Chattin’ With the Boss: “Securing the Network” (Waiting For the Jet Pack)

At the RSA security conference last week I spent some time with Tom Gillis on a live uStream video titled “Securing the Network.”

Tom happens to be (as he points out during a rather funny interlude) my boss’ boss — he’s the VP and GM of Cisco‘s STBU (Security Technology Business Unit.)

It’s an interesting discussion (albeit with some self-serving Cisco tidbits) surrounding how collaboration, cloud, mobility, virtualization, video, the consumerizaton of IT and, um, jet packs are changing the network and how we secure it.

Direct link here.

Embedded below:

Reblog this post [with Zemanta]
  1. Sparkenstein
    March 8th, 2010 at 03:11 | #1

    Interesting.. but I did take issue with "your boss' boss'" comments about how great it is to be able to just open his notebook and auto-magically be connected over the VPN with no clicks, etc. I'm wondering how great it would be if his notebook got stolen? Is his notebook going to know it's not him using it?

    Such "convenience" might be a cool "must have" for some kid's gaming device, but not for a working professional's computer. If there are some biometrics involved like a retinal scan or even a keystroke detector that could shut the VPN down if it sensed that it wasn't your boss' boss using it, then that should have been brought out in the discussion.

    Your thoughts?

    TJL a/k/a Sparkenstein

  2. March 8th, 2010 at 03:17 | #2

    @Sparkenstein

    …he left out the (common sense) part where you still have to enter a username/password to unlock said computer (or initially boot it) – he was referring to the VPN connection itself.

    There are, for those who desire it, options for things like two-factor authentication also.

    /Hoff

  3. Sparkenstein
    March 8th, 2010 at 03:39 | #3

    Ok, all well and good.. but now if his personal notebook is compromised, so is the VPN and the organization that is trusting that VPN connection.

    I guess my point is that "convenience" is diametrically opposed to the "security" that a VPN represents, and that making things like a VPN connection "too convenient" is somewhat wrong-headed.

    Maybe the VPN example was just the wrong one to use when talking about "convenient security" — a term which itself can be argued is an oxymoron. Just my 2 cents. No more, I promise.. ;-)

  4. March 8th, 2010 at 03:47 | #4

    Your point is well taken, but keep in context the remainder of the elements that make up what Tom was referring to as controls relevant to the VPN — MITM'ing SSL for DPI, DLP, certain firewall & NAC rules in place depending upon location and destination…

    Per your example (assuming the controls I mentioned above were not in place) if his notebook is compromised, what would keep the agent that cause the compromise from simply abusing the tunnel once it was up?

    Security has an always will be 1/convenience. What was being discussed was utilizing a little of the smarts we've gained over the years and implementing technology that is more than just a dumb tunnel.

    Make sense?

    (…and keep your comments coming.)

  5. Sparkenstein
    March 8th, 2010 at 04:11 | #5

    Yes it does.

    Now having said that, I'll add that (IMHO) (a) strong authentication would be essential to making (almost?) everything else you mentioned work downstream, and (b) "convenient" strong authentication is hard to achieve — not impossible, of course. Just hard, and maybe a little expensive too when it comes to building it into low-cost consumer devices.

    I guess I was responding mostly to the "sensational" aspect of the example — but, hey.. it was a video.. that's show biz! ;-)

  6. Adrian
    March 10th, 2010 at 03:36 | #6

    Mmh…I was hoping finding more info regarding Virtualization security software.

    I am really concerned about how secure is a virtual environment from internal and external threats.

    Any thoughts?

  7. Adrian
    March 10th, 2010 at 04:25 | #8

    Thanks for the link beaker.

    I just found this interesting article as well http://www.vminformer.com/1213/

    But never heard about this software beforehand.

    I guess you should have an idea of the best virtualization security tool. What would be your suggestion(s)?

  1. March 15th, 2010 at 01:30 | #1