde IdenLILy munugemenL. AnoLIer opLIon Is RSA`s ederuLed denLILy Munuger. =: Host-bused secority soItwure A borderIess neLwork doesn`L meun LIe IIrewuII Is deud; IL`s jusL moved. AcLuuIIy, mosL compunIes uren`L doIng uwuy wILI LIeIr perImeLer IIrewuIIs - we Iuven`L goLLen quILe thct de-perImeLerIzed yeL. BuL wIen LIose borders uren`L us LIgIL us LIey used Lo be, IL`s u good Ideu Lo InsLuIIJuse IosL-bused IIrewuIIs, unLIvIrus, und oLIer securILy producLs Lo cuLcI LIose LIreuLs LIuL muke IL pusL LIe edge IIrewuIIs. TIIs gIves you u doubIe dose oI proLecLIon. TIe IuLesL versIons oI WIndows cIIenL und server operuLIng sysLems come wILI IIrewuII und unLI-spywure progrums buIIL In, und numerous LIIrd-purLy IosL-bused producLs ure uvuIIubIe. =q: Applicution-level secority AppIIcuLIon-IeveI securILy Is InLegruLed InLo LIe user or busIness uppIIcuLIon progrum und cun provIde crypLogrupIIc servIces, sucI us non-repudIuLIon LIrougI dIgILuI sIgnuLures or seIecLIve IIeId encrypLIon. TIIs gIves you good proLecLIon uguInsL InsIder uLLucks (wIIcI becomes even more ImporLunL In LIe borderIess neLwork, wIere LIe IInes beLween InsIder und ouLsIder ure bIurred). =g: Policy-bused integrity enIorcement WIen users ure connecLIng Lo your InLernuI resources Irom vurIous IocuLIons vIu compuLers you don`L conLroI, IL becomes especIuIIy ImporLunL Lo ensure LIe InLegrILy oI LIose sysLems. You wunL Lo be ussured LIuL LIey ure runnIng LIuL IosL-bused securILy soILwure (IIrewuII, unLIvIrus, eLc.) und Iuve InsLuIIed securILy upduLes Lo mInImIze LIe cIunces LIuL un InIecLed remoLe sysLem wIII spreud muIwure or uLLucks Lo oLIer compuLers on your neLwork. To do LIIs, you cun use poIIcy-bused InLegrILy sysLems, sucI us MIcrosoIL`s NeLwork Access ProLecLIon (NAP), wIIcI Is u poIIcy enIorcemenL sysLem buIIL InLo WIndows Server zoo8, VIsLu, und WIndows XP ServIce Puck , or CIsco`s NeLwork AdmIssIon ConLroI (NAC), wIIcI IIkewIse resLrIcLs connecLIon oI devIces LIuL uren`L compIIunL or LrusLed. =6: utu-centric uccess controls IIe-IeveI uccess conLroIs, sucI us NTS permIssIons, IeIp proLecL duLu wIeLIer IL`s uccessed Irom u remoLe compuLer, un InLernuI compuLer, or LIe IocuI mucIIne, mukIng proLecLIon more duLu-cenLrIc. Access Is grunLed or denIed bused on IndIvIduuI user uccounLs or group membersIIp und Is noL dependenL on LIe pIysIcuI IocuLIon oI LIe user. =,: Iile-level encryption EncrypLIon oI IndIvIduuI duLu IIIes cun be uccompIIsIed usIng LIe EncrypLIng IIe SysLem (ES) buIIL InLo modern WIndows operuLIng sysLems. TIe IuLesL versIons oI ES uIIow LIe creuLorJowner oI LIe IIIe Lo specIIy oLIer users wIo cun sIureJuccess LIe encrypLed IIIe. ES Is cerLIIIcuLe bused, und users cun exporL LIeIr ES cerLIIIcuLes und prIvuLe keys Lo removubIe medIu so LIuL IL does noL remuIn on LIe compuLer wIen LIey`re noL usIng IL. AILernuLIveIy, LIIrd-purLy duLu encrypLIon soILwure, sucI us CypIerIx, cun be used Lo encrypL IndIvIduuI IIIes, IoIders, e-muII messuges, eLc., IncIudIng LIe duLu on removubIe medIu. PGP NeLSIure Is desIgned Lo encrypL IIIes und IoIders used by coIIuboruLIon Leums. EnLrusL EnLeIIIgence MedIu SecurILy Is u IIIe encrypLIon uppIIcuLIon LIuL wIII uuLomuLIcuIIy encrypL duLu suved Lo specIIIc IoIders. Muny oLIer IIIe encrypLIon producLs ure uvuIIubIe. =S: Ioll disk encryption uII dIsk encrypLIon proLecLs boLI porLubIe und deskLop compuLers In LIe borderIess neLwork envIronmenL by encrypLIng enLIre voIumes. An exumpIe Is LIe BILocker IeuLure LIuL`s IncIuded In WIndows VIsLu UILImuLe und EnLerprIse edILIons. L cun be used In conjuncLIon wILI u TrusLed PIuLIorm ModuIe (TPM) Iurdwure cIIp Lo prevenL someone wIo sLeuIs or guIns pIysIcuI uccess Lo u compuLer Irom beIng ubIe Lo booL LIe operuLIng sysLem or uccess LIe IIIes on LIe voIume, even by booLIng unoLIer InsLunce oI un OS. BILocker, unIIke some dIsk-IeveI encrypLIon progrums, encrypLs LIe operuLIng sysLem purLILIon, noL jusL duLu purLILIons. TIIs meuns LIe puge IIIe und Lemp IIIes, wIIcI oILen conLuIn copIes oI duLu LIuL mIgIL be sensILIve, ure encrypLed. TIIrd-purLy producLs, sucI us SuIeGuurd`s Eusy Hurd DIsk EncrypLIon, ure uIso uvuIIubIe. =q: Ind-to-end encryption IIe-IeveI und IuII dIsk encrypLIon proLecL LIe duLu onIy wIIIe IL`s on LIe Iurd dIsk. To proLecL duLu wIen IL`s LruveIIng over LIe neLwork, you cun use Psec, wIIcI operuLes uL LIe neLwork Iuyer oI LIe OS modeI und LIus requIres no cIunges Lo or uwureness oI uppIIcuLIons. Psec cun provIde duLu encrypLIonJconIIdenLIuIILy, uuLIenLIcuLIon, or boLI, usIng pubIIc key encrypLIon und dIgILuI cerLIIIcuLes. Psec Is un open sLundurd und Is supporLed by modern WIndows operuLIng sysLems. DuLu cun uIso be proLecLed In LrunsIL over LIe neLwork by usIng u IIgIer IeveI encrypLIon proLocoI, sucI us SSJTS. TrunsporL uyer SecurILy (TS) Is LIe successor Lo Secure SockeLs uyer (SS). AIso bused on pubIIc key encrypLIon, SSJTS Is oILen used Ior sendIng secure duLu Lo Web servers. =1o: Rights munugement n LIe borderIess neLwork, securILy probIems urIse noL jusL In regurd Lo wIuL duLu cun be uccessed by wIom, buL uIso In regurd Lo wIuL LIose wILI IegILImuLe uccess do wILI LIuL duLu once LIey receIve IL. RIgILs munugemenL uLLempLs Lo conLroI wIuL u recIpIenL oI un e-muII messuge or documenL cun do wILI IL. WIndows RIgILs MunugemenL ServIces (RMS) cun resLrIcL LIe recIpIenL`s ubIIILy Lo suve, Iorwurd, copy, or cIunge LIe duLu und cun even seL un expIruLIon duLe so LIuL LIe recIpIenL cun no Ionger even uccess LIe duLu uILer u specIIIed LIme perIod. TIIs IeIps prevenL securILy Ieuks cuused by deIIberuLe or InudverLenL mIsIundIIng oI sensILIve duLu. Cross-compuny soIuLIons Ior RMS ure uvuIIubIe Irom LIIrd-purLy compunIes sucI us GIguTrusL. Debru ILLIejoIn SIInder Is u LecInoIogy consuILunL, LruIner und wrILer wIo Ius uuLIored u number oI books on compuLer operuLIng sysLems, neLworkIng, und securILy. TIese IncIude Scene oj the Cbercrime: Computer Iorensics Hcndbool, pubIIsIed by Syngress, und Computer Netuorlin Essenticls, pubIIsIed by CIsco Press. SIe Is co-uuLIor, wILI Ier Iusbund, Dr. TIomus SIInder, oI Troubleshootin Windous zooo TCP,IP, LIe besL-seIIIng Conjiurin ISA Serter zooo, und ISA Serter cnd eond. Truckbucks TIe UR Lo TruckBuck LIIs enLry Is: http:,,blos.techrepublic.com.com,:othins,up-trcclbccl.php?p=z(( No Lruckbucks yeL. CopyrIgIL zoo; CNET NeLworks, nc. AII RIgILs Reserved. o