Endpoint Security
What is it about networked computers that allow them
to be so easily hacked? A weakness that is
frequently exploited by malware writers involves the
conversion of web content, attractively displayed
for the casual user, into a set of instructions that
undermines the browser.
Why is it easy for our computer tools to be
repurposed against us? John von Neumann invented
general purpose computers by putting both data and
code on the same memory bus. This was an advance
over earlier designs but it opened the door for
malware: malicious code can be inserted into an area
of the computer memory used for data storage and the
computer can then be fooled into running that
malware. From the moment that a document becomes an
unwanted source of computer instructions, all data
that is accessible by the computer is also
accessible by the malware.
Generally, blocking malware from execution has
proven to be difficult to achieve. However, this
article will explain one method that uses a
hardware-protected part of the computer to hold
secret cryptographic material that can tell us when
the computer has been successfully contaminated by
malware.
Many PCs are fitted with a Trusted Platform Module (TPM)
that enables a cryptographic statement to be made
about the security disposition of the computer. That
statement can be transmitted to a remote server
(“remote attestation”) in order to assure that the
computer can be relied on to faithfully keep secrets
such as our identity or credit card numbers. The
value of remote attestation is hard to overstate
since it blocks much of the value that malware
writers earn for their efforts. If users quickly
learn that their computers have been compromised,
and they are blocked from performing valuable
transactions until the computer is fixed, the window
of opportunity for the malware writer to take
advantage of the compromised computer will narrow.
This brings us back to a question that we have asked
before in this column: how can security be made
usable enough that users will consider it to be an
ally rather than an annoying obstacle? In the case
of the TPM, two new developments are converging. In
most cases the owners of those computers neither
have the time, expertise, nor desire to get the same
security level that is enjoyed by employees in
large, security-minded enterprises. But soon the
Trusted Computer Group will be publishing a new
standard implementation of a TPM on a thin hardware
layer like the ARM Trust Zone which has been
shipping in smart phones for several years. At the
same time we expect to see the release of Windows 8
on ARM and X86 architectures with a requirement for
TPM support. These two coming events will bring the
possibility of simplified provisioning of the TPM
even for consumer services.
JW Secure has been building support systems for TPM
use with data protection for several years and now
is working on a simplified method that will allow
users to pick up a computer at their local
superstore and securely provision it anywhere. Let
us build a deployment system for your employees,
partners, and customers that will allow you to
reduce fraud and maintain compliance.
The
following sites describe more about the capabilities
of the TPM, its use, and the increasing number of
devices supporting it.
|
Welcome
to the 13th edition of the JW Secure Informer, our
bi-monthly newsletter. This is an opportunity to
share what’s on our radar, specifically with respect
to enterprise network security, but also regarding
IT and business more generally.
