WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each...
-
Upload
estrella-pew -
Category
Documents
-
view
213 -
download
0
Transcript of WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each...
![Page 1: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/1.jpg)
WEBCAST SCHEDULEToday’s event will run one hour long. Here are the expected times for each segment of the webcast:
:00 – :05: Moderator introduces the speaker and discusses the details of
the webcast.
:05- :25: Speaker delivers a PowerPoint presentation on the webcast topic. :25- :35: Moderator and speaker engage in a brief Q&A on the topic.
:35- :60: The speaker responds to questions submitted by the audience.
You can submit questions to the speaker at any time during the event. Just click on the “Ask a Question” button in the lower left corner of your screen.
![Page 2: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/2.jpg)
TECHNICAL FAQsHere are answers to the most common technical problems users encounter during a webcast: Q: Why can’t I hear the audio part of the webcast?
A: Try increasing the volume on your computer.
Q: I just entered the webcast and do not see the slide that the speaker is referring to. What should I do?A: The slides are constantly being pushed to your screen. You should refresh (hit F5) to view the latest slide.
Q: In what time zone do the webcasts take place?
A: The TechTarget webcasts all occur on Eastern Daylight Saving Time (UTC/GMT - 4 hours). After Oct. 27, 2002, the webcasts will occur on Eastern Standard Time (UTC/GMT – 5 hours).
If your question is still not answered, please click the “Ask a Question” button in the lower left corner of your screen and submit your problem. A technical support person will respond immediately.
You can also visit the Broadcast Help page for more information or to test your browser compatibility. Click here: http://help.yahoo.com/help/bcst/
![Page 3: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/3.jpg)
Trick or Treat:What has Microsoft delivered in Trustworthy Computing?
Roberta Bragg
![Page 4: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/4.jpg)
What do these words say to you?
Microsoft marketing Microsoft finally “gets it” Microsoft Moratorium – Writing secure code Palladium TCPA? (Trusted Computing Platform
Alliance) Trusted Computing Base Survivable Networks
![Page 5: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/5.jpg)
How Microsoft defines Trustworthy Computing
“For computers to be taken for granted, they must always be available wherever and whenever people need them, they must reliably protect personal information from misuse and give people control over how their data is used, and they must be unfailing secure. We call this concept Trustworthy Computing.” Bill Gates, April 2002
“The Trustworthy Computing Initiative is a label for a whole range of advances that have to be made for people to be as comfortable using devices powered by computers and software as they are today using a device that is powered by electricity.” Craig Mundie, CTO, May 2002.
![Page 6: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/6.jpg)
Let’s look at one of Bill Gates’
examples of a trustworthy system
The Public Telephone Network(I think we’re going to find that it’s less
“trustworthy” than we think.)
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
![Page 7: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/7.jpg)
A lesson – PTN/Internet(Schneider, Building Trustworthy Systems)
Similarities to Internet No entity owns or manages entirely, nor
can have complete picture of Large number of subsystems Complexity driven by
– interfaces at boundaries of subsystems– demand for advanced services
Complexity means operator errors
![Page 8: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/8.jpg)
PTN vulnerabilities
Backhoe fading – solved by redundancy Cost pressures; competition vs. old monopoly means
less robustness New technology means fewer physical links
necessary for higher levels of traffic (failure of single link = higher repercussions)
Less backup capacity, as leased from others Designed for few companies, inherit trust in access to
switches; now many companies, non-trusted interconnections between switches
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
![Page 9: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/9.jpg)
Attacks on the PTN
Mostly, up till this time, toll fraud Threat growing More operations support systems (OSS)
and more interconnections of them Increased skill of attackers More Signaling System 7 (SS7)
interconnections to new phone companies (takes less to do so)
![Page 10: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/10.jpg)
New types of PTN attacks
Routing attack– eaves dropping from interoffice trunks– view or alter route tables of switches– manual control possible
Database attacks– OSSs manage databases (toll-free numbers, call
forwarding, message delivery)– control = possible deception, abuse
• change speed dialing; re-route• subscribers choice of long-distance (slamming)
![Page 11: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/11.jpg)
Let’s return to why a trustworthy “system” is a premium issue in computing.
Electronic banking Electronic stock
buying Electronic voting Online medical
databases E-mail Schedule
E-commerce Patient records Competitive
information Proprietary
information
![Page 12: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/12.jpg)
And…
Technology PDAs Smart phones Wireless access
Different software models Mobile code Web services
Availability Wireless access points
at coffee shops Public kiosks
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
![Page 13: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/13.jpg)
Needed: A trustworthy computing infrastructure
It does what we want (and only what we want) when we want it to, regardless of attack or design flaw.
![Page 14: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/14.jpg)
Trustworthiness – a holistic definition
Confidentiality Correctness/integrity Reliability: fault tolerance Availability Survivability Security Privacy Safety
![Page 15: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/15.jpg)
An example – FAA 5 layers of protection
Personnel
Physical
Compartmentalization & information
systems security
Site-specific adaptation
Redundancy
![Page 16: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/16.jpg)
A history lesson
The myth of the Trusted Computing Base– security meant confidentiality (keeping secrets)– accomplished via access control – LaPadula
model/Orange book– specialized equipment
Today – must use COTS Integrity, availability are equally important Common criteria addresses this, but … TCB = combination hardware and software
trusted to enforce security policies.
![Page 17: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/17.jpg)
More of the myth
TCB is line drawn in sand sandbox.– once breached battle is lost– easily attacked by using an unforeseen method
How can you have a trusted computing base when computing is distributed?– machines, data storage, communications– plug-and-play – Who really knows what software is
running on a specific machine? And where: reliance on familiar systems decreases
learning curve for would-be attackers – the monoculture effect
![Page 18: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/18.jpg)
Report card on the industry Affordable products – PKI, biometrics, smart
cards IBM ThinkPad's with onboard hardware storage
and generation of cryptographic keys & security subsystem
Smart phones limitations on downloadable software
Explosion in software security products Increased spending on security products Continued forecasts
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
![Page 19: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/19.jpg)
And still, software is poorly written – WHY? Why do we still
get bug reports? Market pressures Lack of discipline Brilliance! = perfection The need for “friendliness” Focus on features/function Public perception = reality It takes a long time to effect a change (There’s a lot of existing code…)
![Page 20: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/20.jpg)
Why aren’t systems hardened, protected and patched?
Market pressures Lack of discipline Brilliance! = perfection/security Lack of sharing (changing now) Focus on features/function/technology Public perception = reality Ignorance of impact on bottom line Security features! = security
![Page 21: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/21.jpg)
Trustworthy computing future Central policy that’s deployed without significant work by
administrators Computers that can self-diagnose and heal themselves Computers that can administer other computers Programming tools that reduce complexity and increase
flexibility Increased accountability of Internet users/providers Increased knowledge, study of the interaction between
sociology and technology More reliable systems with longer time between hardware failure Increased reliance on crypto to encrypt files, protection
communications and authenticate access Higher importance to security over features – security becomes
the features that sell
![Page 22: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/22.jpg)
What is happening NOW
IndustryMicrosoftYou
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
![Page 23: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/23.jpg)
What Microsoft has done/will do
Training for secure coding Use of outsiders Internal/external programs for security Publication of results New products Framework for trustworthy computing
![Page 24: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/24.jpg)
Writing secure code initiative Work stoppage and code review
– Training for all– Code hygiene – 76 days, 8000 programmers– Then SQL, Exchange, SMS– $10 million!!!
Changes in .NET– Turn off & lower privileges of 30 services by default– IIS not loaded by default, when it is static Web server
Other products– Outlook in Office 2002 default settings, improvements– XP SP1
![Page 25: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/25.jpg)
Use of outsiders
Threat modeling, threat analysis Increased access to source codePromise to publish nexxus of
Palladium
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
![Page 26: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/26.jpg)
Programs for security
Strategic Technology Protection Program (STPP) – get secure, stay secure
Security liaison for each product group (responsible for security of code)
Architect security into products at design Security clinics – training for administrators SMS value pack Microsoft Security Response Center Secure Windows Initiative 866-PC SAFETY – virus hotline Security operations guides
![Page 27: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/27.jpg)
Publication of results
Uncovering “bugs” in code and releasing security bulletins and patches
Security operations guides Baseline security analyzer New tools and improved tools Work with industry groups on Web
services security issues
![Page 28: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/28.jpg)
New products/sample code
SUS Base Line Security Analyzer Improved tools
– URLScan– IISLock
SMS feature pack XML filter example code (install on ISA –
secure Web services; protects XML Web services from unauthorized access and DOS attacks) – inspect incoming SOAP and XML data
![Page 29: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/29.jpg)
Palladium
Run only trusted code that is physically isolated, protected and inaccessible to rest of system (curtained memory) (sealed storage)
Attestation – code that digitally signs data PC Files encrypted with code specific to each PC
(useless if stolen or copied) Users can operate in “realms” vaults – keep
private and public info separate New chip and design changes to CPU,
chipsets and peripherals Not a part of boot process
![Page 30: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/30.jpg)
Palladium Will not require DRM Stores keys in hardware Trusted operating root or nexxus – will publish
source code for examination; the kernel of Palladium; the software for the Palladium hardware
Security Support Component (SSC) – hardware module does cryptographic operations and stores cryptographic keys; at least one RSA private key and AES symmetric key are never exported from the chip
Machine owners (organizations, single owners) are in charge of what runs and is monitored
![Page 31: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/31.jpg)
Redefinition – framework for trustworthy computing
Secure by design Secure by default Secure in deployment
– patching– recovery– intrusion detection– automatic corrective action 1
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
![Page 32: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/32.jpg)
What others are doing
TCPA – Trusted Computing Platform Alliance – a specification
Le Grande – technology for Prescott chip; anti-piracy features; protection from hacks, DRM?
IBM’s onboard cryptographic chip and security suite
New Phoenix BIOS – secure version, designed to prevent intruders from signing on to computer or accessing remotely
Carnegie Mellon University – Sustainable Computing Consortium
![Page 33: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/33.jpg)
Your report card
More security researchers Awareness is high Buying security products
– purchase of encryption products up 86% over last three years
– projection for security spending is up
Still not patching Still not using provided tools Still not supporting employees with advanced
security training
![Page 34: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/34.jpg)
Trustworthy people?
The factor that secure software and hardware-based security subsystems cannot entirely deal with
Policy and people are as important as product
Trustworthiness is holistic
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
![Page 35: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/35.jpg)
What you can do
Insist on secure software– purchase products that follow sound
principles in product development and are responsive to vulnerability reports
Insist on integrated hardware devices that do not preclude “our” control
Put your own house in order Support initiatives
![Page 36: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/36.jpg)
Resources Building trustworthy systems: An FAA perspective –
www.dacs.dtic.mil/awareness/newsletters/stn4-3/trustworthy.html
Is the trusted computing base concept fundamentally flawed? – John McLean, Center for High Assurance Computer Systems, Naval Research Laboratory
Building trustworthy systems: Lessons from the PTN and Internet – Schneider, Bellovin, Inouye, IEEE Internet Computing, 1999
Trust in cyberspace – www.nap.edu/readingroom/books/trust
Get on the mailing list for Palladium info – [email protected] with “subscribe” in the subject line
TCPA spec www.trustedcomputing.org
![Page 37: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/37.jpg)
Questions?
Click on the Ask a Question link in the lower left corner of your screen to ask Roberta Bragg a question about this webcast.
You can also e-mail Roberta at [email protected] or find her on SearchWin2000.com’s security experts page.
![Page 38: WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each segment of the webcast: :00 – :05: Moderator introduces the.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cae5503460f9497222b/html5/thumbnails/38.jpg)
Feedback
Thank you for your participation.
Did you like this webcast topic?
Would you like us to host other events similar to this one? Send your
feedback on this event and ideas for other topics to