“identity management” the threat afcea technet europe 2009 symposium and exposition 5 june 2009...
TRANSCRIPT
![Page 1: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/1.jpg)
![Page 2: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/2.jpg)
“Identity Management”The Threat
AFCEA TechNet Europe 2009
Symposium and Exposition
5 June 2009
Colin Rose - Quarter Past Five Limited
![Page 3: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/3.jpg)
Let me introduce myself
• Colin Rose• Presenter• Guest / Customer / Foreigner / Visitor• Director / Shareholder / Employee• Son / Brother / Friend• Trainer / Trainee• Mechanic / Gardner / Decorator /
Plumber……• Was / Is – ME!
![Page 4: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/4.jpg)
“Identity Management”The Threat
AFCEA TechNet Europe 2009
Symposium and Exposition
5 June 2009
![Page 5: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/5.jpg)
Some Themes
• More questions than answers• Core truths• Identity crisis
Is “identity” the right word?• Where “identity” fits.
![Page 6: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/6.jpg)
What is “The Threat”?
• The same as ever• In any system involving people• Look to ourselves• Presumptions / assumptions• Complacency
![Page 7: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/7.jpg)
What am I?
• CVN-76CVN-76• USS Ronald ReaganUSS Ronald Reagan• HomeHome• Weapons PlatformWeapons Platform
![Page 8: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/8.jpg)
If You Drive One of These
![Page 9: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/9.jpg)
What am I?
• CVN-76CVN-76• USS Ronald ReaganUSS Ronald Reagan• HomeHome• Weapons PlatformWeapons Platform
• TargetTarget
![Page 10: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/10.jpg)
Core Truth
• What am I trying to achieve?• What value do I have?• What do you want me to do?
• Availability
• Accuracy• Exclusivity
![Page 11: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/11.jpg)
Is Identity The Right Concept?
![Page 12: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/12.jpg)
The Key or The Lock?
• Identity is one half of the equation• Remember “USS Ronald Reagan”
Your identity is honestly not important• The matching of your identity is
important• Why Match?
To Demonstrate Authority.
![Page 13: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/13.jpg)
Traditional “Identity Management”
![Page 14: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/14.jpg)
Identity Management?
• Passwords• User Names• RSA Key Generators• Fingers• Faces• Eyes
![Page 15: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/15.jpg)
Where Does My Identity Fit In?
![Page 16: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/16.jpg)
It Was Easier in Days Gone By
• Make a big complicated lock• Put the lock on a strong box• Put the crown jewels in the box• Lock the box• Keep your keys safe• Watch the box
![Page 17: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/17.jpg)
It Not That Different Today• Make a big complicated lock
Encrypted biometric verification• Put the lock on a strong box
Secure databases – controlled access• Put the crown jewels in the box
Understand what you wish to SecurePlace them within the secure area
• Lock the boxImplement all your security measure
• Keep your keys safeManage your passwords / tokens /
biometrics• Watch the box
Audit/monitor/test/assess/update - iteratively
![Page 18: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/18.jpg)
The “Identity Landscape”
• It’s just numbers• Replicate your finger• Replicate your data input• Replicate your data for comparison• Duplicate your identity• Change the authorised access• By-pass the identity check• Invent an identity.
![Page 19: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/19.jpg)
First Principle Targets
• Identity management is the Key• The Asset being protected is the Goal• Take your eye off the Goal and….
The Other Team will Score
• Asymmetry - The means are just as good as an end
Keep your eye on the ball
![Page 20: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/20.jpg)
The Identity TargetsAttacking the Identity Management
System
• How is the identity created?• How is the identity stored?• How is the identity checked?• How is the identity-access control
managed?
![Page 21: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/21.jpg)
Potential Future Issues & Identity Management
![Page 22: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/22.jpg)
Hacking
The
Cloud
![Page 23: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/23.jpg)
Potential Future Issues & Identity Management
• The Cloud & Social Networking – Information Systems Used by Digital Natives
• New User Interfaces
![Page 24: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/24.jpg)
My Precious
![Page 25: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/25.jpg)
The TargetsBack to First Principles
• Exploit trust in the system• Erode trust in the system• Where is the value?
REMEMBER
Exclusivity
AvailabilityAccuracy
![Page 26: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/26.jpg)
Nothing New Under the Sun“It’s only the scenery that changes”
• Understand your requirements• Understand what you are trying to
secure• People – Process – Technology• The enemy without – the enemy within• Complexity creates confusion• Strength breeds complacency.
![Page 27: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/27.jpg)
A Little “Heretical” Question
Do you want easy access to important things?
The easier the access for you
The easier the access for them
![Page 28: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/28.jpg)
Thank You
![Page 29: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/29.jpg)
![Page 30: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/30.jpg)
Was
![Page 31: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/31.jpg)
Is
![Page 32: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/32.jpg)
Some Landscape?
![Page 33: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/33.jpg)
Some Landscape?
Verify Identity
![Page 34: “Identity Management” The Threat AFCEA TechNet Europe 2009 Symposium and Exposition 5 June 2009 Colin Rose - Quarter Past Five Limited](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649efb5503460f94c0d8ad/html5/thumbnails/34.jpg)
Some Landscape?
Verify Identity
Check Access Rights