Flylib.com

Books Software

 
 
 

Category list


Similar pages

Rights Management


Buy on amazon.com >>
Robichaux R.
    << Previous page
    Table of contents
    Next page >>

    Rights Management

    The U.S. military has a neat euphemism: use control really means keeping unauthorized people from setting off nuclear weapons, accidentally or on purpose. The computing community has a similar term : rights management (RM). Depending on who you ask, RM either means preserving the ability of an information creator to control the use of that information, or it means an evil plot by nefarious corporate interests to prevent the use or dissemination of useful kinds of digital media.

    The basic underpinnings of RM systems are simple: content creators get some way to include access controls in the objects they create (movies, e-mail messages, documents, and so on). Client applications or systems have some way to check what access controls are included and to decide whether or not the object can be used in various ways. The devil is in the details; different RM schemes have varying infrastructure requirements, and some allow for draconian controls that far exceed the legal limits on how information can be copied and distributed. On the surface, RM systems might not seem to have any connection to messaging, but one commonly requested capability is a way to prevent users from forwarding or copying sensitive messages; another is making messages that expire, becoming unreadable after a certain time. These are both RM features, and both are implemented (albeit simplistically) in Lotus Notes. Exchange Server 2003 doesn t provide any RM support, but the Microsoft Office System (notably Word, Excel, and Outlook) does, and Windows Server 2003 has a Rights Management Server (RMS) component that delivers the infrastructure to allow this. You ll be seeing RM mentioned in later chapters because it s often demanded in corporate environments.



    Summary

    Computer security involves a bewildering array of concepts and buzzwords . However, there are some underlying principles and mechanisms that are particularly important for messaging security. These key items include access controls, auditing procedures and systems, privacy and confidentiality services, and protection against malicious or hostile code.



    Additional Reading

    • The Office of the U.S. Secretary of Defense maintains a terrific reference site with a wealth of military and government security specifications. This site, the Specialized Command, Control, Communications, and Intelligence (C3I) Reference site, is available at http://www.defenselink.mil/nii/ .

    • The Electronic Frontier Foundation ( http://www.eff.org ) provides a great clearinghouse of privacy information at their Privacy Now! site ( http://www.eff.org/privnow/ ). Most of the material there is focused on consumer- level privacy.

    • The Electronic Privacy Information Center (EPIC) has an extensive Web site and archive of privacy- related news, links, and resources. Check out http://www.epic.org/ .

    • Rob Rosenberger maintains the excellent Vmyths site ( http://www.vmyths.com/ ), which covers hoaxes , urban legends, and hype related to viruses. Major media in the United States routinely exaggerate the threat of virus and worm outbreaks.

    • Microsoft maintains its own virus information site at http://www.microsoft.com/technet/security/virus/ .



    Chapter 2: Security Protocols and Algorithms

    Protocol, n. A standard procedure for regulating data transmission between computers. Algorithm, n. A step-by-step problem-solving procedure, especially an established, recursive computational procedure for solving a problem in a finite number of steps.

    ”dictionary.com

    Why Do I Need to Know This?

    Computer security involves a broad ”even bewildering ”array of concepts, some of which you might have seen for the first time in the preceding chapter. Apart from those conceptual underpinnings, if you want to effectively secure your Microsoft Exchange infrastructure, there s a separate set of security knowledge you need to be familiar with. That s because knowing which protocol or algorithm can best be used to strengthen a particular security weakness (as well as the flip side ” knowing which algorithms to avoid) is a key part of securing your computers. Just as a surgeon has to know the difference between a retractor and a hemostat, you need to know the difference between SHA-1 and SSL.

    All of the algorithms and protocols covered in this chapter are widely used and well known. This might seem counterintuitive ”after all, doesn t security depend on keeping things hidden? It turns out that the answer is a resounding no. Depending on hiding the details of a security process or program, known derisively to experts as security through obscurity, never works in the long term . The famous cryptologist Auguste Kerckhoffs was the first to articulate this principle, which in general terms can be stated, The strength of a system cannot rely on the algorithm remaining unknown. Think of the trick puzzles you might have seen sold in catalogs: once you know the trick, it s trivial to solve the puzzle.

    Let s say you have a secret document that you want to protect. If you hide it somewhere in your house, you re depending on obscurity to protect it, because anyone who stumbles across (or learns of) the hiding place has free access to the document. If you instead lock the document in a bank vault, that s security ”not just because the bank uses multiple layers of security (including alarms, armed guards , motion detectors, and the vault itself), but because the design of the vault has been studied and validated by the American National Standards Institute (ANSI) group that specifies security measures for banks.

    Using tested , validated algorithms and protocols is the best way to be secure, because these algorithms and protocols are the only ones that have undergone public (and probably private) scrutiny to ensure that they are as secure as their designers or vendors intended. If you were buying a safe to protect your life savings, you d want it to be a safe that met the banking industry s certification requirements, not a cheap unit that you picked up at your local discount store. With that said, you wouldn t choose a safe that cost more than you had in your life savings. As with all aspects of security, cost must be measured against benefits. Microsoft in general, and the Exchange team in particular, has done a good job of choosing Internet-standard protocols to provide security services, although you can augment those protocols with your own choice of hardware or software components .

    This chapter is essentially a survey of three classes of information: security- related algorithms that are used to encrypt, authenticate, or otherwise protect data; security protocols implemented or used by Exchange; and security services implemented or used by Exchange.

    Note  

    Because this isn t a book on cryptography, I m not including details of how these algorithms work. If you re interested, the Additional Reading section at the end of the chapter provides some good references.



    Buy on amazon.com >>
    Robichaux R.
      << Previous page
      Table of contents
      Next page >>

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy