The recently much debated DNS flaw is an example of a grave error in one of the most fundamental systems on the Internet, the DNS. The DNS (Domain Name System) is the system that resolves names of servers (e.g. support.giritech.com) to its corresponding IP address (e.g. 80.22.10.22) to enable the network to properly route requests from clients to the correct physcial server.

The protocol flaw that have been found allows hackers to launch virtually undetectable phishing attacks by diverting connections from unsuspecting users trying to connect to a legitimate server. A very good detailed explanation can be found on: http://blaynesucks.com/2008/07/22/protocol-level-dns-flaw

This issue point to the need for an end-to-end view of connections via an open network. The protocol underlying G/On ensure, end-to-end between server and client, that it is the correct servers and clients that are connected. The feature implementing this is mutual authentication. As opposed to many competing technologies this functionality is an integrated part of the Giritech protocol in G/On that cannot be turned off, deliberately or by accident.

The only way to securely use an open network such as the Internet, is to move all security related functions to the endpoints of the connection you want to establish and leave only the basic transport of encrypted data to the open network.

“Entia non sunt multiplicanda praeter necessitatem” is a latin quote referring to a principle called “Occam’s Razor”. It’s English translation sounds: “Entities should not be multiplied unnecessarily” or in even simpler words: “keep it simple”. William of Occam was a 14th century logician and Franciscan friar who developed this fundamental principle of simplicity and used it, among many things, to justify that “God’s existence cannot be deduced by reason alone” – not a very popular saying with the Church at the time.
The principle has since the 14th century proven its strength in many contexts by eliminating metaphysical concepts that cannot be either mathematically proven or empirically observed. At Giritech we try to use this fundamental principle to cut away “metaphysical technology”, which is technology that is not really needed to solve the basic challenge. We try to use this “principle of simplicity” to choose between alternatives that reaches the same objective.
However, this means that a fundamental understanding of the challenge is needed before you can develop the correct – i.e. the simplest – solution to the challenge.

The analyses we’ve made of business network infrastructure leads us to the simple understanding that the fundamental networking challenge businesses are trying to solve with technology is to connect users with their data (or with other users) … that’s it. This is an end-to-end challenge between a user and data (or more precisely the meaning of that data!). Giritech therefore tries to address this seemingly simple challenge using a simple and integrated technology, G/On as discussed in previous posts.
Obviously you cannot regard the “principle of simplicity” as a natural law. The principle is to be used as a guiding light. There was another wise man (H.L.Mencken, http://en.wikiquote.org/wiki/H._L._Mencken) who once said something like: “For every complex problem, there is an answer that is clear, simple – and wrong” … so we try to use the “principle of simplicity” with caution, but that does not change the power of the principle in terms of cost effectiveness and security when it comes to network infrastructure. As we phrase it: "controlling complexity is the essence of security".
Links:
A very interesting and somewhat philosophical explanation of Occam’s Razor – from where some of the wordings above have been taken: http://math.ucr.edu/home/baez/physics/General/occam.html

A disturbing but not really surprising article on airline security (or lack of):

http://hotair.com/archives/2007/07/16/a-pilot-on-airline-security/

One of the critical points in this article is more generally valid and points to an issue that any security conscious manager needs to consider:

"... we should be starting with defending the smallest spaces — the cockpits and cargo compartments, and working outward to the limits of our resources; instead of starting with the airport perimeter and working inward, ignoring the actual defense of those spaces that are actually the terrorist targets. ..."

The same methodology should be used when you design solutions for your companys infrastructure. Instead of the outside-in centric priniciple of building a highly complex perimeter surrounding all of the company's IT assets - as it is currently being done - you will need to deploy a more inside-out centric methodology protecting what is important. You should identify what is really important to your business and protect those assets by only providing a level of access to those users that corresponds to their needs and their "trust level" according to your security policy. Furthermore, this analysis will automatically increase awareness of what is important to your business in general and hence might have more profound, positive consequences for the operations of your business beyond the obvious security advantages.

Just a brief note here in the middle of the summer holidays on a very interesting interview on TechTarget with the Research Director from Burton Group, David Passmore (see: Searchnetworking - interview with David Passmore, Burton group)

One of his points is that the Traditional network perimeter security may soon be pushed out in favour of leveraging VPNs for network security. This is being confirmed almost daily by our customers and is the reason why we developed our Network Consolidation vision. The interview highlights very clearly the advantages of this approach and some of the pitfalls our customers needs to be aware of to reap the full benefits of Network Consolidation. Pitfalls that we think is addressed to a large extent in our implementation of the "overlay approach", G/On.

It would interesting to hear if any of you actually attended the Burton Group Catalyst conference in San Fransisco this week and if you could share your experiences with us here at the blog?

I was just pointed to a very interesting discussion on "consumerization" by one of our capable employees (see http://www.vnunet.com/vnunet/news/2192170/gartner-warns-consumerisation).

It seems that more and more businesses are challenged by their employees use of consumer technologies as a more or less integrated part of their work. As the "Digital Natives" (see previous post) becomes more prevalent in the work place we can expect this trend to continue. Just recently one of our customers were actually complaining that some of his younger new employees were not interested in getting the standard corporate laptop but instead insisted on using their own. Obviously because it had all the tools they felt were an integrated part of their lives. His problem was how to protect his network and applications from infections or load from these consumer oriented tools. We are of course talking about tools such as Skype, YouTube, Messenger, iTunes etc.

When a trend is as clear as this one seems to be, it is generally not a good idea to just ignore it. For instance by simply banning the use of consumer technologies at work and forcing employees to only use corporate controlled computers as suggested by Gartner. Instead the companies needs to embrace the trend by allowing employees to use the tools that enables them to be as efficient as possible. And accept that the set of tools will be very different from user to user and hence accept that they are in reality "unmanageable". Obviously this means that a different networking paradigm will be required - a paradigm that on the one hand allows users to use whatever tools they need while one the other hand enabling the company to maintain full control over their assets.

Such a paradigm is fundamentally what Giritech's "Network Consolidation" vision is all about. In this paradigm all users are always on the Internet as the only network infrastructure required by a company (this also has fundamental simplification consequences, but that's another story). The company then enables application connectivity from users to applications using an overlay, end-to-end, one-to-one
virtual network - for instance as implemented by G/On. Consolidating on the Internet gives the user full freedom.

It will be interesting to see if this and other similar trends will change the way businesses operate and hence also how the underlying infrastructures needs to be (re)designed. Please do not hesitate to share your own experiences on this blog.

Again an intelligent article that points at some of the challenges we, and our customers, are looking at already today.

http://www.acm.org/ubiquity/book/f_cairncross_1.html

This is just one of the chapters of a book ("The Company of the Future: How the Communications Revolution is Changing Management") Frances Cairncross wrote about the subject back in 2001 - however it illustrates some of the points on the way companies needs to be organised and how they need to work in the "knowledge age". The "knowledge age" is characterised by businesses increasingly moving away from physical assets to knowledge assets. This means that managing people (and this include more than "just" employees) instead of machines or other forms of tangibles. Obviously this will also demand fundamental changes in the way companies IT infrastructures are organised. Moving away from protecting networks, which needs to be as open and ubiquitous as the Internet, and towards protecting the knowledge ressources themselves while continuing to provide seamless access to all sorts of endusers.

This seems like an almost unsolvable dillemma. And it actually is unsolvable - at least cost effectively - in todays IT paradigm, thus requiring a new way of looking at IT infrastructure. This is one of the core reasons why we believe Network Consolidation is inevitable as this paradigm exactly adresses the balance between ubiquitous access and control of intellectual property.

Just one quick quote from the article:

"One handy definition [of knowledge management, red.] is that knowledge management involves efficiently connecting those who know with those who need to know, ..."

This is exactly the promise of Network Consolidation!

I stumbled across this summary of an interesting analysis that Gartner have made recently.

http://www.comon.dk/index.php/news/show/id=31113

See also:

http://agendabuilder.gartner.com/spr8/WebPages/SessionDetail.aspx?EventSessionId=911

and

http://agendabuilder.gartner.com/spr8/WebPages/SessionDetail.aspx?EventSessionId=900

The main article is in Danish, but refers to an international analysis (see other links) that indicates that the companies of today are no where near ready to support the needs and expectations of tomorrows employees ("the Digital Natives" – see different post on this interesting subject). Companies are so concerned with protecting themselves that it disables employees form doing what they want and sometime even what they need.

One of the reasons is simply that the old infrastructure paradigm (that I will describe in a later post) has severe limitations embedded - especially in terms of the tools and potential partners and employees can work with. Network Consolidation provides a (the only ?) viable answer to the challenges raised by future generations to the IT infrastructures of companies. The trick is not to try to control what endusers do, because that cannot be done anyway, but to protect the core ressources (applications and data) that they are working with. This will allow enduser to do whatever else they want with the Net without jeopardising the core assets of the company.

What about you - are you a Digital Native experiencing these issues or are you a Digital Immigrant still struggling with understanding the full consequences of the Internet revolution? Please feel free to register and comment.