Don't Get Norteled: Authenticity works where information by Wes Kussmaul, Dan Geer

By Wes Kussmaul, Dan Geer

The Wall road magazine stories that the death of multi-billion-dollar Nortel Networks was once principally as a result of a number of stolen passwords. may possibly a similar factor ensue for your corporation? examine why details defense know-how cannot hinder id assaults – and examine what's going to hinder identification attacks.

So wonder: Do you think that it is attainable to figure out the intentions and personality of the sender of a move of bits? isn't really that like asking your building's receptionist to figure out the intentions and personality of all people who walks throughout the door?

Of direction you would not do this. in its place, you will have him or her factor a badge opting for who's accountable for what occurs whereas they're within the construction. it isn't approximately safeguard canine and razor twine, it truly is approximately accountability.

If your organization is depending upon firewalls and intrusion detection platforms and intrusion prevention platforms and antimalware and safety details occasion tracking and comparable stuff, it truly is depending upon the belief so that you can make certain the intentions and personality of the sender of a circulate of bits.

In do not get Norteled, you will research why identification is a minimum of as vital as id administration, and you can find out how to enforce a approach of pervasive electronic signatures from measurably trustworthy identification credentials.

Show description

Read Online or Download Don't Get Norteled: Authenticity works where information security technology has failed us PDF

Similar information management books

Offshore Software Development: Making It Work

Offering a hands-on govt device package, Offshore software program improvement: Making It paintings attracts on genuine existence examples and explores the teachings realized from businesses equivalent to Verizon, Citigroup, JP Morgan Stanley, and contributors skilled in offshore outsourcing. every one bankruptcy introduces a key set of suggestions and illustrates them with a true international company case dependent upon a member of the curiosity crew.

Technical Support Essentials: Advice to Succeed in Technical Support (Beginner to Intermediate)

Technical help necessities is a booklet in regards to the many points of technical aid. It makes an attempt to supply a big selection of subject matters to function issues of development, dialogue, or just issues that you just will need to research. the subjects diversity from strong paintings behavior to the best way technical help teams identify their very own sort of paintings.

Cases on Information Technology and Organizational Politics & Culture (Cases on Information Technology Series)

Instances on details know-how and Organizational Politics & tradition files real-life instances describing matters, demanding situations, and ideas concerning details know-how, and the way it impacts organizational politics and tradition. The instances integrated during this publication conceal a large choice of themes, corresponding to: an built-in on-line library assets automation venture, IT inside a central authority organisation, the politics of data administration, etc.

Knowledge Work and Knowledge-Intensive Firms

This ebook addresses the concept that of information, and its use within the contexts of labor and businesses. It presents a severe figuring out of present techniques to wisdom administration, association and the 'knowledge economy'. the writer describes a couple of instances of 'knowledge extensive firms', together with IT organisations, administration consultancy businesses, advertisements organizations and lifestyles technology businesses.

Extra info for Don't Get Norteled: Authenticity works where information security technology has failed us

Sample text

Quality of Means of Assertion Does the credential support OpenID, i-Name, Shibboleth, CardSpace? Does it use SAML assertions? A well-used identity is a more reliable identity; the more places it is used the better. 4. Quality of Authoritative Attestation Who attests to the validity of the assertion, that is, the claimed identity? Is the attesting party a certification authority? How reliable are their attestation practices? How is identity status reported: CRL or OCSP or another method? 5. Quality of Other Attestations To what extent do colleagues of the subject corroborate the subject’s claim of identity?

The Solution 9. Those Remarkable PKI Construction Materials 10. What Makes PKI Construction Materials So Sturdy? 11. The Quiet Enjoyment Infrastructure Part I of QEI People: The Authenticity Infrastructure Part II of QEI Places:The InDoors Infrastructure Part III of QEI Things:The Common Vocabulary Infrastructure 12. 6 13. Shouldn’t This Be a Job for Government? 14. More About PKI Part 2. Making It Real 15. 1 The Authenticity Infrastructure 16. The PEN Component 17. The Public Authority Component 18.

Acknowledgments I’d like to thank the people who helped me with this book, starting with my wife Maria Lewis Kussmaul, for her patience with the time the project has taken and the strong dissent from the assumptions of her industry that it introduces. Thanks also to my daughter, Sara Kussmaul DuBose, and her husband Graham DuBose for their suggestions and for their very professional work on the videos that accompany both this book and others. A big thank you is owed to Bruce Schneier and Carl Ellison for their permission to reproduce their famous Ten Risks document in its entirety.

Download PDF sample

Rated 4.50 of 5 – based on 38 votes