Matasano’s Flint: Open Source Interesting but Viable?

March 1, 2010 1 Comment

Matasano Security, a security consulting and research firm, has released Flint, an open source tool that evaluates rules found on Cisco firewalls for outdated, redundant, or exposure to other security threats.  Flint is based on Ruby on Rails, is available as a VMware virtual appliance, and source code is available.  Per Dark Reading’s Kelly Jackson Higgins, Tom Ptacek, Principal with Matasano, said, “It’s easy to extend, and we’re hoping to get a lot of feedback from the network security community.”

In case you’ve missed it, security change and configuration management is a hot market that has traditionally focused on firewalls; Pioneers/leaders in this market include AlgoSec, Tufin, SecurePassage, and Skybox Security.  However, companies like Tufin are moving beyond the firewall to include classic network devices such as routers, switches, load balancing, and more.  Matasano’s Flint is a hybrid of sorts as their first release only supports Cisco firewalls, yet the software (caveat as I have not yet seen the open source licensing on Flint) may be extended by the community to include different functionality and device types.

Like any development model, open source has produced some winners and some forgettable products.   My question is; will a security developer community evolve around Flint or will it simply become a user community?  Empirical evidence gathered by my involvement with ZipTie, an open source framework for Network Inventory and Configuration Management, suggests the latter may be true.

Sure, there are some major differences between ZipTie and Flint.  While ZipTie is built on Java, Flint is built on Ruby.  While ZipTie is backed by AlterPoint (a commercial network change and configuration vendor), Flint is backed by Matasano Security a security consulting and research firm.  However, one undeniable similarity lies within the belief that a development community exists and will emerge to enhance, extend, or white label the solution.  ZipTie learned that while their community is vibrant, growing, and full of incredible ideas, the development community it coveted never materialized putting the burden squarely on ZipTie itself.  Faced with this reality, ZipTie morphed into AlterPoint NetworkAuthority Inventory where it continues to be available today.

Security and firewall administration is a complex and high-profile responsibility within any IT organization.  While these men and women are talented in many aspects of security, they also are specialized via security manufacturers and product types.  For example; CheckPoint Firewalls (Appliance/Blade), Juniper NetScreen, Fortinet FortiGate, Linux Firewalls, TippingPoint IPS, Snort, and more.  However, are they Ruby developers?

Development communities, in any form, are powerful additions to a company’s portfolio.  However, they are easier to find within the application world of operating systems, virtualization hypervisors, databases, and more.  For the worlds of networking and security, why not create a specialized development community that is focused on areas of the product where their involvement makes sense? Examples of such communities include; AlterPoint’s Forge and Tufin’s Open Development Platform Alliance.

While Matasano Security’s Flint is open source interesting, is it a viable alternative to its commercial competitors?  Albeit Flint receives a good geek score, I’ll leave the security and reputation of my company to the commercial vendors.  In any case, here’s to Matasano’s team as they’ve certainly drawn attention to their security consulting and research business.

Filed under Security Tagged with , , , , , , , , , , , , ,

Security: Moving Beyond Firewall Configuration Management

February 10, 2010 4 Comments

For over 20 years, the firewall has been the cornerstone of TCP/IP (Internet) security.  In fact, the firewall has crossed-over from the geek to the chic as it has appeared or starred in print, television, and movies.  While the battle between hackers and security vendors rages on, firewalls have become more sophisticated and complicated to operate and manage. Further adding to the complexity is the increasing trend to build firewalls into routers, switches, unified chassis, and more.

Over the past few years, companies like Tufin, AlgoSec, SecurePassage, Skybox Security, and more have created products that analyze firewalls configurations, rules, and policies to alert security personnel to possible issues.  They have the ability to manage multiple firewall vendors as well as analyzing configurations from multiple firewalls deployed within an organization.  These products are essential to managing and maintaining an ever complex and changing security posture that requires automation to augment and compliment human interaction.  However, to completely understand an organizations security posture we must move beyond the firewall.

While firewalls are complex, they represent only a fraction of the total number of network devices within an organization.  Security personal routinely issue changes to routers, switches, IDS/IDP, and more that impact the entire network infrastructure.  Adding to the complexity are new devices and technology, such as WAN acceleration and virtualization, which are becoming mainstream.  These changes are important to maintain security and regulatory compliance within an organization.

However, the broad impact of these changes (access control lists, port security, network access control, VPNs, and more) may never be fully understood until after the changes are made. High availability and disaster recovery only adds to the complexity as they require synchronized changes/configurations across multiple devices and manufacturers.

Of course, using modeling software from companies like OPNET coupled with internal testing/procedures will aid organizations in making these changes.  The issue is how fresh the information obtained is and the time allotted to make the change given the severity/urgency of the security issue.

Imagine building a security software management platform that allows security and network engineers to jointly view, analyze, and document all security changes while coupling them to a sophisticated and easy to use GRC engine.  A proposed firewall change would trigger a review of the firewall policies followed by a warning that an ACL must be changed on 2 downstream routers while suggesting a re-ordering of said ACL to mitigate a potential security risk and alerting that a HA router must be updated. Next, the GRC engine would require documentation to ensure PCI compliance is maintained.  The coup de grace would be wrapping the entire platform within a visual interface that allowed for layered views of all security/network devices.

Is this farfetched?  Perhaps, but the recent uptick in stories about cyber warfare and cloud computing security threats have created an environment that is ripe for change and innovation.

Filed under Cloud Computing, Security Tagged with , , , , , , ,

For the Datacenter, Forget E=MC^2, Sav= (MC^4+AV) Sec

January 25, 2010 Leave a comment

Why do we need Cisco UCS, HP Adaptive Infrastructure, IBM Stratus, Liquid Computing, and more? 

Savings equals…

Management
Management is a critical component of any datacenter.  A datacenter may be defined as a symphony of hardware and software spanning multiple disciplines that is expected to be “always-on” and never to fail.  If you couple this with advances in virtualization, the “green movement”, and the need to understand a complete Total Cost of Ownership (TCO) of datacenter operations, then management is the only answer.  Management is not intended to replace the human element, rather to augment it through automation that allows human beings to tame an ever complex environment.

Examples of this renewed interest in management are plentiful; HP buys Opsware and Mercury Interactive, BMC buys BladeLogic, Cisco partners with BMC, Cisco UCS Manager, EMC buys Configuresoft, Voyence, SMARTS, and Infra, and more.

Current
Current, also known as power, usage within the datacenter continues to increase at a staggering rate.  In fact, the price for said current may actually outpace both the IT equipment and the facility itself.  It’s not simply servers, but routers, switches, wan acceleration devices, security devices, sans, nas, lights, laptops, monitors, and more that cause the bills to continually increase.  Couple this with the additional demands of cooling and redundancy and you have a real crisis on your hands.

An example of changes in the industry may be seen in ActivePower’s efforts in the areas of power and environmentally friendly “green” solutions.  Additionally, we might have been given a glimpse to one answer to this problem, as Google has made a $10 million investment in eSolar; inventors of Utility-Scale Solar Power.

Cabling
Cabling is an essential ingredient to any datacenter design and one that has the potential to provide significant cost savings in the next generation datacenter.  It started with the blade server revolution including embedded switches, and may very well end with Cisco’s UCS, HP’s Adaptive Infrastructure, or IBM’s Stratus datacenter initiatives. 

Illustrating this point, Cisco has published a case study with Saint Joseph Health System (SJHS) in which the hospital claimed an 85% savings in cabling costs by using the Cisco Nexus equipment.

Cooling
Current generates heat, heat requires cooling, cooling requires current, and around-and-around we go.  In the old days, you simply purchased the appropriate amount of cooling to keep your datacenter at a cool and constant temperature.  Today, upwards of 40% of your datacenter energy bill is from cooling.  Additionally, we have “green” concerns and use PUE (Power Usage Effectiveness) and DCE (Data Center Efficiencies) metrics to calculate how well we are doing and compare datacenters against others.  Incidentally, chillers, humidifiers, and CRAC’s (Computer Room Air Conditioning) contribute handsomely to these calculations.

A concept called adaptive cooling is a promising technology to solve the cooling challenge.  The premise is today’s equipment manufactures build systems that are more reliable and are designed to “handle the heat.”  Sensors are used to form baselines and models that are used to optimize modern cooling techniques.  Yahoo improved cooling and energy savings of 31% by partnering with SynapSense.

Capacity
Once thought to be endless, datacenters are rapidly running out of capacity.  By capacity, I am referring to everything from floor space to power and cooling to facilities themselves.  This has lead to the innovation of a “datacenter in a box” which is offered by the likes of Sun, Rackable, HP, IBM, and more.  These containers allow datacenters to expand rapidly while offering innovative power and cooling options.  However, space alone won’t solve the capacity issue.  Therefore, the efforts by Cisco, IBM, HP, and others to create a new datacenter fabric that combines massively dense servers, storage, networking, security, and virtualization are so important.

Look no further than Facebook who has started construction on a custom datacenter with over 140,000 square foot capacity at a cost of $188 million.  Note that they are touting the efficiency of this new datacenter including the potential of power and cooling cost savings.

Agility
As Ronald Reagan famously said, “Mr. Gorbachev, tear down this wall!” so too can we proclaim the tearing down of the walls between the silos within the datacenter.  We no longer can allow storage, networking, servers, security, applications, facilities, and more to operate independently of each other.  By operating as a unified team, the datacenter becomes more agile, proactive, efficient, and better equipped to handle all challenges. 

Examples of this movement is detected within software vendors (BMC, HP) unifying the management of these disciplines and hardware (Cisco, Juniper, Brocade) vendors integrating the functions into a single chassis.

Virtualization
No equation of savings within the datacenter would be complete without discussing virtualization.  While the ideas of virtualization have been around for years, it’s the application of this technology that has changed the industry forever.  Advances in network, server, application, and storage virtualization impact cost savings across the equation.

Examples include VMware vSphere, Citrix XenServer, Sun xVM, Cisco UCS (Nexus 1000v), Arcadia (Cisco/EMC JV)

Security
Security has and will continue to be a major concern within the datacenter.  The number of attacks and sophistication of these attacks continues to rise.  With the advent of Cloud Computing or shared services running on a common platform, the potential risks of a security breach are enormous.  Additionally, security must span all the disciplines within the data center while taking into account user access/privileges, data (in-motion and at-rest), and more.  Finally, security must continue to evolve while adhering to compliance and regulatory pressures.

Recent activities in this area include Cisco acquiring Rohati, SAIC purchasing CloudShield, the growth of Tufin and AlgoSec, and next generation firewall providers such as Palo Alto Networks.

Filed under Cloud Computing, Management, Virtualization Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Follow

Get every new post delivered to your Inbox.

Join 270 other followers

%d bloggers like this: