figuratively) to check:
• that trustworthy software is orchestrating the transaction,
• that it really is you yourself conducting the transaction,
• that you really are trading with the person or service you
expect,
• that the details of the transaction are correct.
Authentication, clearly, can assist you with this.
Q. How? Can you start by giving me an example of the sort of
authentication technology which can help with each item above?
A. Of course. Let’s ask the questions we want answered one
by one.
• Is the right program doing the work? Some endpoint
firewalls can help with this, for example by using
cryptographic checksums to regulate which applications
can make what sorts of connection to which servers.
• Is it really you kicking off the transaction? A hand-held
authenticator can ensure that you use a new password
every time you connect, which helps to prevent replay
attacks where previously-stolen credentials are re-used
by someone else.
• Are you connecting to the right service? Digital
certificates can help to reassure you that you are not
speaking to an imposter at the other end.
• Are you carrying out the transaction you intended?
Encryption and digital signatures provide protection
against exposing the details of the transaction, and help
prevent the transaction being tampered with in transit.
Q. Firewalls, tokens, certificates and encryption. Aren’t these
old technologies that we’ve been using for ages? Are they
failing us?
A. Yes and no. There are three main ways in which
security-related
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24