RSA 2010: Microsoft planning universal network access control

Microsoft believes there is a case for computers to be scanned before going online

The corporate vice president of Microsoft's Trustworthy Computing Group used his keynote at RSA 2010 to outline plans for universal network access controls.

Scott Charney said that there is a case to be made for computers being scanned before going online to make sure that no malware is present and that applications are patched properly.

A discussion is needed in the industry to decide the appropriate action to take to safeguard the internet, he said.

Steve Lipner, senior director of security engineering strategy at the Trustworthy Computing Group, told V3.co.uk that Microsoft had been " discussing internally how to get a chief security officer [CSO] for the consumer ".

"When I log-on to my Microsoft account via a virtual private network the machine gets scanned to ensure that it is up to date. For a consumer it just goes," he said. "A CSO function would protect consumers and the network."

Microsoft recognises that there are huge legal, social and e-commerce ramifications to such a scheme, which would have to be tested extensively at a large enterprise level before being rolled out.

Charney announced two steps along this path: the open sourcing of Microsoft's U-Prove cryptographic technology, and the launch of Forefront Identity Manager, which allows companies to set up access privileges for staff much more efficiently.

The U-Prove technology was purchased from Credentica in 2008, and allows key personal data to be transferred piecemeal to provide the absolute minimum exposure. A trial programme is being set up at Berlin's University of Technology to test the system's efficacy.

Sections of U-Prove are being released under Microsoft's Open Specification Promise, as well as via software development kits in C# and Java.

Forefront Identity Manager 2010 is an identity management system that allows companies to specify access controls for staff on an individual and departme ntal basis, and to link databases to ensure greater control of information access privileges.

"We have gone from two days to two seconds in changing forgotten passwords using the software," Cameron Casgrove, vice president of infrastructure at First American Title Insurance Company, told V3.co.uk.

"That has saved us the cost of one member of staff. We also managed to reconfigure email support services and synchronise with the human resources database, and that has probably saved another member of staff."