During his keynote speech at RSA Conference 2011, Microsoft's corporate VP for trustworthy computing Scott Charney called for a more cooperative approach to securing computer endpoints. The proposal is a natural maturation of Microsoft's (my full-time employer) End-to-End Trust initiative to make the Internet significantly safer as a whole. It closely follows the plans I've been recommending for years; I've even written a whitepaper on the subject.
The most important point of this argument is that we could, today, make the Internet a much safer place to compute. All the open-standard protocols required to significantly decrease malicious attackers and malware already exist. What's missing is the leadership and involvement from the politicians, organizations, and tech experts necessary to turn the vision into a reality.
[ Looking for more security tips? Start with the basics in Roger Grimes's guide to the seven types of malicious hackers. | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Several protocols already in existence could serve as a foundation for a more secure Internet, which I'll discuss in greater detail. They include:
- Trusted Platform Module (TPM)
- IP version 6 (IPv6)
- Domain Name System Security Extensions (DNSSEC)
- Security Assertion Markup Language (SAML)
- Open Authorization (oAuth)
- Multifactor authentication
- WS-Security protocols
- Interface for Metadata Access Points (IF-MAP)
- Application-level security
Trusted Platform Module (TPM)
For the Internet to be safer, all computing devices connecting to it need to be equipped with some kind of chip that ensures they are trustworthy prior to and throughout the boot process. The Trusted Computing Group's TPM, an open-standard physical chip, does just that and is already available in most enterprise-class PCs. A similar technology needs to make its way onto mobile devices, routers, switches, and all other computer hardware.
IP version 6 (IPv6)
IPv6 is quickly becoming the replacement standard for the less-secure IPv4 for routing packets via the Internet throughout the world. The standard is available on every popular operating system. It's turned on by default in every version of Windows since Vista and Server 2008. Unfortunately, only a few countries have widely adopted it, although that number is growing.
In a related vein, the Internet's backbone Border Gateway Protocol (BGP) needs security improvement, but the core enhancements and pieces are ready to deploy.