Before we get into any kind of discussion about security, however, I believe we must
address the idea of standards and how standards affect what we do in not only
security, but in everything else we do in our lives.
While standards are the backbone of why the Internet functions as well as it does, they are not new. Standards surround us in our everyday lives. They govern how we drive an automobile; why we can purchase an appliance from any manufacturer, take it home, plug it in and it will work; route our telephone calls; and govern our day because the day is standardized as 24 hours, with 60 minutes in every hour and 60 seconds in every minute. Without standards our very existence would be called into question because Mother Nature invokes standards in the world in which we exist.
Standards, as applied to the telecommunications industry, have made it possible for
long-distance telephone calls to be automatically routed and connected in less
than a second in most cases. Prior to network automation and standards, simply placing a long-distance call could take hours. Have a listen to this audio
as Sgt Friday places a long distance telephone call in 1949. The entire process takes several minutes to complete. Today we can direct dial the same call and, as soon as we press the DIAL key on our cell phone, or take our finger off the last digit on our Touch Tone© keypad on our phone, the called number begins to ring.
Instead of having to call a long-distance operator, wait for an available trunk, and have the long-distance operator route the call through several other operators, one in each of the several cities through which the call will travel, automated digital equipment, following rules of standardization, developed by the telecommunications industry, takes the data entered via our telephone keypad and does all of the work once done by several people – in less than 1/10,000th of the time previously required. Standardization and automation have both cut the amount of time required to complete a telephone call as well as the cost of processing the call. This has led to lower telephone rates, more calls being completed, higher profits for the
telephone companies, and better overall service for the consumer.
In technology, many of the standards we abide by were established by the Internet Engineering Task Force [IETF]. Membership in the IETF, which was initially established by a group of 21 US government funded researchers, on 16 January, 1986, is open to anyone who wants to participate. While most participants in the IETF are engineers with knowledge of networking protocols and software,many of them know a lot about networking hardware too.
By gathering the collective input of those who work in the Internet as a vocation, the IETF can establish standards and practices which will help to ensure that the Internet will always be available to anyone who wants to use it.
Those standards developed by the IETF govern every aspect of the Internet as we know it.
The key to all of the IEFT working groups, however, the one group which must, by the very nature of the IETF, interact with every other working group, at every level, is the WEB SECURITY working group. The Web Security working group is the home for working groups focused on security protocols. They provide one or more of the security services: integrity, authentication, non-repudiation, confidentiality, and access control. Since many of the security mechanisms needed to provide these security services employ cryptography, key management is also vital.
Ivolvement of the participants of the IETF Security Area focuses upon practical application of Security Area protocols and technologies to the protocols of other Areas.
Within the Web Security are of the IEFT, there are severalactive sub-groups, including:
- Application Bridging for Federated Access Beyond web
- DNS-based Authentication of Named Entities
- EAP Method Update
- Handover Keying
- IP Security Maintenance and Extensions
- Javascript Object Signing and Encryption
- Common Authentication Technology Next Generation
- Kerberos
- Managed Incident Lightweight Exchange
- Network Endpoint Assessment
- Web Authorization Protocol
- Public-Key Infrastructure (X.509)
- Transport Layer Security
Without both the security standards currently in use, and those being developed by the IEFT, we have nothing to base our network on, and open ourselves to the mercy of those who will, at whatever cost, breach those networks to both steal and/or corrupt the data in those networks.
As we move forward in the overhaul of healthcare, the development of new services and technologies, and attempt to maintain some semblance of integrity in both our lives and our networks these standards, although they may be inconvenient at times, serve a valid purpose in protecting our Internet, our communications, and, in many cases, our lives.
I look forward to hearing your thoughts regarding the issues surrounding both standards and security as we move forward together in this blog.
Copyright © 2012, Bruce Barnes, ChicagoNetTech Inc, All Rights Reserved
No comments:
Post a Comment
Please keep all comments on topic and respect the poster of the original message.
Messages which attack a poster, contain profain language, are off topic, or are otherwise defamatory will be deleted from the blog.