interesting excerpt from http://www.schneier.com/crypto-gram-0608.html === Updating the Traditional Security Model
On the Firewall Wizards mailing list last year, Dave Piscitello made a fascinating observation. Commenting on the traditional four-step security model: Authentication (who are you) Authorization (what are you allowed to do) Availability (is the data accessible) Authenticity (is the data intact) Piscitello said: "This model is no longer sufficient because it does not include asserting the trustworthiness of the endpoint device from which a (remote) user will authenticate and subsequently access data. Network admission and endpoint control are needed to determine that the device is free of malware (esp. key loggers) before you even accept a keystroke from a user. So let's prepend 'admissibility' to your list, and come up with a 5-legged stool, or call it the Pentagon of Trust." He's 100% right. === ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
