« Is there an open source router in your future? | Main | Friends (and competitors) who blog »

July 28, 2006

Does this take a genius?

Bhusa06masthead_1 Was reading an article by Ellen Messmer and Tim Greene over in NetworkWorld today on Black Hat buzz.  I am interested to see some of the security issues around Vista they talk about, especially the rootkit from COSEINC and Joanna Rutkowska.  It is called Blue Pill and seems like a particularly nasty one.  Perhaps not something you would patch to fix, but goes to Vista's architecture.  I think it is a very smart move by Microsoft to encourage this sort of thing by sponsoring and being visible at Black Hat.  Lets find out about the holes, before Vista is released while we can do something about it. This seems like a refreshingly different approach by the folks in Redmond and I commend them.

Another presentation that I am looking forward to, for a different reason though, is the one by Ofir Arkin of Insightix. I wrote about this one back in early July.  These are the guys who are going to show how it is possible to evade every NAC solution, except theirs of course.  This is one where I think the folks at Black Hat were duped.  Does Ofir think he has discovered something by showing how NAC solutions that rely on DHCP can be evaded by static IPs?  Every customer we speak to about DHCP enforcement brings up this same issue. No rocket science here folks. This is why we don't think DHCP is the optimum way to deploy a NAC solution.  But in the absence of other enforcement technologies like 802.1x, it is the best of the rest.  I still think it more secure than the SNMP based stuff.

Bigger picture, in security it is always about choices and risk.  If you don't feel your risk is high enough to warrant upgrading your network to a more secure way of doing NAC, you make do with DHCP.  I think for every security technology out there, there is a way for a determined hacker to evade it.  That is exactly why a defense-in-depth is the way to go.  Not that it is impossible to get through, but the time and effort involved in doing so, will outweigh the gain.  Specifically with NAC, I think most people want it to make sure they are enforcing access policies against managed and unmanaged devices, not necessarily to be the uber-hacker stopper.  It is more the inadvertent polluter that NAC is going to stop. 

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d834297f9d53ef

Listed below are links to weblogs that reference Does this take a genius?:

» See you at Black Hat! from TheConvergingNetwork
In case I haven't mentioned to you individually, I'll be at Black Hat this week on Tuesday afternoon and Wednesday. If you would like to meet up I'll be at the mixer Alan Shimel and Mike Rothman are putting together.... [Read More]

Comments

My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Blog powered by TypePad
Member since 10/2005