John has been working for more than six years at the True Blue firm where he enjoys managing the company's IT infrastructure, improving it year after year. He unofficially took responsibility for structuring and organizing the network and computers from the employees, a task that became more difficult as the company grew from 50 to 150 employees, from national to European, and new IT requirements were introduced with the new True Blue products. Still, John managed to contain the threats and solve most of the technical problems for the company.
But the last year has seen an increasing number of security threats to True Blue's infrastructure. Perhaps due to the new contracts with the Ministry of Defense, keyloggers were found on certain employees' PCs and the first distributed denial of service (DDoS) attacks on True Blue's intranet server put the IT team under heavy stress. Due to budget constraints, mitigating these threats was difficult with the resources that John had. While his network engineer and technician were trying to meet service constraints, building complicated network structures where VPN servers could work securely with specialized client-server architectures and where some of True Blue's activities could be externalized to other client companies, the IT infrastructure engineer and the IT platforms engineer were coping with the constant evolution of operating systems and applications and their insecurities.
Even if centralized antivirus solutions, firewalls, and Intrusion Detection Systems facilitated the protection of True Blue's IT system, at what was considered an expensive price by True Blue's management, a number of security risks were not addressed properly. True Blue employees installing personal and nonapproved applications on their computer led to viruses spreading inside the network, and guests' computers could silently introduce Trojans that traveled throughout the intranet. True Blue had a major PR problem when it was revealed an employee's laptop containing critical information on the company business was stolen.
One day John even discovered that a hacker had gotten into the True Blue building and left an infected USB key in the HR department coffee room. Recovering files from the backup server because of the infection wasted precious hours of the poor secretary's time—an innocent victim of social engineering. The new gadget toys that True Blue employees started using, such as smart phones or PDAs, meant that security was threatened by unmanaged communications.
Now that John has been promoted to lead IT security manager for True Blue, he intends to provide the highest level of security and be proactive in a computing world where employees ask for more and attackers innovate all the time. John agrees with the board of directors that all new laptop computers must have a TPM secure chip inside, so that full-disk encryption with two-factor authentication can easily be implemented with off-the-shelf products. This will prevent offline attacks against stolen laptops, one kind of attack that has made the news a lot lately and concerns True Blue managers who have to use laptops on the go. New desktops must also have a TPM so the software security policy that John devised can be reliably enforced on the operating system and trusted VPN clients can be used to separate the network into different groups of computers, more or less trusted and with appropriate access to the various services.
True Blue employees are adapting to this new IT environment, where they can no longer install their personal applications on their corporate computer (or more exactly, they can only install them in the noncorporate domain running on top of the approved hypervisor) or change the policies without explicit approval from the IT team. John gave a one-day seminar to all True Blue employees to help them understand the need for this new infrastructure and how it works. All employees were given a trusted USB key in order to boot their operating system, with a leaflet explaining how to protect it, and were reassured that the cryptographic keys stored on the USB were backed up on a company server. After a while, the employees were glad to have been relieved of managing the security of their own computer, and they began to use the online tools at their disposal more (e.g., e-Commerce, Service-Oriented Architecture, Software As A Service/SAAS) and even started using cryptographic tools to protect their data and applications, which used to be a daunting task to most basic True Blue employees.
Using the control that he now has over True Blue's IT infrastructure, John is able to drastically improve the security of employees' PCs and thwart attacks that could have been devastating. For example, he has successfully identified many unauthorized access attempts to the company network, thus preventing confidential information from leaking outside the company. From his central server, John is also able to manage the use of cryptographic keys and security software via remote deployment scripts, to check the health of remote employees' PCs (even if they are at home), to flexibly authorize the installation of software, and to revoke keys to disable access to particular data. Trusted Computing, which is mainly rooted in the TPM and comprises the various trusted components, did not remove the need to manage security, but it did made this task easier, largely contributing to the success of John's security policies.
Trusted Computing is an emerging technology and a hot topic in the domains of applied cryptography and computing. This technological paradigm and standard aims at building the security infrastructure of future computing systems that you can "trust." Trusted Computing was created to answer the increasing security threats that have been experienced over the last decade, which led to hackers becoming professionals and security vulnerabilities costing millions in mitigation and repairs. Trusted Computing proposes new security elements and tools aimed at improving the security of computing systems, going beyond the limitations of current systems such as the inability to enforce policies or to protect through the various architecture layers.*
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.