1 / 34

Identity Management: Threats and Core Truths Symposium

This symposium explores the threats and core truths related to identity management, addressing concepts such as the value of identity, the role of matching, and the importance of secure systems. Key topics include cybersecurity, biometrics, and cloud technology.

yut
Download Presentation

Identity Management: Threats and Core Truths Symposium

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited

  2. Let me introduce myself • Colin Rose • Presenter • Guest / Customer / Foreigner / Visitor • Director / Shareholder / Employee • Son / Brother / Friend • Trainer / Trainee • Mechanic / Gardner / Decorator / Plumber…… • Was / Is– ME!

  3. “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009

  4. Some Themes • More questions than answers • Core truths • Identity crisisIs “identity” the right word? • Where “identity” fits.

  5. What is “The Threat”? • The same as ever • In any system involving people • Look to ourselves • Presumptions / assumptions • Complacency

  6. What am I? • CVN-76 • USS Ronald Reagan • Home • Weapons Platform

  7. If You Drive One of These

  8. What am I? • CVN-76 • USS Ronald Reagan • Home • Weapons Platform • Target

  9. Core Truth • What am I trying to achieve? • What value do I have? • What do you want me to do? • Availability • Accuracy • Exclusivity

  10. Is Identity The Right Concept?

  11. The Key or The Lock? • Identity is one half of the equation • Remember “USS Ronald Reagan”Your identity is honestly not important • The matching of your identity is important • Why Match? To Demonstrate Authority.

  12. Traditional “Identity Management”

  13. Identity Management? • Passwords • User Names • RSA Key Generators • Fingers • Faces • Eyes

  14. Where Does My Identity Fit In?

  15. It Was Easier in Days Gone By • Make a big complicated lock • Put the lock on a strong box • Put the crown jewels in the box • Lock the box • Keep your keys safe • Watch the box

  16. It Not That Different Today • Make a big complicated lock Encrypted biometric verification • Put the lock on a strong box Secure databases – controlled access • Put the crown jewels in the box Understand what you wish to Secure Place them within the secure area • Lock the box Implement all your security measure • Keep your keys safe Manage your passwords / tokens / biometrics • Watch the box Audit/monitor/test/assess/update - iteratively

  17. The “Identity Landscape” • It’s just numbers • Replicate your finger • Replicate your data input • Replicate your data for comparison • Duplicate your identity • Change the authorised access • By-pass the identity check • Invent an identity.

  18. First Principle Targets • Identity management is the Key • The Asset being protected is the Goal • Take your eye off the Goal and…. The Other Team will Score Keep your eye on the ball • Asymmetry - The means are just as good as an end

  19. The Identity TargetsAttacking the Identity Management System • How is the identity created? • How is the identity stored? • How is the identity checked? • How is the identity-access control managed?

  20. Potential Future Issues & Identity Management

  21. HackingTheCloud

  22. Potential Future Issues & Identity Management • The Cloud & Social Networking – Information Systems Used by Digital Natives • New User Interfaces

  23. My Precious

  24. The TargetsBack to First Principles • Exploit trust in the system • Erode trust in the system • Where is the value? REMEMBER Availability Accuracy Exclusivity

  25. Nothing New Under the Sun“It’s only the scenery that changes” • Understand your requirements • Understand what you are trying to secure • People – Process – Technology • The enemy without – the enemy within • Complexity creates confusion • Strength breeds complacency.

  26. A Little “Heretical” Question Do you want easy access to important things? The easier the access for you The easier the access for them

  27. Thank You

  28. Was

  29. Is

  30. Some Landscape?

  31. Some Landscape? Verify Identity

  32. Some Landscape? Check Access Rights Verify Identity

More Related