Letter: Fewer Internet links mean more risks
Regarding “OMB to limit number of Internet connections for agencies
,” I am having a hard time understanding the Office of Management and Budget’s decision to decrease the number of gateway connections, especially when it is trying to frame it around security. The vast majority of attacks target the application layer and endpoints. Unless you intend to deny services, one gateway is all that is needed. Limiting connections will not only make it easier for an adversary to disrupt connectivity to a much larger segment of a network, but the spear phishing, malware, Trojan horses, viruses, worms, etc., will have a larger pool of systems to choose from through fewer connections.
I truly believe we do a fairly good job of maintaining a hard network shell in our current state, but the gooey insides make for quite the enticing treat. How easy will it be to recover from a zero-day worm sent in via a carefully crafted spear phishing exploit, which infests a network segment that used to be just a satellite office of 200 computers but is now a Class B segment consisting of 65,000 systems? Will any of this truly make a difference when a laptop computer/removable drive/thumb drive/DVD/desktop computer/personal digital assistant is stolen or a hard drive is improperly disposed of? When are we going to realize that it doesn't matter any more how good the boundary is?
We need to start focusing on the endpoints for what they have truly become -- compromisable. Just like the old days, put the endpoints in a “demilitarized zone." Treat the systems that connect to your core services as hostile. Force all endpoints to connect to your core only via virtual private network connections that are protected by NAC devices that can enforce well-constructed policy before ever letting them have access to the core, then interlink the cores via closed networks. With interlinked cores inside a closed network, data sharing will be easier to accomplish and data can be replicated and stored at multiple locations to increase survivability. Treating the endpoints as external devices will also increase survivability because they can be relocated and re-attached from anywhere. Almost sounds like going back to the mainframe days, doesn't it?
What do you think? Paste a comment in the box below (registration required), or send your comment to firstname.lastname@example.org (subject line: Blog comment) and we'll post it.