Showing posts with label deperimeterization. Show all posts
Showing posts with label deperimeterization. Show all posts

Wednesday, April 14, 2010

Enterprise 2.0 inside the firewall?

@infovark 's Dean blogs why he thinks Enterprise 2.0 will fail, and claims that the case for E2.0 inside the firewall is considerably more difficult.

I think the main problem with the case for “E2.0 inside the firewall” is the word “firewall”, which represents an outdated but still common attitude towards maintaining organizational boundaries. I wouldn’t be at all surprised if an organization that relies on firewalls struggles to get the benefits from open distributed business and technology, including Enterprise 2.0.

Dean replies
"It’s true that many forward-thinking organizations are becoming more transparent, and the borders between them are becoming less distinct. Still, eliminating the firewall altogether would require a lot of infrastructure changes. ... An even bigger challenge is the political one. Changing the Internet from a 'network of networks' paradigm to a 'unified network' approach would require far more coordination than most companies — and countries — would be willing to undertake."
I agree that shifting away from firewall-based security is a significant strategic move for an organization, not just infrastructure but also political. There are some political issues that would have to be tackled, if the organization is to achieve any potential benefits from Enterprise 2.0.

But the shift away from firewall (sometimes called Deperimeterization) doesn't necessarily entail the second shift Dean mentions, from a 'network of networks' paradigm to a 'unified network' approach, and I am not advocating this.  There will perhaps always be limits to interoperability, and there will always be some structure to the network of networks, but this structure will be more open and innovative, and not driven primarily by an obsolete security architecture.
Posted by at No comments:
Labels: , , , ,

Tuesday, May 03, 2005

Jericho

Fortress Security

Back in 2002, Aidan Ward and I wrote some reports for the CBDI Forum on Web Services Security, which among other things lay siege to the Fortress Model of security. We were ahead of our time. The Fortress walls are not crumbling yet, but we are now joined by some serious allies.

See also brief note on Autonomous Computing: Fiefdoms & Fortresses

Jericho Forum

Jericho Forum (part of the Open Group) is a non-profit security standards group, led by user organizations. This is leading the push towards more agile and interoperable security models. 

Press Release: Executives Agree that Interoperability, Deperimeterization of Data and Horizontal Integration Are Essential (April 2004) News Story: New boundaries and new rules (John Sterlicchi, SC Magazine, Jan 2005) News Story: Vendors line up to see Jericho vision (Ron Condon, SC Magazine, Feb 2005) News Story: The Future of IT Security is Fewer Walls, Not More (Dan Ilett, ZDNet, April 2005)

dePerimeterization

This essentially means tearing down the Fortress model. Definitions: Whatis.com, Word of the Day

Security Vendors

nCipher Cryptographic IT Security See press release (April 2005), on joining the Jericho Forum.
Vordel XML Web Services Security See weblog postings (March 2004, July 2004) by CTO Mark O'Neil


CBDI Forum

Web Service Security (CBDI Journal, January 2002)

Component-Based Security for Web Services (CBDI Special Report, July 2002)

Agile Security for SOA (CBDI Journal, June 2005)

Posted by at No comments:
Labels: , ,

Thursday, September 16, 2004

Security Note

Microsoft has announced a critical vulnerability in Windows, which allows malicious code in JPEG files to be executed.
Source: BBC News

Like many security problems, this arises because of a failure of encapsulation. With a reasonable architecture, your photos could contain all sorts of secret messages and malicious code but these would not leak out. The software platform would only execute the code inside some sort of sandbox. But I don't want to have to go to this trouble. The problem only arises because someone had the clever idea that JPEG files could contain code, and programs reading JPEG files would execute the code. (JPEG is an industry standard: we can't blame all this on Microsoft.) That clever idea only works safely if we assume a much more sophisticated sofware architecture and an much higher level of software quality than we are likely to see in the foreseeable future. Otherwise, such clever ideas are dangerous.  

Lesson One: Clever ideas often increase complexity, and have a negative impact on security. If even an innocent JPEG file can be crawling with malware, what are the implications for advanced middleware, such as web services? SOAP messages can carry all sorts of payloads, including compressed, fragmented and encrypted ones. An XML document can contain data or code, and the code can be in any language you choose. We know that passenger frisking and baggage screening doesn't always detect weapons, so how do we expect a firewall to detect dangerous data packages? The firewall (and the fortress model which depends on it) are made irrelevant by these advanced technologies.  

Lesson Two: If we are using open distributed technologies, we must expect security to be managed in an open and distributed way, not by building a false illusion of central control.

more
Posted by at No comments:
Labels: , ,

Wednesday, December 18, 2002

Autonomous Computing - Fiefdoms and Fortresses

Pat Helland of Microsoft has proposed the Autonomous Computing model as an application design pattern for cooperation between independent systems that do not trust each other. It has two key notions.

Fiefdom An independent computing environment that refuses to trust any outsiders and maintains tight control over a set of mission critical data 

Emissary A computing component that helps prepare requests to submit to a fiefdom. It operates exclusively on published (snapshot) reference data and single-user data. 

Helland uses the autonomous computing model to explain many of the new types of applications including offline apps, scalable web-farms, B2B apps, content syndication and content aggregation. (How secure are these then?) more

Roger Sessions of Object Watch has combined the Helland model with other elements to produce an elaborate Fortress Model of computer security. A fortress is a self-contained software system, contains business logic (grunts) and private data (strongboxes), and is surrounded by an unbreachable wall. Communication with the outside world passes through a drawbridge, and is controlled by guards and by treaties with allies

I have many reservations about these models. Here are three to be going on with. 

  • Reliance on an absolute, binary notion of trust. Anything or anybody inside the wall is trusted absolutely, anything or anybody outside the wall is mistrusted. 
  • Reliance on simple topology. A wall creates a simple enclosed space, a straightforward boundary between inside and outside. 
  • Reliance on technology. The fortress model depends on firewalls and other security mechanisms. 

 

Pat Helland, Autonomous Computing paper and blogpost (updated December 2020)

Roger Sessions, The Software Fortress Model: A Next Generation Model for Describing Enterprise Software Architectures (Object Watch Newsletter 36, 17 November 2001)

Richard Veryard and Aidan Ward, Web Service Security (CBDI Journal January 2002)


Originally published at http://www.veryard.com/sebpc/security.htm#autonomous

Links updated March 2022 to include Pat Helland's new version

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)