Microsoft Security Efforts
I have been surfing a lot this morning, trying to track down some technical, hence professional blogs that I can look at from work. That way, when I feel the urge to “slack off” by surfing the web, I can turn my slacking in to learning. I will try and summarize some of the publications I have found, but for now, I need to recommend Richard Bejtlich’s excellent review of current Microsoft security efforts. Even for Unixy people like me, it is useful to know what Microsoft is thinking, and this is a great summary of what Microsoft is thinking.
I don’t pay much attention to Microsoft, but even I know that the ship date for the next version of Windows has been slipping forever:
All of these are slated for Longhorn, due some time in 2007. [Dean Iacovelli] said a beta should be available by Q4 2005. However, Microsoft now says “it’s ready when it’s ready.” Customers will need to do a lot of testing for these features, especially network quarantine. Dean recommended the following processes need to be considered: rollout and change process control planning; success matrices and measures; exemption analysis; host health modeling; health policy zones; secure network infrastructure analysis; RADIUS implementation; and zone enforcement selection. What does all of this mean? Figuring it out is probably the first step!
When I first started reading that paragraph, I got kind of excited. I thought maybe Microsoft, with its gajillions of bucks in the bank, has decided it needn’t worry so much about rushing the next version out the door, and is taking some time to try and fundamentally work over their Operating System, and reinvent and streamline a lot of the layers of cruft that have been layered on over the years. Something a bit leaner and sexier. A reinvention on the scale of Mac OS X. But then the paragraph gave way to all the success matrix mumbledy jumbley, and I started to wonder that maybe Longhorn is taking forever because it is actually just another five layers of complexity and cruft lain upon all the previous layers, and all that insanity takes a lot of effort to stabilize before you can hope to even ship a beta? I don’t know, and as someone who experimented with Windows for the past few years and is moving back more and more to a FreeBSD mindset, I don’t care so much. But it should make for some interesting sport . . .
He parted with a great observation on IT Security Philosophy:
[Regarding the] IPSec-everywhere approach. This will help preserve confidentiality and integrity within the enterprise. However, most internal intruders are probably rogue insiders. They will already have the authorization needed to access internal documents. Independent network-based systems trying to audit internal activity will be blind to IPSec-encrypted traffic. Is this trade-off worth it? I’m not sure.
Or, in other words, if you secure your client access, then you will have a harder time snooping on your own network to detect undesirable activity. Of course, there are plenty of other mechanisms to audit user behavior, but Security is one of the most complex areas of information technology, because security is always a trade-off, and it is often a trade-off in terms of security. That is why Security can be so dang tough. Richard also remarked that with each added piece of complexity, you add an opportunity to misconfigure something to be exploited. All too true.