Protecting the enterprise in a Vista environment

Ultimately, security enhancements in Microsoft Vista may perhaps make it capable of surviving more hits by malicious bullets than it was before, but by no means makes your network bullet proof.

If you intend to run the Vista OS on your corporate desktops, consider that the security enhancements in the OS will drive hackers to further expand their application layer and Web application attacks. Hence, Gateway security at the application layer will be more important than ever in a Microsoft Vista environment.

Also, the difficulty of anti-virus or anti-malware products working with Windows as a third-party security product will necessitate that in order to protect a Microsoft Vista network, malware will need to be detected
on the wire and neutralised before it reaches the Microsoft Vista operating system.

The days of a signature-based anti-virus, IDS and IPS products working at the kernel level of the Windows operating system are simply over.
Weak passwords still plague Windows under Microsoft Vista for the intranet and also for remote users.

Hackers will naturally shift their attacks to the weakest link, which will increase the need for stronger authentication.

Further, the lack of significant improvements in combating insider threats will still need to be addressed by third party solutions. Identity and Access Management (IAM) will be a necessity in addressing the issues of weak passwords for remote and internal users and also provide a necessary additional layer of security for the required segmentation and access control within the intranet.

Despite Gates’ promise in 2004 that, “Spam will be a thing of the past in two years’ time”, it will not go away with Microsoft Vista security improvements.

In fact, social engineering is poised to increase via email and messaging as hackers probe for weak links to overcome any resistance imposed by new security enhancements in other attack vectors.

Hence, anti-spam bolstered with Reputation and Trusted Source capabilities, as found in current generation messaging gateway security offerings, will be a necessity within a Microsoft Vista environment to mitigate the expected increase in the respective threat.

The fastest growing crime in America today is identity theft and it is being fuelled with data leakage. Microsoft Vista in a 64-bit enterprise version offers a new feature called Trusted Platform Module (TPM) that provides for the storage of digital certificates, encryption keys and passwords on the hardware “chip” on the system motherboard.

The use of TMP to store encryption keys off the hard disk allows Vista to provide for the encryption of the entire hard disk including the operating system and boot sector. Whole disk encryption is significantly more secure than traditional file- or folder-level encryption.

A weakness in file and folder level encryption is that the unencrypted portion of the hard drive can often contain clues as to the encryption key used to decrypt the file or folder.

Moving the encryption key to tamper-proof hardware on the motherboard and encrypting the entire hard drive eliminates the ability for a hacker to recover the encryption key from an unencrypted area of the hard drive.

While the use of TPM to encrypt an entire hard disk does a great job of addressing one attack popular vector in the mitigation of data leakage, the issue is that it is only available on the Enterprise version of Vista; hence it is simply not going to be installed on the typical desktop or laptop.

When one considers that 80 percent of the data formerly reserved for the enterprises protected servers, finds its way to individual computers during the normal course of business, the scope of the issue can be realised.

Further, with respect to data leakage, Vista still does little to address the actions of a wayward insider. Simply put, outside of TPM, Microsoft Vista offers little in terms of risk mitigation to stem the tide in this growing issue.

Microsoft’s Digital Rights Management (DRM) falls short of addressing the issue, as it does not provide the safety net for user error or intentional abuse by a wayward insider in rights assignment.

Paul Henry is vice-president of technology evangelism at Secure Computing, a leading global provider of enterprise gateway security.