Security

Internet security: No easy fix

The issue of Internet security, and in fact of computer security overall, has become more difficult through the years, enough to prompt some to ask whether we need a “new Internet” that is less vulnerable.

Stanford’s Clean Slate approach and other academic programs are hoping to answer the question, but the problem is that these approaches are academic; the Internet is here to stay in substantially its current form because it would be too costly to fix it.

That doesn’t mean that security issues can’t be fixed. The biggest problems come from the presumption of anonymity; addressing and identification data on the Internet isn’t authoritative, and so you can’t “trace the call” as reliably as with the PSTN. Much of that could be fixed by requiring ISPs to provide authentic addresses for all packets, but that movement hasn’t made headway in the Internet world.

Thus, we believe this is (unfortunately) much ado about nothing, though there may be some incremental steps suggested by the work.

Cisco blade servers — part of a bigger plan?

Rumors that Cisco was going to enter the blade server market have been swirling for a year now, and got some boost from being published in The New York Times this week. It appears from our sources that Cisco really is entering that market and will be making the announcement fairly soon.

The move is obviously a gutsy one. On one hand, Cisco seems to understand better than any of its competitors that if bits are commoditizing, you better be in a business that commoditized bits will stimulate if you’re going to keep pumping out bit-producing products.

The other side of the issue is that servers per se aren’t exactly an exploding market, and margins there are typically low. IBM and HP will really hate Cisco for competing and will likely counter-move. The risk for Cisco in being an ordinary IT server is so large it’s hard for us to believe the company would do it, and so we think Cisco may be trying something very smart, which would be to create specialized server appliances for feature hosting, linked intimately with Cisco switches and routers and creating a service ecosystem. Given Chambers’ announcement of service mashups or API harmonization at Cscape, this could get really interesting.

Security could reach Cabinet level

A panel is likely to recommend that the U.S. establish a White-House-level office of security to deal with the growing cyber-threat, something the report says that the U.S. is managing badly today. Recent attacks on the Pentagon and attacks on some countries (Georgia, during the Russian crisis, for example) suggest that cyber-war may be more advanced than many had believed. It’s likely this report will impact corporate security, as well as security services offered by providers, so this may be an indication that the security market will get hot in 2009 and 2010.

Juniper continues software transformation

Juniper has announced the first major innovation in its Service Layer Technology area, something it calls the Dynamic Services Architecture. This is a new product set, the first of which is the SRX Services Gateway, built on a platform that tightly couples service feature hosting and both signaling and control plane protocol handling. Cards are software-configurable to support multiple services, firewall services being the first announced.

This is the second of Juniper’s announcements that have created a “higher-than-the-network” layer of technology, the first being the company’s support of hosted control plane software for JUNOS. When you add this to the recent management changes at Juniper, it begins to look as though the company may be taking a turn more toward software and “transformation” versus routers and “convergence”.

The wisdom of Google over the top “gPhone”?

Google is reportedly ready to announce its “gPhone” plan, which is a part of Google’s grand strategy to force wireless operators to open up to over-the-top services. The new phone will reportedly be “open” to the point where applications and services cannot be restricted. This means that if users are prepared to pay the operator’s rate to establish an Internet connection from the phone, they can use any Internet-based service without additional charges or restrictions. This is the model Google hopes to establish in order to promote ad-based content delivery and other Google interests. The problem is that mobile services have very limited capacity, no more than a few megabits per cell. If a lot of over-the-top applications are promoted on the phone, there is a real risk that the process would degrade cell performance, particularly if a lot of users happened to be congregated in one place. There are also significant risks of software leaking personal data, making mobile phones into what might well be the most insecure environment a user could join. It is very difficult to see how the mobile operators would control service quality and security without some way to limit applications and usage on phones, and we are wondering whether Google may have stepped too far too fast here.