Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Desktop virtualization cheat sheet
•	IBM cat brain simulation dismissed as 'hoax' by rival scientist
•	Microsoft issues security advisory on IE exploit, patch in works
•	Cisco pedigree wins over VCs
•	Google Chrome: Redefining end user computing
•	De-Worm Your iPhone
•	Microsoft begins paving path for IT, cloud integration
•	Ciena will pay $769M for Nortel's metro Ethernet business
•	Malware enlists jailbroken iPhones for botnet
•	Check Point tackles Web 2.0 apps and social-site widget control
•	Cisco's free iPhone app grabs security feeds
•	New attack fells Internet Explorer
•	Global warming research exposed after hack
•	The broadband gap: Is FCC grabbing for the wrong tool?
•	IBM smartphone software translates 11 languages
•	More breaking news

NOSes /

The dark side of MyServices, Part 1

Sign up to receive this and other networking newsletters in your inbox.

By Dave Kearns
Network World Windows Networking Newsletter, 02/06/02

Last time, we started looking at the upcoming .Net MyServices technology offering from Microsoft with a peek into its mechanisms. Today, we'll see why this user-centric technology is important for you, the network manager, to understand.

There are two reasons you need to take an interest - security and money.

Security first. Even though Bill Gates' famous memo from last month calls for all of Microsoft to put security at a higher priority than new functionality, we'll need to keep a very close eye on MyServices, which has a number of areas that could cause security problems. The Passport service, which lies at the heart of MyServices as its authentication mechanism, has already been compromised at least once, and it could happen again. The messages exchanged by .Net servers and MyServices clients use well-documented protocols, such as XML and Simple Object Access Protocol (SOAP), which can be compromised if not properly implemented.

There is also the problem of criminal servers. Nothing but good sense prevents users from being enticed to share information (such as credit card numbers) with servers set up by criminals in a massive, worldwide con game. While you can't do much to protect your users when they're at home (except, possibly, to warn them), you can take actions on your network to block access to these rogue sites and the incoming messages they use to entice your users.

Today's firewalls and antispam agents can be easily adapted to this use. The exact details won't be available until we know more about the structure of MyServices, but we'll keep you informed.

Next issue: The money angle.

RELATED LINKS

Microsoft introduction to .Net MyServices

Hole found in Microsoft's Passport wallet
IDG News Service, 11/05/01

Dave Kearns is a writer and consultant in Silicon Valley. His most recent book is "Peter Norton's Complete Guide to Networks" published by SAMS. Dave's company, Virtual Quill, provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more at Virtual Quill or by e-mail at info@vquill.com

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

Click Here

alt text

Click Here

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.