Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna.

Remember the paper that discussed how Bluetooth radios in cell phones can be used to track their owners? The problem with TPMS is incomparably bigger, because the lifespan of a typical cell phone is around 2 years and you can turn the Bluetooth radio off in most of them. On the contrary, TPMS cannot be turned off. It comes with a built-in battery that lasts 7 to 10 years, and the battery-less TPMS sensors are ready to hit the market in 2010. It does not matter how long you own the vehicle ­ transportation authorities keep up-to-date information about vehicle ownership.

Like anyone else there are some days where I just ask myself what am I doing.  Daily frustrations, the world not moving at my speed, my atrocious spelling and grammar mistakes all serve to have me ask myself if there is not a better way. However, there are other moments when I positively love what I do.  I think the key is making sure those moments outweigh the times you just feel like packing it in.  If not, it is probably time to pack it in.

Anyway, where was I? Oh yeah, one of the cool things I like about my job is talking to the various analysts and talking shop about the industry.  You know the kind of chit-chat, did you hear about this one or that?  I enjoy the give and take and have made some great friends over the years with the analysts I meet. Today I had the chance to speak with Derek Brink over at the Aberdeen Group, who are conducting research on how companies enhance their enterprise security based on the principles of trusted computing and the use of Trusted Platform Modules (TPMs). If you’re interested in this topic and want to contribute to the research by taking the survey (here is the link: http://www.aberdeen.com/survey/tctpm), you’ll be able to see how your experiences in this area compare with those of your peers, benchmark your performance, and see how you can achieve “Best-in-Class” results.End-user participation is a vital part of their research process, and serves as the foundation of Aberdeen’s reports. They’ll even provide you with complimentary access to the final benchmark report when it publishes at the end of February.

Derek is a very nice guy and very interested in what is happening with the NAC and 802.1x market.  If you want to help shape policy and public opinion this survey is a great way to do it.  I am going to try and get together with Derek in person.  In the meantime speaking to him today was enough to remind me why I love what I do!

There’s little doubt that virtualization is an important and disruptive technology that will, in a relatively short period, change the face of the data center. Because virtualization is so disruptive, it also will clearly change the rules for how enterprises secure their data and their computing infrastructure. And, while we don’t believe that virtualization should remain off limits until a security strategy is fully nailed down, smart organizations will develop security and management strategies as they develop deployment plans for virtualization.

ETTING SECURE
Help will probably come in two forms. First, it’s likely that as virtualization becomes more mainstream, hardware vendors will design end-user systems from the ground up to provide administrator-controlled VM partitions and hypervisor layers, making it harder for malware to enter systems.

A better fix uses the Trusted Platform Module found in most new x86 based systems. Using the TPM, software authenticity can be tested and inter-VM traffic can more easily be encrypted. Using the TPM’s ability to sign software makes it easier to determine that a system image has been altered and that it should be assumed to be compromised. Since the TPM is designed to be a tamper-proof hardware approach to encryption and software signing, it should help substantially in validating that software of all stripes hasn’t been corrupted by malware or by other means.The other substantive threat is a byproduct of how multiple virtual machines communicate with each other on the same system; that, along with the ability to move running VMs from machine to machine, renders most network-based security products much less effective.

One of the first production uses for x86 virtualization has been server consolidation. The idea is that a single powerful server running a number of VMs can replace potentially dozens of older, lightly loaded individual servers. With so many VMs running on a system, the amount of communication between them can be significant. For intraserver communication between VMs, all virtualization products create a virtual switch, which is then shared by all VMs on the server. External network security tools from firewalls to intrusion detection and prevention systems to anomalous behavior detectors are all, by definition, blind to network traffic that never leaves the physical server.One approach to securing multiple VMs on a single server is to ensure that all the VMs are running similar operating systems and that each has been properly patched. The notion is that if all systems running on a given server are similarly secure, their communications will be, too. Security products like host-based firewalls should be in place to provide what security they can.

A better solution is to use tools that are specifically intended to improve the security of virtualized environments.

Virtual appliances are, as the name suggests, VMs with a minimized and hardened operating system that’s been configured to precisely meet the needs of the appliance’s one application. The idea is to minimize or eliminate any operating system configuration work on the part of the end user, permitting rapid and consistent deployment with relatively little expertise required from the installer. Applications for virtual appliances range from grid computing to SaaS to security.

Though a virtual appliance can be created for any virtualization environment, VMware is ahead of the field and has created a marketplace along with a try-before-you-buy Web site. More than 100 security-related virtual appliances are listed on the site. Only a fraction of those are from commercial vendors. The rest are applications created by internal groups or open source collaborations.Among the vendors listed are Astaro, with a unified threat management appliance; Blue Lane, with a virtual patching appliance; Catbird, with a security agent; and Reflex, with an intrusion prevention appliance. As this group indicates, virtual appliances, much as their physical-world kin do for the legacy data center, can fill many of the security gaps created by a virtualized environment.

Also In This Report

>> Chipset futures: We look at the latest offerings from Intel and AMD and analyze how their architectures affect security

>> From the experts: Insights from Intel’s Steve Grobman, Citrix’s Simon Crosby, and VMware’s Mendel Rosenblum

Get the full-length report at businessinnovation.cmp.com/
governance

While the tools to create a secure virtualized environment are now showing up, it would be a mistake to think that virtualization security is just about buying a different set of security tools. Greg Shipley, CTO of security research company Neohapsis, offers this advice: “Take a hard look at what threats you actually think you’re facing, and what tools or techniques (which might not involve a technology purchase!) are out there to help mitigate them.” Shipley maintains a healthy skepticism of security software vendors. He “can’t help but wonder if some of the vendors out there are simply looking at all the virtualization going on and saying, ‘Hey, how do I sell security to all these VMware shops?’ I think part of the burden on us users/consumers of the technology is to discuss what the true threat vectors are and then look to at tools.” Virtualization will change the face of computing from the desktop to the data center. Getting security right requires reassessing the approach to and goals for security. Platform and network security, which have been the mainstay of most security efforts to date, will give way to securing data and restricting its use to only those who are, by policy, allowed to use it.

Source

]]>