IBM pinpoints security at the business desktop
Most companies that report a breach in their security have it happen from the inside. With that in mind, IBM's latest line of NetVista PCs have security built into the core
If you're reading this through an Internet-connected Local Area Network (LAN), you're a potential liability to your network. And you don't necessarily have to be someone with criminal intent, but it might not matter to your boss when he's looking for someone to blame.
It's a well known fact that about 80% security penetrations happen from the inside - disgruntled employees, ex-employees still holding on to passwords, corporate espionage, victims of social engineering (also known as spoofing), and of course the most common of them all, the uninformed, uneducated average user (who can be conveniently "mis-identified" as any of the above).
Its been said that any chain is only as strong as its weakest link, and when it comes to network security, this precept holds especially true. Most companies rely on a firewall or intrusion detection system, and some kind of authentication, to ensure that only authorized users are accessing their network, effectively keeping unauthorized users out.
For the most part, these security tools do their job, but when someone logs in as you, on your desktop and does something in your name - there's no way to tell that its not you at the computer.
Enter IBM's newest line of NetVista series of PCs, with a built-in 256-bit embedded security chip on-board, biometric fingerprint authentication and proximity card readers. The Big Blue has worked together with Microsoft, enhancing protection of encryption and signature keys in the Windows 2000 environment. Collaboration with Intel also allowed for Internet Protocol Security (IP sec) adapters to be used in a secure network environment.
In effect - the security is tightened at the critical juncture when the user accesses his terminal. The fingerprint identification enables documents and communiqués to be encrypted in a more secure fashion, while proximity cards automatically log the user off his terminal should he walk out from a preset distance away from the computer. The fingerprint system can also be used together with a login system, encryption system, or in conjunction with a proximity card, providing even more security.
When it comes to companies that do a bulk of their transactions over the Net, like Intel, or even Cisco, electronic communiqués that authorize the transfer of funds have to be encrypted, usually through a PKI (public/private key infrastructure) method. What typically happens is that the private key is usually stored in the terminal's cache for easy referencing, which means that it can be "sniffed" by a Trojan - a likely occurrence if Mr. Newbie (almost every company has one of these) in the cubicle next to you opens every single email attachment without checking first if he should.
With the built-in security chip, the key is now stored into the chip itself and can't be easily accessed - IBM's own "penetration testing" engineers had to resort to physically manhandling the chip in order to get to the data inside.
And in a normal office environment, that's a little hard to escape notice, especially since the NetVistas come with a PC break-in alarm triggered by switches in the case, a network disconnection remote alarm, a physical key lock and a radio ID tagging system, for stock taking of PC inventory via wireless devices.
Security overkill you say? When you consider companies doing more and more transactions over the Net, in the figures of a few million US dollars, you really want to make sure your security isn't compromised, at any level. Trust is a commodity in itself.
Players in the banking, financial, health care
and government sectors seem especially interested
in the ease-of-use and secure benefits that
these PCs bring. Ease-of-use is especially
important, because more often than not, the
weak link in the chain called "Network
Security" is actually the guy behind
the terminal.