Shedding the light on the “going dark” problem

My theory about the “going dark” problem is the opposite of the official government explanation. They claim that they need to be able to read the communications of bad actors. (“Bad actors” in the security sense here, not the Hollywood sense.) But the back doors they’ve engineered have more to do with weakening the keys than with breaking the algorithms.  Mitigations are simple: introduce additional entropy while generating the key, use uncommonly long keys, use protocols with Perfect Forward Secrecy.  Anyone serious about preventing eavesdropping can reasonably expect to do so with a bit of work.

If that’s true, then what’s the big deal about lots of ordinary people who are *not* surveillance targets also using encryption?

[Read more…]

Isolation within the Personal Cloud

Tools for segmenting the network are approaching consumer-grade price points. Pictured: TP-Link TL-SG1024DE-V1-011 Gigabit Switch

Tools to segment the network are approaching home-user price points.
Pictured: TP-Link TL-SG1024DE-V1-011 Gigabit Switch

This is a bit preliminary because I haven’t had much time to work on my office network re-wire project and don’t have a lot of screen time with my brand new hardware.  However, I found a device that should help with those of you in the Personal Cloud community who are busy building prototypes, testing, and hacking.  I didn’t realize it but the price of a managed switch is down to the $150 range.  When I first started buying gigabit switches, the 5- or 8-port units were at least $100 and a managed switch was $400~$500.

I just picked up a 24-port Managed Gigabit switch.  It’s the “friendly” SMB version which I suppose means it is a bit light on features compared to a full L2 or L3 managed switch. However, it was only $150 and supports VLANs so you can segment off a bank of ports into a separate network – perfect for those Internet of Things devices you don’t trust, for guest wireless access, for isolating your beta testing network from your critical business workstation/laptop, etc.  And it is serious where it counts – 48GBps backplane allows full duplex Gigabit traffic on all 24 ports simultaneously, according to the spec sheet.  For my purposes, it has port mirroring so I can snoop on all those IoT devices and see if the next wave of LG TVs phone home like the current ones do, or any of the other devices outed at Def Con and other places don’t get fixed.

[Read more…]

Webinar: Security Defenses that Withstand the Test of Time

IIB-Security-Webinar-Banner

Please join AJ Aronoff and me for a Prolifics webinar: IIB: Security Defenses that Withstand the Test of Time

For the last 7 years my security focus has mainly been intrusion prevention.  That’s all the controls you use to keep unauthorized people out of the messaging network.  I’m happy to report that things have improved on that front.  IBM has greatly improved the software and customers are enabling the security controls in record numbers.  (Not that the secured systems are yet in the majority, but it’s MUCH better than before.)

Unfortunately, intrusion prevention is only one part of the story.  A comprehensive security design also includes intrusion detection, forensic capability and incident recovery.  One reason that these are needed is that the state of the art is a moving target.  Attack technology always gets better, defensive technology moves to keep up or stay ahead.  Over time the configuration you implement today gets weaker as the state of the art continues to advance.

This webinar will focus less on the specific controls and more on how to maintain security effectiveness over time.  We will be addressing IBM Information Broker (the software formerly known as WebSphere Message Broker) but since it is built on top of WebSphere MQ the content will also be useful for WMQ admins who do not have IIB.  I hope to “see” you there!

Much thanks to my friends at Prolifics for sponsoring the webinar.

Do We Need an Alternative to HTTPS and TLS?

“Do We Need an Alternative to HTTPS and TLS?”  This question came up in the Personal Clouds list recently.  Thanks to the well publicized problems with Certificate Authorities, variations on this question are a common theme among many of the communities in which I participate.  The CA has become the whipping boy for all the ills of authentication and network security.  Let’s just get rid of it, right?  It’s not that simple.

[Read more…]

My RBAC Manifesto

No one component taken out of context makes the Personal Cloud.

No one component taken out of context makes the Personal Cloud.

I’ve been following the Role Based Access Control thread on the Personal Clouds List and just sort of biting my tongue so as not to sidetrack any productive discussion there.  However, I cringe every time a new email comes out comparing Clique Space to RBAC.  One is a model, one is an implementation.  To compare them is like saying “China is not capitalism.”

I have issues on several levels with the whole discussion.  First, I believe that Role Based Access Control will be essential to the Personal Cloud architecture.  With all of the different functions proposed for Personal Cloud, it doesn’t seem scalable with the other types of access control.  Furthermore, there is no “personal cloud” if all the parts of it are developed in a vacuum.  Even though your component of the Personal Cloud may be simple enough to not require RBAC, how will it fit into the greater architecture?  For example, a smart light switch may have one role – either you can access it or not.  That’s a use case that screams out for simple Access Control Lists right up until you try to integrate it into a larger home automation system.  It isn’t so much that the switch now needs roles, but rather that the ability to manipulate or inquire on the switch from within the home automation system is itself a role of that larger system.  So as a designer the question becomes: In a larger cloud context where the owner manages using RBAC, do you want your device or component to be the only thing that requires the homeowner to program specific Access Control Lists?  How user friendly is that?

My answer to this is that as designers we need to recognize up front that the complexity of the Personal Cloud requires something more manageable than individual access control lists and then design our components to live in that greater context.

[Read more…]