Security Whitepapers:

Building a Secure Platform for Trustworthy Computing : Success for an individual, a business, or a government agency, increasingly depends upon the ability to securely communicate around the world in real time. Both the advent of widespread connectivity via the Internet and an array of ubiquitous and powerful devices have changed the face of computing and communications. With the vast benefits of increased connectivity, however, a host of new risks has emerged, risks on a scale which few in the industry anticipated, including Microsoft. To address the need for heightened security in our increasingly connected world, Microsoft has elevated security to the top priority for the company. In the same way that it invested in initiatives such as the graphical user interface (GUI), scalability, and Internet integration, Microsoft is committed to delivering the secure platform our customers require. This paper discusses plans already underway for building a secure platform for Trustworthy Computing, the results and progress Microsoft has made to date, and offers a collection of the resources available to customers today.

Mobile Security: Security is a common concern for enterprises deploying mobile devices and applications, and rightfully so. With
proprietary information being delivered to increasing numbers of mobile workers engaged in activities beyond the
physically secure perimeter of a corporate campus, greater potential exists for unauthorized access and use of
proprietary information. Critical to maintaining end-to-end security is managing authentication, authorization and encryption from the mobile
device, over the transport medium, into the corporate datacenter. Using proven and widely adopted Virtual Private
Network (VPN) technology, AvantGo software enables mobile access to information with the same degree of security
as that provided by a local area network (LAN).

Analysis of the SSL 3.0 protocol: The SSL protocol is intended to provide a practical, application-layer, widely applicable connection oriented
mechanism for Internet client/server communications security. This note gives a detailed technical analysis of the cryptographic strength of
the SSL 3.0 protocol. A number of minor flaws in the protocol and several new active attacks on SSL are presented; however, these can be easily corrected without overhauling the basic structure of the protocol. We conclude that, while there are still a few technical wrinkles to iron out, on the whole SSL 3.0 is a valuable contribution towards practical communications security.

Digital Certificates: What are they? Digital certificates are electronic files that are used to uniquely identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties.

Pocket PC Security: Mobile devices like Microsoft® Pocket PC are changing the way we work in the 21st century. More and more businesses are extending corporate information out to where it is most needed – with the customer, on the road, or at the depot. In this way, companies which embrace mobile information to empower their workforce can gain huge competitive advantages, either through better customer service or through reduced administrative and business process costs. However, whilst extending this information can open up new avenues for the enterprise, IT managers must also be aware that mobile working brings certain new security risks.

Beyond SSL: Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not to trust a server based on browser cues such as location bar information, SSL icons, SSL warnings, certificate information, and response time. In their seminal work on Web spoofing, Felten et al showed how, in 1996, a malicious server could forge some of these cues. However, this work used genuine SSL sessions, and Web technology has evolved much since 1996.

Copyright SecuredShopper.com 2002 - All Rights Reserved