Bruce Schneier has a post about an email (from last year) by Dave Piscitello to the Firewall Wizards mailing list, which makes for interesting things to think about.
The traditional security model is usually defined by the 4As:
- Authentication (who are you)
- Authorization (what are you allowed to do)
- Availability (is the data accessible)
- Authenticity (is the data intact)
On the cited email, Piscitello says:
This model is no longer sufficient because it does not include
asserting the trustworthiness of the endpoint device from which a
(remote) user will authenticate and subsequently access data. Network
admission and endpoint control are needed to determine that the device
is free of malware (esp. key loggers) before you even accept a
keystroke from a user. So let’s prepend “admissibility” to your list,
and come up with a 5-legged stool, or call it the Pentagon of Trust.
Bruce agrees with him.
Now…the thing in my mind is this…when we do the original 4As, all of it is done server-side, where the admin has absolute control of everything (at least in theory). But this new fifth A is not server-side…it’s *specifically* client-side…and that client isn’t always under the admin’s control. So…my big question is…do we just reject all access from un-supervised clients? or do we need to find a way to supervise/audit those un-supervised clients?
I’m not saying I disagree with adding this fifth A to the security definition…my problem is…how do we translate it to RL? Do we make remote workers use only authorized computers to do their work from home? Wasn’t one of the reasons C*Os accepted remote workers the fact that the company would save money because (among other things) they wouldn’t have to pay for some computers? And I’m pretty sure the IT departments wouldn’t be happy about such an idea…workers that do their work part-time from home and part-time from the office will need two PCs that the IT department will be responsible for, doubleing the workload for IT for those workers. And if I were a telecommuter, I sure as hell wouldn’t put up with having to pay for a computer that the office’s IT department will control and that I can’t use any way I wish to use, which means the company will have to pay for that computer too, meaning they’ll have to double up the IT’s budget for telecommuters, ’cause they’ll have to pay for computers and programs for them.
In other words, the control freak in me says “hell, yes! I don’t want un-supervised computers accessing my servers”, but on the other hand, the telecommuter in me says “sure, I’ll play along, just pay for the computer if you want IT to supervise its use”…so…I’m not sure what the real world practicallity of this really would be.
Technorati Tags: bruce schneier, security, telecommuter, new security model, firewall wizards
Tags: Thoughts
If you enjoyed this post, make sure you subscribe to my RSS feed!!
