Research how quantum computing is being used in both enhancing cryptography, and weakening existing cryptography standards, and discuss these with the class. Based on your research, how do you think quantum computing will change the IT security field, and how long do think until we begin seeing these changes? A lot of this is very theoretical at this time, but how much longer until we will need a lot more than just one paragraph in this text that discusses quantum computing?
Research Kerckhoffs’ Principal, and read the segment in the text titled “Never Trust Proprietary Algorithms”. I think we can all agree that having open protocols is considered critical in cryptography. But what about other areas of IT? Should we also demand open protocols in other areas of IT? How might the use of proprietary versus open protocols affect IT security in other areas?
One of the techniques for mitigating risk of application vulnerabilities is restricting what types of applications can be executed on your network. Windows Active Directory includes tools in group policy that can restrict application use. You can “white list” applications, meaning only applications you approve can be used, or you can blacklist applications, meaning any application can be used, except those you disallow. There is another option, where you restrict applications based on whether the application has a trusted signature (more of certificates and trust later…)
Which of these methods do you think is most appropriate? In your discussions, stay cognizant of the C-I-A triad in IT security… Frequently, we forget how important availability can be, and in our efforts to protect our networks, we may disallow needed applications. Discuss this balance in different kinds of organizations, and where these techniques might be appropriate.
Linux or Windows? Seems like nothing starts a war in the IT department like this topic… but which is better? Which is more secure? These two operating systems are very different, and regardless of your preference, you will need to handle both in any sizable IT infrastructure. For this discussion, chose a service, and tell us which OS you would prefer, why you think it might be better both in technology and security. Be sure to provide some evidence for your choice, and highlight the differences between these two operating systems and their utilities. Also, if you disagree with someone else’s assessment, rather posting your own service/OS, propose an alternative along with evidence as to why you would make that choice.
And – depending on how serious you are about Windows / Linux… keep the conversation civil 🙂
This week we looked at Single Sign-On, and standards that can allow authentication even outside the organizational boundaries. We also familiarized ourselves with these technologies in our case study review. In this week’s discussion, let’s continue the conversation… are there any security concerns with using authentication services outside our organizational boundaries? When would the benefits outweigh the risks? How can we mitigate risks?
This week, let’s keep the discussion informal; we can get to know one another, and get acclimated to using the discussion forum for this course. Post a short bio about yourself, and your experience as it relates to this course and program.