Early look at Microsoft NAP

31 Jul , 2006  

This year both Interop and RSA were dominated by information, buzz and spin about NAC. It looks like the New York Interop in September will be no different. Brian Chee at Information Week is reporting that Interop’s iLabs will be focusing on NAC. Of interest to many will be an early look at Microsoft’s NAP. We’ll have to keep tabs about what will be shown as we get closer to the show.


Information Week weighs in on OSS

31 Jul , 2006  

Information Week helped keep the commercialization of open source software debate move into this week with their article questioning the viability of an OSS router. Interesting their claim that organizations shy away from using open source technology in mission critical applications. (Can anyone say Linux, RedHat, Apache, MySQL, Postgres, etc., to name a few?) I would venture to guess that a good percentage of the security appliances in the network are running some of the OSS listed above.

Just like we talk about Web 2.0 as the next generation of apps and use of the web, maybe its time to think in terms of Open Source 2.0. Many companies are proving viable business models based in part or fully on underlying open source technology, both generally available and internally developed OSS. Information Week does hit square on the important issues of support and reliability, which are a key for any user or provider of open source to solve.


See you at Black Hat!

31 Jul , 2006  

In case I haven’t mentioned to you individually, I’ll be at Black Hat this week on Tuesday afternoon and Wednesday. If you would like to meet up I’ll be at the mixer Alan Shimel and Mike Rothman are putting together. Hope to meet up with you there and feel free to drop me a line to get together.


What’s next for UTMs

29 Jul , 2006  

One of the security bloggers I like to follow is Mike Rothman at SecurityIncite. Mike recently blogged about a article he wrote on UTM, Unified Threat Management. (The unedited version is on Mike’s blog.)

UTM is interesting because it demonstrates how integration is having an impact in the security industry. Security samurais (a.k.a. security admins) have been building UTMs themselves for years, largely using open source components such as a Linux iptables firewall, Snort, ClamAV, etc to construct a perimeter security device.

Now you can purchase a small UTM appliance from just about any of your favorite security vendors. While they are definitely less overhead to maintain, you can lose some functionality and most certainly lose visibility and control of what’s happening under the hood – not something every samurai is willing to accept. Some argue that appliance UTMs are for the set-and-forget crowd but I don’t think that’s always the case. Many utilize the full capabilities of their UTMs.

One of the knocks against UTMs is that they require a forklift upgrade (albeit a small forklift 🙂 ) as the network size, scale and functionality requirements increase. Here’s one of the areas where OTS hardware + Linux UMTs have a great deal more flexibility.
That said, I believe there are still a lot of legs left in the UTM market; more integration between features, easier scalability and more control of the underlying technology are all important needs as UTMs not only proliferate but also are integrated into the management systems and threat response processes of organizations.

[Side note: I’ve really developed a great deal of respect and admiration for the job that so many fellow security engineers/admins/researchers do, having worked with and had many as customers. Security samurai is my show of respect and thanks for the great work so many of them do. And thanks to my friend and security samurai colleague, John Curry, who I borrowed the term from.]


The market for open source routers

28 Jul , 2006  

This week I’ve been following the Vyatta announcement of their Open Flexible Router, based on the xorp open source software (OSS) IP router. Three things stand out as most interesting about this announcement; the proclamation of an OSS router taking on Cisco, where the market perceives an OSS router is targeted, is an OSS router enough?

Several slashdoters commented but i think Thomas Ptacek at Matasano hits the sentiment pretty clearly. It’s niave to think that an OSS router will bring serious challenge to the core of the network – that’s certainly not going to be it’s entrypoint. If that was the case then xorp, zerba, etc, would have already have done this.

Frankly, an adoption model more closely to other OSS like snort, nessus and mySQL are more likely. Early adopters bringing in OSS “under the wire” because it’s free, and it can be implemented in a limited enough way that few others have to get involved. This would be much more likely to happen at SMBs or at remote sites in somewhat larger networks. Could an OSS router replace OTS network provider equipment? In some situations, sure, as the technology matures. Certainly the cost curve of OTS x86 hardware makes it attractive. I think one of the most important poin to consider here though is where is this technology given it’s maturity most likely to be a fit. Starting at the core is folly. An OSS router is certainly interesting but it’s more than just about routing.


Who will adopt MS NAP?

27 Jul , 2006  

There’s a very interesting social dynamic in the NAC market; who in the organization buys NAC solutions? My experience has been that while the security staff may bring in the vendors its actually the network organization that has the real say. Network has the budget. Network has to implement, and NAC has to go into the infrastructure managed by the network team.

So why the question about the adoption of MS NAP (Microsoft’s solution to NAC)? Another social dynamic is that there is traditionally a great divide between Windows admins and network engineers. The same kind of riff that fuels the Windows and Linux debate (but Windows/Linux is bigger and gets more press.) So my question is where will MS NAP really be successful? Who will likely adopt it first?

It may be counter to popular thinking but I believe NAP’s first inroads (and possibly most successful) could be in the SMB market. Why? In those markets the Windows admins usually are also the network admins. They run the network as well as the Windows infrastructure. There’s no barrier to cross. (One of the reasons Cisco’s CSA/Okeana didn’t light up and win the NAC marketplace for example.) Since NAP is all about using more Microsoft products who better to adopt and roll out NAP than SMBs. SMBs are much more likely to be an all Windows shop. NAP isn’t as likely to butt up against non-Windows access control, VPN, RADIUS or other elements that a network engineer would implement over a Microsoft solution. Of course there are many SMB shops that run Microsoft but use Linux for many network services (DNS, DHCP, firewall, etc.) too.

Will MS NAP break into the enterprise market? Sure, but how much is the question will a heterogeneous infrastructure make NAP difficult to adopt? Microsoft’s software is converging with elements of the network infrastructure and like water it will follow the path of least resistance.


How many firewalls do I need?

27 Jul , 2006  

We all agree that layered security is a good thing. It can be taken too far, sometimes without our knowing it. Take personal firewalls on our desktops and laptops. Various retail security suites from Symantec, McAfee and others offer personal firewalls. Of course Windows XP has embedded within it a more basic personal firewall for some time now and is beefing it up some (controling outbound traffic eminating from the PC) in the upcoming Vista release.

Now anti-virus programs have firewall functions and firewalls have anti-virus capabilities as noted by an understandably confused post on CNET. Shouldn’t one personal firewall be enough?

Computer running slow? You might start checking out what’s really running.



20 Jul , 2006  

Welcome to theConvergingNetwork, the new blog and podcast focused on the convergence of networking and security. Why discuss this topic? The disciplines are blending. The lines of networking and security have certainly begun to blur over the past several years. And it’s increasing at a rapid pace.

Cisco, Juniper, Extreme, HP and many others are frequently making alliances wth or are picking up security companies to add value to their infrastructure products. Microsoft’s security software product offerings and NAP software architecture have a very strong emphasis on improved network security. Nokia and Check Point demonstrated many years ago that delivering a popular firewall on general purpose computing hardware with a BSD operating system opened the addressable firewall market to telco’s, data networking companies and IT organizations. The proliferation of network “appliances” delivered on general purpose hardware have skyrocketed and are commonplace today.

Network security has moved from the perimeter to the interior of the network. Upstart switch manufactures such s Consentry now integrate security processing directly within the switch and mainstream network providers are moving in similar directions. UTM (unified threat management) devices are combo boxes containing multiple security software systems packaged onto an appliance. Even BOBs (branch office boxes) represent a new generation of networking gear for small or remote offices that combine networking and security applications onto a single low-cost appliance.

All of this is changing not only the market dynamics but also how networking and IT organizations select, purchase and implement converged solutions. NAC is a security solution but is it a purchase made by the security organization, network organization, or Microsoft/Linux admin group? It certainly crosses many disciplines and organizational boundaries.

I hope you will join me for some commentary, thought provoking questions, interesting analysis and ideas on the subject of network convergence. I’ll also be asking other industry experts to weigh in with their thoughts and opinions on the subject. And please feel to join in with your thoughts and ideas.