The Converging Network

It's that time again and we really have a "big show" for you with episode 57 of the SSAATY Podcast. Industry veteran and luminary Tom Noonan joins Alan and me. Unless you are new to security, you know that Tom was the co-founder of Internet Security Systems (ISS) which was sold and is now part of IBM. Through ISS, Tom helped make intrusion detection, vulnerability management, unified threat management, and security research (through the X-Force team) commonplace within the security industry.

Tom's now retired from IBM following ISS's integration into the company and is now on the advisory board of Rohati. Rohati provides Network-Based Entitlement Control (NBEC), offering the Rohati TNS 100, 500 and Central Management System products. Tom's excitement about Rohati and the Rohati team is clear and you can tell he's enjoying his advisory role with the company.

During the podcast, we reflect on Tom's early experiences with ISS and how that has shaped and relates to today's security industry. Tom's view is that it's still early in the life of the security industry and there's ample opportunity for new companies and technologies to emerge and make an impact.

Whether you are a security newbie or veteran, you'll find the interview with Tom informative and inspiring, so join Alan and me in welcoming Tom to episode 57 of the podcast.

As a wrap up, Alan and I talk about some of the acquisition rumors, including Citrix being in play with Microsoft, Cisco and IBM, and Juniper is looking at Aruba and Meru Networks. Alan also applies some smackdown on Mirage Networks for making such a big deal about running their NAC product as a virtual software appliance. Alan also surprises us with his less than enthusiastic experience with his iPhone 3G, and surprisingly is ready to bring back his Microsoft Windows Mobile 6 phone in place of the iPhone. I'm glad Alan's finally seen the light and sees Apple for what it is, a closed hardware and closed software company that's more about cool fads and cultish followings than easy to use, functional, customer centered products. Since recording the podcast, Apple's now taken to banning competitive products from App Store too! Looks like Alan isn't the only one with iPhone buyer's remorse.

Remember to send us your comments and questions to podcast@stillsecure.com. You can also subscribe to the podcast via iTunes or at http://ashimmy.podomatic.com.

Ever order a new model of a computer or server only to find that Linux doesn't yet have a driver to support the chipsets? This can even happen when there isn't a new model or a substantial engineering change. A simple rev of a network chip or graphics processor can send your Google browser search bar a' humming, looking for any news of a driver update. Sometimes it's no problem. Or you may have to use a beta driver or just wait until one emerges.

Intel Chief Linux and Open Source Technologies, Dirk Hohndel, disclosed during a presentation that a major OEM customer (Dell, IBM, HP? We'll just have to guess) is requiring an open source driver be available within 12 months of a new chip. That may sound like a long time but 12 months would be the longest they'll wait. And, chips don't make into boxes right away. Suppliers have to exhaust existing inventory or exchange with others who can use their inventory in order to take a new chip. Manufactures also have engineering, QA, testing processes and manufacturing specs and verification processes to go through in order to replace or introduce a new chip.

The good news for us is that either the chip makers will need to release an open source version of their drivers, or otherwise seed creation of open source drivers. Hopefully this means we'll have both; choice of drivers to use, and drivers available to more quickly test and use. Either way, it's a bell weather moment of one customer saying to their supplier, we require be open source software be available to help our products get into customers' hands. That's good news for all of us.

Note: Slides are available here if you are interested.

In episode 3 of the Cobia Community Podcast, Martin McKeay and I discuss the announcements StillSecure made at Interop Las Vegas. We made several announcements including a Cobia appliance (Cobia software pre-installed on a 1U appliance), paid-for commercial support options, and three new partner program for VARs, ISVs and hardware/OEM partners. All of the programs were a huge hit at Interop and we announced parters including Cymphonix, ArcMentor and Portwell.

Join us for the podcast to learn more. You can reach Martin and me via email at cobia@stillsecure.com.

mp3 file

If you've had a new computer, you've experienced "crapware", the annoying software hardware manufactures are paid to ship on your new computer. AV software, online services, image software, trialware, etc., etc.

I recently purchased an HP dv9000. I was very pleased with my previous dv5000 and the new computer is even better. (It's great to run a virus scan with the dual core CPU and not have the entire system lock up). Of course one of the things you have to deal with on any new computer is the crapware, sometimes also called craplets, that come with your computer. We used to complain about the time it takes to update Windows on a new system. Now removing the crapware takes even longer.

One of the craplets on this system was a popup to get you to buy the extended service plan. This is where things went bad. Suddenly, after having the computer for two months, the extended service plan pop up started coming up endlessly and wouldn't go away. It didn't matter which option you selected, including the "I already purchased the extended service plan" - the dumb thing wouldn't go away. In effect, now my computer is spamming me with endless pop ups!

A modest amount of digging showed an entry in the Windows Task Scheduler and with a few clicks, it was gone (and I deleted the .exe to be sure.) Needless to say, I wasn't inclined to buy the extended service plan and this experience didn't exactly endear me to the idea.

The response to Cobia since we announced in April has been overwhelming. Thousands of people have downloaded Cobia and begun using Cobia in the business, school, home and lab networks. At the same time we've had tremendous interest from software and hardware vendors about our plans for Cobia and the potential for alliances, resellering programs, hardware for Cobia and OEM interests.

Cobia is so much more than a product, it represents even more new products, new customers and revenues for businesses in the industry, and partnerships between many players in our industry. And of course amongst those downloading and using the software, Cobia brings huge value over fixed appliances and has the advantages that open source software brings.

I'm pleased to tell you that this week we are making several announcements at Interop in Las Vegas. First is our new StillSecure Cobia Partner Programs (see the press release here). We are announcing partner programs for VARs, ISVs and Platform (hardware manufactures and OEMs) and partners who have joined each respective program for our launch at Interop.

Next, is our Cobia appliance, with Cobia pre-installed and with all the advantages in tact of Cobia's open, modular software platform. This ain't "your father's Oldsmobile" fixed appliance. The Cobia appliance is all about convenience. If you want total plug-n-play installation, upgrades to new modulars and feature enhancements, then this option is for you. We'll be offering the Cobia appliance through our VAR partners and also on the Cobia site. More details on the appliance options will follow soon.

Third is our paid-for commercial Cobia support; email, phone and 24x7. Sometimes it is important to have email and/or phone support in addition to the free Cobia user forums and this gives businesses the piece of mind they can contact StillSecure directly and receive the exceptional support provided by our Customer Support Engineers.

Those are our announcements this week. I'll be talking more about them on the Cobia blog and I'm sure Alan and Martin will be chiming in on their thoughts as well over the next few days.

If you are coming to Interop, please stop by our booth. We are in the middle section, just to the left. If you aren't able to make the show I hope I get to see you soon and please feel free to drop email to me.

That is, vendors who embrace it and are public about it. The rest run scared and won't admit when then do use it. And far too many use it and won't admit it for fear that customers learn and see through the expensive prices paid for appliances driven by open source with a "nice gui".

Dana Blankenhorn and Howard Anderson recently shared their views on open source, that it is a great equalizer in the market (my summation.) There are many things in their posts I agree with, and some I definitely don't (open source is not a religion, btw.) Open source changes the playing field. If users have a free, open source alternative, commercial products have to work harder to justify their prices and be competitive.

Open source gives users an immediate solution to their problems, whether that be an IPS, router, VPN, firewall, web server or any number of network services. Developers can take things further by extending, fixing, enhancing or just plain understanding what the source code does.

Of course my examples of open source changing the game come back to Cobia. If you just bought a firewall or a router, you likely wasted your money. Could have had a V8, eh? Yes, could have downloaded Cobia instead of paying more dollars to proprietary appliance vendors (who may have just sold you a good bit of open source packaged on a hardware appliance.)

If any topic is one to dethrone NAC from the top of every conference and media list of hot topics, it's DLP - data leakage prevention. This week our guests on the podcast are here to talk about DLP; Faizel Lakhani, Reconnex VP of products and marketing, and Tom Bowers, security expert and contributor to security magazines such as Information Security. We talk about Tom's efforts in implementing DLP at a prior company, and also how DLP differs from other similar technologies like content inspection. Faizel gives a brief peak into Reconnex products. I think you will enjoy our conversation with them.

In The Converging Minute I discuss the performance delimea so many UTM and multi-function appliances face when users turn on more than a couple of features on the box. I discussed this also in a recent post.

This Week In Security we have rousing discussion about the Windows BIT (Background Intelligent Transfer Service) vulnerability, the OpenSEA consortium which just formed, Snort 3.0 licensing and the controversy around efforts to redefine "derivative works", and lastly, corporate blogging policies.

Alan wraps up the podcast with some kind words about my post Life with Cancer and my wife's battle to beat breast cancer. Thanks, Alan.

If you are new to the podcast, welcome. If you are a regular listener, thanks for listening again!  Feel free to send us any comments or questions at podcast@stillsecure.com.

Note: There are no Soprano's spoilers in the podcast :)

mp3 file

It's an interesting question and I would guess that many UTM users who have turned on more than just a few features beyond the firewall quickly learn that's not such a good idea. Especially for features that do content inspection.

In college I wound up driving a Nissan economy car. It got great mileage and saved on gas money. (More money for beer as I recall!) But one thing I quickly learned is not to turn on the air conditioning unless it was hotter outside than a stolen tamale. That engine, while pretty reliable and economic, turned into a snowplow with any extra drag on the engine making even basic passing enough to scare you into the bicycle lane. (Too bad it didn't cool like a snowplow.)

Same is true with many multi-function appliances. They sell to a price point and then market the feature set to something much larger than often is practical to run. I was talking to a new VAR partner of ours who gave me some very specific examples of some name brand UTM products sized for 5k-10k users provided you only use the firewall. Turn on IPS or content filtering and the practical limit dips down into the hundreds if you're lucky. This is in part what Alan talked about on his blog post about UTMs mostly being used as firewalls. Chris Hoff had a nice comment too and says a bit about how Crossbeam addresses this.

Some of the media gets it too. One of the first questions that Ellen Messmer of Network World asked during our briefing about the Cobia announcement was "...but doesn't everything slow to a crawl once you start turning on features?" Yes, on traditional, fixed appliances. Because so many times you are paying for over priced hardware. It's like anything, you have to read the label carefully. Just because it says "up to 100 users" doesn't mean it performs at that level with all the features described, more likely that's some limit in the software license or maybe you'll never reach that limit in a practical application.

Thus another reason for having an open software platform that runs on off-the-shelf Intel/AMD computer and appliance hardware. Nothing is hidden. If the hardware isn't sized right or you outgrow it, then expand it. Upgrade to a new processor, add memory or reuse that computer for something else and get a new one. That's obviously one of the big benefits for Cobia. You have the control over the hardware and you get more of what you pay for (plus the software is free under the community license.)

So if what you are really looking for is just a firewall then save your money. Maybe you want more? Check out the free Cobia software.

This week's podcast special guest is Paul Congdon, CTO of HP's ProCurve division. If you're not aware, HP ProCurve is #2 in market share of network switches. HP ProCurve has done a fantastic job of not only offering a good product at the right price point, they also differentiate themselves with integrated network management and identity management capabilities. In our interview, Paul talks about those aspects of HP ProCurve, his view on the future of the market, and also Paul's unique perspective as an HP Fellow.

In The Converging Minute I follow up my recent post about Cisco's entry into the low end of the SMB market with their VoIP centric SBCS product bundle.

This Week In Security is a discussion of Sourcefire's misfire in revenue and impact in the stock market, Sourcefire's ETM product annnouncement, and the most recent Microsoft DNS vulnerability for Windows 2000 and 2003 Server.

Thanks for listening and as always please feel free to send Alan and me comments or questions at podcast@stillsecure.com.

mp3 file

Ever use a consumer networking product but expect to be able to get support at a knowledgeable level? I’ve pretty much given up on expecting anything resembling knowledgeable support for low end networking gear such as routers, broadband routers, and wireless units. Even doing a basic firmware upgrade can be a risky proposition – I learned my lesson on that one the hard way; make sure Best Buy is open or have a plan B option ready before you upgrade. If it’s under $200 and you can’t figure it out yourself, time to throw it away and get something better.

Jack Wallen blogged about his experience just trying to get Linksys to answer a simple question about whether his Linksys router was blocking his traceroute. A simple question turned in to protracted discussion about his use of Linux and that Linux isn't supported with his Linksys router. (Funny, given that the Linksys device ran Linux as it’s OS.)

Remember that consumer products and their support are a matched set. A knowledgeable engineer on the phone with tech support many times is like an impedance mismatch. How many times have you been told to reboot your machine just to get it to request a DHCP address, or something similarly simple.

Most tech support doesn’t try to assess your knowledge level and then ratchet up the conversation to where you operate. How my mom would talk to a Linksys or similar support person (let’s hope she doesn’t call them anytime soon, or I'll be fixing her network again) would be very different than if I or another network engineer would call to discuss a problem. Actually, the problem we would call about would be much different too.

So for anything other than an RMA, I don’t call tech support much for consumer devices. It’s usually not worth the time or the mental anguish.