Archive

Archive for the ‘Security Innovation & Imagination’ Category

Uncle Mike says “Virtualization hasn’t changed the fundamental laws of network architecture.”

January 16th, 2007 2 comments

FlatDespite Mike completely missing the point of my last point regarding Alan Shimel’s rant on Tippingpoint (he defaults to "Hoff is defending Big Iron blurb,) Mike made a bold statement:

Virtualization hasn’t changed the fundamental laws of network architecture

I am astounded by this statement.  I violently disagree with this assertion.

Virtualization may have not changed the underlying mechanisms of CSMA/CD or provided the capability to exceed the speed of light, but virtualization has absolutely and fundamentally affected the manner in which networks are designed, deployed, managed and used.   You know, network architecture.

Whether we’re talking about VLAN’s, MPLS, SOA, Grid Computing or Storage, almost every example of data center operations and network design today are profoundly impacted by the V-word.

Furthermore, virtualization (of transport, storage, application, policy, data) has also fundamentally changed the manner in which computing is employed and resources consumed.  What you deploy, where, and how are really, really important.

More importantly (and relevant here) is that virtualization has caused architects to revisit the way in which these assets and the data that flow through them, is secured.

And to defray yet another "blah blah…big iron…large enterprise….blah blah" retort, I’m referring not just to the Crossbeam way (which is heavily virtualized,) but that of Cisco and Juniper also.  All Next Generation Network Services are in a low-earth orbit of the mass that is virtualization.

"Virtualization of the routed core. Virtualization of the data and control planes.  Virtualization of Transport.  Extending the virtualized enterprise over the WAN.  The virtualized access layer."  You know what those are?  Chapters out of a Cisco Press book on Network Virtualization which provides "…design guidance" for architects of virtualized Enterprises.

I suppose it’s only fair that I ask Mike to qualify his comment, because perhaps it’s another "out-of-context-ism" or I misunderstood (of course I did) but it made me itchy reading it.

Mike?

Exposing/fingerprinting hidden services remotely by tracking heat-based clock skew…

September 22nd, 2006 No comments

Lowp4fan
When tools such as NMAP arrived on the scene years ago and fingerprinting for enumeration for pentesting and VA was the "hot" ticket, evasion techniques sprung up that were quite creative and forced researchers to get even more creative in attempts to discover and detect OS, applications and services running on a host remotely.

This has got to be one of the (and you’ll pardon the pun) "coolest" methods of detection and service enumeration I have seen to date; using CPU speed and temperature to detect processor utilization by hidden services — remotely using timestamp skews!

From Steven J. Murdoch @ Light Blue Touchpaper:

It is well known that quartz crystals, as used for controlling system
clocks of computers, change speed when their temperature is altered.
The paper shows how to use this effect to attack anonymity systems. One
such attack is to observe timestamps from a PC connected to the
Internet and watch how the frequency of the system clock changes.

I’m sure we’ll see evasion techniques, exception cases and "debubking the myth" posts pile up, but Mr. Murdoch sure made me scratch my head in amazement.  Maybe I’m just simple folk, but I think it’s really neat.

Next thing you know it’ll detect operator arousal after downloading pr0n!  I can tell you one thing, it’s pretty damned easy to fingerprint a MacBook Pro w/Core Duo processors…it heats my living room on a cold day and burns the hair of my thighs if I try to use it like a laptop…

Wow.