I truly believe we do a fairly good job of maintaining a hard network shell in our current state, but the gooey insides make for quite the enticing treat. How easy will it be to recover from a zero-day worm sent in via a carefully crafted spear phishing exploit, which infests a network segment that used to be just a satellite office of 200 computers but is now a Class B segment consisting of 65,000 systems? Will any of this truly make a difference when a laptop computer/removable drive/thumb drive/DVD/desktop computer/personal digital assistant is stolen or a hard drive is improperly disposed of? When are we going to realize that it doesn't matter any more how good the boundary is? 

We need to start focusing on the endpoints for what they have truly become -- compromisable. Just like the old days, put the endpoints in a “demilitarized zone." Treat the systems that connect to your core services as hostile. Force all endpoints to connect to your core only via virtual private network connections that are protected by NAC devices that can enforce well-constructed policy before ever letting them have access to the core, then interlink the cores via closed networks. With interlinked cores inside a closed network, data sharing will be easier to accomplish and data can be replicated and stored at multiple locations to increase survivability. Treating the endpoints as external devices will also increase survivability because they can be relocated and re-attached from anywhere. Almost sounds like going back to the mainframe days, doesn't it?

Anonymous
Air Force

What do you think? Paste a comment in the box below (registration required), or send your comment to letters@fcw.com (subject line: Blog comment) and we'll post it.