maverickmonster
Programmer
Where do people see the future of computer security going in the next five years ?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Future of security 1
- Thread starter maverickmonster
- Start date
- Status
Where do people see the future of computer security going in the next five years ?
CajunCenturion
Programmer
You're certainly correct that the biometric systems have a number of obstacles they need to overcome. I don't think that using fingerprints has much of a long-term future, short-term hype, perhaps, but not as a viable long-term element in the security equation. In fact, I don't think any single technology, biometric or otherwise, is the silver bullet, and certainly not as a stand-alone system. Security systems will be multi-layered, and I do see biometrics at one of those layers. There is a tremendous amount of R&D taking place right now dealing with many of these issues.
What may turn out to be the biggest problem for biometrics is "societal acceptance."
Good Luck
--------------
To get the most from your Tek-Tips experience, please read FAQ181-2886
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
What may turn out to be the biggest problem for biometrics is "societal acceptance."
Good Luck
--------------
To get the most from your Tek-Tips experience, please read FAQ181-2886
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
Let's not forget that most break-ins results from users divulging their passwords.
Nowadays we have passwords for everything. Since there is no way we can remember everything, users tend to use the same password for different things, or to write down the passwords elsewhere. The dangers of these two scenarios are pretty obvious.
For the first situation, the easy way for the potential hackers is to create something (eg. forum, online group, etc.) and to entice the users to register. The tendency is that users will use the same password as their email or other accounts.
The second scenario involves a bit more work, such as visiting the victims, observing their desks, etc.
Of course, there is always a problem with users not being able to keep their mouth shut (thereby, revealing hints to their passwords), or users using weak passwords.
Sometimes I wish that there is a special 'language' for passwords, that is unpronounciable and unwriteable. It should be something that users can easily remember and naturally know what to do when they need to log on, but they can't pronounce the password nor write it.
Nowadays we have passwords for everything. Since there is no way we can remember everything, users tend to use the same password for different things, or to write down the passwords elsewhere. The dangers of these two scenarios are pretty obvious.
For the first situation, the easy way for the potential hackers is to create something (eg. forum, online group, etc.) and to entice the users to register. The tendency is that users will use the same password as their email or other accounts.
The second scenario involves a bit more work, such as visiting the victims, observing their desks, etc.
Of course, there is always a problem with users not being able to keep their mouth shut (thereby, revealing hints to their passwords), or users using weak passwords.
Sometimes I wish that there is a special 'language' for passwords, that is unpronounciable and unwriteable. It should be something that users can easily remember and naturally know what to do when they need to log on, but they can't pronounce the password nor write it.
- Moderator
- #24
Heh.... essentially what I'm hearing here is that biometrics don't work, because essentially we're not different enough. 
"It's OK to be unique, as long as you do it with everyone else!"
Just my $.02
"In order to start solving a problem, one must first identify it's owner." --Me
--Greg
"It's OK to be unique, as long as you do it with everyone else!"
Just my $.02
"In order to start solving a problem, one must first identify it's owner." --Me
--Greg
sleipnir214
Programmer
gbaughma, I think you're pretty close to the fact of the matter.
The problem as I see it is that the differences between us can be less than any one person's day-to-day variability.
For example, if cut your finger across the print some biometric fingerprint ID systems will fail. A lot of them will record the print from more that one finger, and part of the ID process is that you tell the system which finger you're going to use.
And I imagine that corneal abrasions or lacerations could affect the ability for a system to read your retina. The same may hold true for iris IDs.
Want the best answers? Ask the best questions!
TANSTAAFL!!
The problem as I see it is that the differences between us can be less than any one person's day-to-day variability.
For example, if cut your finger across the print some biometric fingerprint ID systems will fail. A lot of them will record the print from more that one finger, and part of the ID process is that you tell the system which finger you're going to use.
And I imagine that corneal abrasions or lacerations could affect the ability for a system to read your retina. The same may hold true for iris IDs.
Want the best answers? Ask the best questions!
TANSTAAFL!!
GlenJohnson
MIS
I experimented with a finger print scanner a couple of years ago. Worked great at first, then it suddently started slowing down, not wanting to work, then just died. Had to f-disk my machine to get back in. (I usually f-disk a machine once a year anyways to clean out the cobwebs, so it didn't bother me much.) This of course was not state of the art, as I can't afford that, but it did show me what's coming up in the future. Passwords, to me, are the weakest form of security, even if you enforce password complexity. The best form of security is education. Check out my FAQ
faq96-4972
Time for a cup of Earl Gray......
![[pipe]](/data/assets/smilies/pipe.gif "[pipe] [pipe]")
Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.
TTinChicago
Johnson Computers
faq96-4972
Time for a cup of Earl Gray......
Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.
TTinChicago
Johnson Computers
Parcival21
Technical User
Hi there,
what are you thinking about cisco security agent or technologies that work similar. I think Microsoft has something similar coming up too in Longhorn.
Can this solve most of the existing virus or trojan problems?
busche
what are you thinking about cisco security agent or technologies that work similar. I think Microsoft has something similar coming up too in Longhorn.
Can this solve most of the existing virus or trojan problems?
busche
dilettante
MIS
Personally I think the XP SP2 will go a long way toward helping with security in general. The problem is that before it can do all it promises it will need to see wide adoption on machines with CPUs offering better hardware-level memory protection. This means maybe a 2007-2008 timeframe. Even if Longhorn comes out as planned ~ 2007 it may be years before wide adoption too.
I'm not sure a whole lot more can be done. I'm reading about the potential for sandboxed or "managed" kernels but I'm not sure how practical this really is or how widely it'll ever be deployed in a short timeframe. Sounds more like 2010-era stuff.
The best hope is probably locked-down, ROMmed consumer/office machines. This is looking less likely every day though. Still, if major players succeed in moving to the "hosted application" model somehow then maybe locked-down "terminals" might get someplace. Especially as we get so far down the road with security headaches that you get crippling infections within minutes of connecting a clean machine to the Internet.
I'm not sure a whole lot more can be done. I'm reading about the potential for sandboxed or "managed" kernels but I'm not sure how practical this really is or how widely it'll ever be deployed in a short timeframe. Sounds more like 2010-era stuff.
The best hope is probably locked-down, ROMmed consumer/office machines. This is looking less likely every day though. Still, if major players succeed in moving to the "hosted application" model somehow then maybe locked-down "terminals" might get someplace. Especially as we get so far down the road with security headaches that you get crippling infections within minutes of connecting a clean machine to the Internet.
lionelhill
Technical User
flexibility is the problem. You want flexibility, it comes with a price that someone might flex it enough to write a virus or whatever. When my phone could just talk to people, and that was all, I was safe. Now it plays games, etc. etc., people manage to write phone viri.
Whoever managed to take over a mechanical typewriter remotely? And, what's more, the boot-up time wasn't a problem either.
Yes, I like the idea of ROM-only single/few-application machines for at least some jobs.
Whoever managed to take over a mechanical typewriter remotely? And, what's more, the boot-up time wasn't a problem either.
Yes, I like the idea of ROM-only single/few-application machines for at least some jobs.
What are we trying to defend against? I suspect that in most organisations, assuming basic antivirus/ firewall etc. coverage, the major issue is opportunistic internal breaches.
Here it's the usual, I gave my password to so-and-so because they don't have permissions to do X (or, I gave 20 signed paper expenses authorisations to Y 'cos I was on holiday -same principle). Passwords on yellow stickies on monitor. Passwords handed over to IT on request. Forgetting to change admin passwords when someone leaves. Giving admin passwords out or allowing them to be seen inappropriately. Letting contractors have admin passwords.
Really, really basic stuff. We fight it but it still happens, occasionally - this is the real danger, new Hi-tech dangers are real but generally low risk in comparison.
In a way, the biggest danger is concentrating on the clever stuff and ignoring the really basic security considerations.
Tho' that said, spyware/malware not covered by standard antivirus protection has the potential to be a major headache. We've just had a couple of nasty infestations, I've taken the brutal view - we just flatten the PC and re-RIS it, but it's still a major inconvinience.
Rosie
"Never express yourself more clearly than you think" (Niels Bohr)
Here it's the usual, I gave my password to so-and-so because they don't have permissions to do X (or, I gave 20 signed paper expenses authorisations to Y 'cos I was on holiday -same principle). Passwords on yellow stickies on monitor. Passwords handed over to IT on request. Forgetting to change admin passwords when someone leaves. Giving admin passwords out or allowing them to be seen inappropriately. Letting contractors have admin passwords.
Really, really basic stuff. We fight it but it still happens, occasionally - this is the real danger, new Hi-tech dangers are real but generally low risk in comparison.
In a way, the biggest danger is concentrating on the clever stuff and ignoring the really basic security considerations.
Tho' that said, spyware/malware not covered by standard antivirus protection has the potential to be a major headache. We've just had a couple of nasty infestations, I've taken the brutal view - we just flatten the PC and re-RIS it, but it's still a major inconvinience.
Rosie
"Never express yourself more clearly than you think" (Niels Bohr)
A company I interviewed with last year (didn't get the job) had a good approach that I think may be beneficial elsewhere.
The company had a couple of "Internet PC's" which were not configured to connect to the network and each had a dial up connection and modem for internet access. There were 2 of these computers in the company - for about 200 staff in total, which were in public locations, so people could see if what they were doing was work related. If they needed to transfer something to the main network, they used a CD writer or USB memory key to transfer it from the internet connected computer.
The main network only had email access as far as internet went, which ran through a dedicated hardware proxy device. Nothing else went through. This had the advantage of stopping people web browsing when they should be working, and at a stroke, stopping the main network becoming infected via browser downloads etc.
John
The company had a couple of "Internet PC's" which were not configured to connect to the network and each had a dial up connection and modem for internet access. There were 2 of these computers in the company - for about 200 staff in total, which were in public locations, so people could see if what they were doing was work related. If they needed to transfer something to the main network, they used a CD writer or USB memory key to transfer it from the internet connected computer.
The main network only had email access as far as internet went, which ran through a dedicated hardware proxy device. Nothing else went through. This had the advantage of stopping people web browsing when they should be working, and at a stroke, stopping the main network becoming infected via browser downloads etc.
John
- Status
