10 building blocks for securing the Internet today

With the right leadership, we could apply an array of today's protocols, specs, and technologies to make the Internet safer for everyone

Page 2 of 3

Domain Name System Security Extensions (DNSSEC)
After a decade of waiting, the IETF's (Internet Engineering Task Force) DNSSEC suite of specifications is finally starting to roll out, at least at the top-level domains. The lower-level domains and private DNS infrastructures will follow. DNSSEC offers answer integrity upon which participating clients can rely. DNS is involved in almost every Internet scenario. If attackers are able to maliciously manipulate DNS, securing all reliant protocols becomes a lot more difficult. Fortunately, DNSSEC implementation is moving forward with or without the rest of the necessary parts joining in.

Security Assertion Markup Language (SAML)
SAML is an XML-based protocol used to exchange security information between security domains. It is used by most of the protocols I cover below, including OpenID and oAuth, as well as multifactor authentication, all of which are becoming more common on the Internet.

OpenID provides a decentralized method of sharing one or more Web identities across multiple websites. Each OpenID is effectively an authentication information card for an individual user. OpenID cards are stored locally on each security principal's local device; users are free to make one or more cards (for general or specific use).

Participating websites can choose to accept OpenID cards. Many of the very popular proprietary shared Web identities (such as Microsoft Live ID) have made themselves OpenID compatible.

The benefit of OpenID is that it allows users to completely control their digital identities. However, individual cards probably don't scale well enough to make the Internet a thoroughly single sign-on environment.

Open Authorization (oAuth)
oAuth is a cross-boundary security authentication protocol that aims to fill in the more enterprise-class gaps that OpenID cannot cover. An evolving specification, oAuth is geared toward allowing security principals to seamlessly share content and services across security boundaries. It has strong support from many popular sites and services, including Twitter. It's also starting to earn its share of critics who argue that the proposed version is less secure than the previous edition.

Multifactor authentication
Smart cards, biometrics, and other multifactor authentication services are starting to gain acceptance across the Internet -- and not just for internal LANs. Google, Hotmail, and plenty of other services support out-of-band, one-time-password authentication strings sent to mobile devices. It's become uncommon to see a major bank website that only relies on user name and password. All of this makes the Internet a safer place to compute.

Web Services Security protocols
WS-Security protocols are a necessary next step to multifactor authentication. They provide a way to create reusable credentials with varying levels of assurance and trust that can be implemented across a wide range of websites and services, each with differing security needs.

| 1 2 3 Page 2
New! Download the State of Cybercrime 2017 report