Greg YoungA friend and I were talking about the not-so-salad days before plug-and-play when attaching a mouse meant setting IRQ values, dip switches, and phoning 5 of your friends. Life is better now – you plug the thingie in and it works.
The quest for PnP security has gone on just as long. Why can’t we add a PC or a switch and have them adopt the policy and become safe members of our network? There have been some good attempts at getting movement in this direction. An oft-time colleague and long-time friend Eugen Bacic formed a company decade ago, as have many others, to try and have a security policy overlay no matter the components. Before you shout out "NAC" and scare the dog, NAC is mostly endpoint and threat-facing (rather than identity and access facing), and enforces within defined networks.
PnP security will not be realized any time soon (the question mark on the post title was unsubtle foreshadowing for a negative outcome, right up there with Free Ice Cream?). So why won’t NAC or other approaches give us a single PnP world tomorrow?
Reason #1: It is a multi-vendor world. As long as we have more than one vendor for all of our components, competition will drive un-interoperability. The threat can enter anywhere in the stack, meaning would need one security-esperanto-interface for all of our operating systems, applications, network components, printers, and other bits. Competition and innovation move faster than the time and will required conceive of a reasonable means to do this let alone implement it.
More on other reasons why in upcoming posts.
USB Memory Bomb by Joel Escalone
Comments Off
Category: Uncategorized Tags:
