February 20, 2005

Rule-Sets and positive models

I just returned from a business trip to New Jersey and realized that I need my own personal rule-set reset. This has been in the making since last year when I ran a 10K run and after a few weeks found my knee uncooperative in any kind of running. Coupled with business travel and too much sedentary activity I have reached a point where I am motivated to change some dietary and exercise habits. After an extended exercise sabbatical I was pleased this morning to be able to complete a short run. Thankfully I didn't require a system perturbation, such as a heart attack, to motivate me but I have noticed that the context of my environment has a huge influence upon the success of my efforts. The rest of my family flew out to the West coast to see relatives and I am taking a few days off from work to catch up on personal efforts which have suffered as a result of too many hours spent at work. Just like breaking the habit of cigarette smoking, the greatest obstacle to embracing and implementing a rule-set reset is the existence of old habits.

The boys at The New Rule Sets Project, LLC look at global security issues such as system perturbations such as World War II led to rule-set resets such as the Marshall Plan and implementation mechanisms such as NATO. Their focus is on current issues such as globalization in a post 9/11 (system perturbation) world. As in my case the problem in moving forward seems to be the old habits that nations are reluctant to release. Within the US typical mind-sets that pose hurdles are various positions such as our role 'nation building' and as a 'global police force'; the role of the UN; deficit spending; outsourcing; and short term returns.

In the world of IT Security it may be worth considering the rule-sets of network firewalls. Network firewalls are always being 'tweaked' - rule sets are changed slightly to adjust for business at hand, such as allowing the public to reach a new web site. It is unusual to make a sweeping change (rule-set reset) without good cause (system perturbation driven). An example of this would be a huge spike in virus/worm/malware activity (or perceived increase in threat) that triggers major policy change (such as going from a 'default allow' position to a 'default deny' position or blocking outbound traffic not on well known ports). While this change may be seen as very positive from a security practitioner's point of view the resulting change would certainly cause a huge upset to the user base. Any experienced security person would consider this and understand that the big obstacle to trying to implement this new policy would be people's web habits. A couple obvious ways to get this better policy implemented would be by dictate (unilateralism) or by stages (evolution) but in any case would still involve pain on all sides.

Back to New Jersey... Network firewalls are extremely dumb. (Well - technically packet filter firewalls are really dumb, whereas proxied based firewalls are rare. Joel Snyder points out that historically proxy firewalls also 'cheat', vendors wrote proxies for certain applications and the rest of the traffic is handled in a filter like manner.) IT Security models are typically negative which is that we block stuff that we know is bad and otherwise allow activity. The system that I saw in New Jersey by Whale Communications called e-Gap offers a positive model that looks for good and known behavior and blocks other behavior. One of the reasons IT is struggling with malware and patches is that formerly unknown activity causes trouble until new signatures and patches are developed and deployed.

I see that e-Gap will be very valuable in networks as a supplement to protect sensitive applications and systems at an affordable price. (I recently read an article that estimates a thorough application vulnerability assessment may cost $50,000 per application.) Whale has a problem because it's product does not neatly fit into a standard category. They do several things all within the same product (although licensing determines functionality): e-Gap is a remote access device (SSL VPN) which is able to limit access to application specific functions; e-Gap is an application firewall with some common applications pre-defined; e-Gap 'breaks' the network connection to protect systems from network based attacks; and e-Gap provides end-point (remote PC) evaluation to ensure that remote PCs are secure enough to access an application. Most of their competitors can't or won't come close to providing the value they offer. I had the opportunity to see their impressive product, meet their staff which is very smart and full of enthusiasm - watch them closely. The time seems ripe to consider the advent of another system perturbation as applications are being hacked through application weaknesses rather than through network or OS hacks. The time seems right to adjust our rule-sets where we add another layer of defense to critical applications as well as ensuring that potential clients meet minimum qualifications.

Some of the positive/negative models can be seen in daily life:

  • You normally aren't blocked from walking into a public store such as Target. But if you start behaving 'wrong' such as screaming at the top of your lungs - then you will be escorted out of the store.
  • You aren't given a tour of available homes until you are 'qualified'.
  • You could attend an event like Woodstock and almost any behavior was tolerated.

Along the same lines, some applications require nominal protection, others require better protection and others even more protection.

I have never been much of an athlete or runner. I placed 70 out of 72 in my age class in the 10K run, but it was a thoroughly enjoyable experience. I worked hard to get to a point where I could make the attempt and am proud that I was able to complete the run. My family was supportive and I hope I was able to teach my 6 year old son that success is not a matter of winning but rather completing a goal.

For anyone interested in trying to run I can only say that the key is to start gradually and to persevere. If you aren't in shape and used to running, the attempt to run several miles will seem impossible. I have aways noticed a threshold that I need to cross after about 5 minutes of running. I have been told that typically during the first five minutes your muscles are running off stored energy (anaerobic) when it feels like you are pulling a great weight but then you reach a point where you are burning energy with oxygen (aerobically) which feels like you no longer have that weight to pull. During the first few minutes you may question whether you can go any further, once in the aerobic zone you know you can go as far as you have the will for provided you don't push too fast. * I know that the physiology of running is far more complex, but this simple mental model helps me to reach and break that barrier and get to that place where I enjoy running several miles on a regular basis. So my little running program requires that (when I am out of shape) I work to reach that threshold so that I can enjoy running longer distances. The enjoyment I get from aerobic activity is my motivation to endure those first five minutes of dissuasion.

Feb 20, 2005 5:30:54 PM | Current Affairs, Globalization, History, Security, Web/Tech

The comments to this entry are closed.

NEXT POST
Link to Jackie's blog Adding link for Jacqueline Mackie Paisley Passey's blog, discuss comment dust up, Barnett and Islamists.
PREVIOUS POST
Dictators, Moms and Manhattan Chinese President Hu Jintao, 10 worst dictators, single mothers adopting Chinese infants, Manhattan history and identity theft Choicepoint

Stu

I'm a corporate network security guy with 2 kids

Search

Recent Comments