|
Steve Jobs Hates Me
by Steve Shah |
|
Steve Jobs hates me. No, really. He personally goes out of his way to spite me. You doubt this? Well, I have proof.
First, he gave preference to the Macintosh instead of giving the Apple II the necessary upgrade to continue beating the PC (which it was totally doing). This led to the success of the PC and the untimely demise of the Apple II. Seriously. Look it up in Wikipedia.
Now he’s back to vex me again with tethering on the iPhone. Thanks a lot, Jobs.
With tethering, Jobs personally decided to add brings a whole new level of ease to mortals bringing laptops into the office that completely destroy any resemblance to network security. Because, as we all know, he personally writes all the code that goes into an iPhone and Mac. (Again, I’m serious. Look it up in Wikipedia.)
But I’m getting ahead of myself…
Laptops have always been the bane of system administrators everywhere. They are fragile, they go missing, and salespeople leave them on top of taxis. To add insult to injury, users drag countless viruses from home networks into the office, enable random strangers plug their laptops into the office network, and by being disconnected so often, are difficult to update with the latest patches, virus updates, etc. Really, laptops are a pain. I’ve started an Internet petition to ban them. Please sign it.
After one too many virus infestations, customers started asking networking vendors to get smarter about letting people onto the network. Network Access Control (NAC) and its various related technologies emerged that let network administrators validate that a user was indeed fully patched, updated, and who they said they were prior to allowing them onto the network. Guests would be relegated to non-critical networks where they would have limited access. A logical step.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The Need for Vulnerability Management
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
However, as laptops and netbooks gain Internet connectivity via mobile networks (e.g., 3G, WiMAX, etc.), administrators are forced to deal with a completely new class of threat: The dual-homed laptop. This laptop is, in essence, never secured. Access to the Internet (and the Internet’s access back) is direct and without the benefit of corporate firewalls, proxy servers, anti-virus, etc. No amount of network infrastructure can protect against this.
So for as quickly as the time for NAC came, is the time for NAC gone? Can a user remain on the inside of a corporate network and readily bypass security as needed?
An argument against NAC’s demise could be that it is possible for policies to be defined and enforced limiting access by machines with multiple network interfaces. The problem with this approach is that an increasing number of laptops ship with multiple network interfaces that have valid reasons to be up. Most frequently, a user can be connected to both wifi and LAN, depending on the network configuration.
An argument for NAC’s demise (or at least reduced value) is that the enterprise is destined to treat the entire “inside” the way they trust a DMZ: physical presence in the network adds to credibility, but presence alone isn’t enough. In this scenario, the fact that laptops may be dual-homed becomes moot. They are treated as if they are connected from an untrusted network at all times and their network activity is managed as such. This isn’t unlike early value propositions made by SSL-VPN vendors circa 2003 where they sought to show value of a lightweight client within the newly emerging wifi enterprise.
Some vendors are seeing this in a similar light. Security startup FireEye sells an anti-malware appliance that has all the makings of an IDS that treats the internal enterprise as untrusted. Their early traction in the marketplace suggests that some enterprise IT folks agree.
The move to a completely untrusted network can be a good thing overall. It forces a more granular approach to security that requires a holistic view that includes individual hosts and applications instead of just networks. With implied trust completely out of the picture, improving our security posture as a whole improves. A net positive no matter what spin we put on it.
Hopefully we’ll get some discussion around this before Steve Jobs feels ignored and comes out to vex me again. I fear that next time he’ll taunt me by replacing the Mac’s underpinnings with OS7. I heard rumors about this already. Seriously. Look it up in Wikipedia.
Tags: network access control, Steve Jobs, tethering
This entry was posted on Wednesday, August 12th, 2009 at 11:32 PM and is filed under Community Manager. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
|
| Our New Offices... Our offices recently underwent a redesign of its own. Here are some photos of our new digs.... How To Find Your Next Job Using Social Media I'm attending the next WebGuild Event on an interesting topic about yet another means for tapping into your social network: How To Find Your Next Job Using Social Media. The event is on Tuesday, August 17, 2010 from 6-9:00 PM... POLL: Treatment of Link Tips Versus Standard Links We've been working on better differentiating on our site standard hyperlinks from link tips which render a popup callout bubble. What's your vote? QUESTION 1: Option 1: Do you prefer the 'help' cursor onmouseover for link tips? Option 2: Or... |
|
| PayPal UK Launch Security Key - Guest Posting from PayPal I am happy to say they are using VeriSign Identity Protection to deliver this, which means that PayPal Customers will be able to use their token at other sites who join the VIP network. PayPal are the first UK members of the network, but there are around 30 other members in different countries around the world so you can expect to see more places where you can use your token in the UK appearing shortly. Facebook scam - Part 2 This just in from the BBC web site, Symantec have identified a virus that steals user names and passwords, nothing new there. But, if I understand this right, it is delivered through a Facebook invitation from someone you don't know and delivers malware which can then steal user names / passwords and also keylog credit card info. Survey finds passwords are not secure - well d'uh! I don't think the vendor community has been crying wolf about the problems that stronger authentication solves, more like highlighting that this problem is here and growing. Well the discussion I have had recently with many different organisations across many different industries are now resulting in more and more consumer projects in this area |
|
| Cloud Identity, Trust and the Liability Elephant. I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on... Greek Heroes, Facebook and Trust When Achilles was a baby, the oracle predicted that he would die in battle from an arrow. Thetis, Achilles' mother who did not want her son to die decided to dip Achilles' body into the water of a river that... PCI for the Cloud For most enterprise and security vendors, the cloud is fascinating both as a technology and a business disruptor. In fact, SAAS CEOs such as Successfactor, SalesForce and NetSuite are hot shots in Silicon Valley these days. Yet, most of us... |
|
