90 likes | 231 Views
Bill Gates’ RSA 2006 Keynote presentation. Questions and answers. What does Gates mean by trusted ecosystem?.
E N D
Bill Gates’ RSA 2006 Keynote presentation Questions and answers
What does Gates mean by trusted ecosystem? • A rich infrastructure encompassing trust relationships between organisations, code, and users. It mimics the real-world relationships, and includes reputation building, chains of trust, and trust revocation, [frame 5]
What does Gates propose in order to guard against code injection attacks? • The programmer should aim to reduce the portion of code that has to be trusted to a minimum; and then it should be run with minimal privileges.[frame 6]
Why were systems more secure historically than they are now? • Because they were isolated, in several ways. • Typically, they had no internet connection, so no incoming packets that can attack code • Users had less capabilities which are vulnerable to being exploited[frame 8]
What alternatives does Gates mention for authentication by password? • Multi-factor authentication including smart-cards • Challenge-response systems, avoiding passing a single secret which can be passed on to another service [frame 8]
What does Gates propose in order to combat spam? • Email product vendors are asked to implement the sender-id feature in MX records, which helps receivers • www.exchangepedia.com/blog/2006/10/microsoft-opens-up-senderid.html • MS Outlook implements the idea of computational proof; a stranger sending mail to someone for the first time has to do some non-trivial computation which is uneconomic for spammers to perform.[frame 10]
What obstacles to adoption of smart cards for authentication are mentioned? • Integration throughout the infrastructure • Revocation of certificates[frame 11]
What is the Certificate Lifecycle Manager (CLM) and what’s it for? • It manages the process of issuing digital certificates and provisioning smart cards. • On production of a one-time password issued when a user loses her smartcard, CLM can obtain the user’s certificates from an LDAP server and put them on a new smart card.[frame 12]
What is Network Access Protection (NAP) • It checks policy compliance in respect of software updates. If the policy is not satisfied, it allows limited network access for the purpose of downloading updates (called quarantine). • It can also automatically remediate the computer to bring it into compliance.[frame 12]