{"id":2262,"date":"2017-12-01T09:50:31","date_gmt":"2017-12-01T07:50:31","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2262"},"modified":"2017-12-01T09:50:31","modified_gmt":"2017-12-01T07:50:31","slug":"aint-no-perfect-thats-why-we-need-network-protection","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2262","title":{"rendered":"Ain\u2019t No Perfect. That\u2019s why we need network protection."},"content":{"rendered":"

\"\"When we talk about secure platforms, there is one name that has always risen to the top: Apple<\/a>.\u00a0 Apple\u2019s business model for iOS has been repeatedly demonstrated to provide superior security results over its competitors.\u00a0 In fact, Apple\u2019s security model is so<\/strong> good that governments feel threatened enough by it that we have had repeated calls for some form of back door into their phones and tablets.\u00a0 CEO Tim Cook has repeatedly taken the stage to argue for such strong protection, and indeed I personally have\u00a0 friends who I know take this stuff so seriously that they lose sleep over some of the design choices that are made.<\/p>\n

And yet this last week, we learned of a vulnerability that was as easy to exploit as to type \u201croot\u201d twice in order to gain privileged access.<\/p>\n

\"Wait<\/p>\n

 <\/p>\n

Wait. What?<\/strong><\/p>\n

 <\/p>\n

 <\/p>\n

Ain\u2019t no perfect.<\/p>\n

\"\"If the best and the brightest of the industry can occasionally have a flub like this, what about the rest of us?\u00a0 I recently installed a single sign-on package from Ping Identity<\/a>, a company whose job it is to provide secure access.\u00a0 This simple application that generates cryptographically generated sequences of numbers to be used as passwords is over 70 megabytes, and includes a complex Java runtime environment (JRE).\u00a0 How many bugs remain hidden in those hundreds of thousands of lines of code?<\/p>\n

Now enter the Internet of Things, where manufacturers of devices that have not<\/strong> traditionally been connected to the network have not<\/strong> been expert at security for decades.\u00a0 What sort of problems lurk in each and every one of those devices?<\/p>\n

It is simply not possible to assure perfect security, and because computers are designed by imperfect humans, all these devices are imperfect.\u00a0 Even devices that we believe are secure today will have vulnerabilities exposed in the future.\u00a0 This is one of the reasons why the network needs to play a role.<\/p>\n

The network stands between you and attackers, even when devices have vulnerabilities.\u00a0 The network is best in a position to protect your devices when it knows what sort of access a device needs to operate properly.\u00a0 That’s your washing machine.\u00a0 But even for your laptop, where you might want to access whatever you want to access, whenever you want to access it, through whatever system you wish to use, informing the network makes it possible to stop all communications that you don’t<\/strong> want.\u00a0 To be sure, endpoint manufacturers should not rely solely on network protection.\u00a0 Devices should be built with as much protection as is practicable and affordable.\u00a0 The network provides an additional layer of protection.<\/p>\n

Endpoint manufacturers thus far have not done a good job in making use of the network for protection.\u00a0 That requires a serious rethink, and Apple is the posture child as to why.\u00a0 They are the best and the brightest, and they got it wrong this time.<\/p>\n","protected":false},"excerpt":{"rendered":"

If Apple can blow it, so too can the rest of us. That\u2019s why a layered defensive approach is necessary.<\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50,87,545,9],"tags":[57,362,496,569],"class_list":["post-2262","post","type-post","status-publish","format-standard","hentry","category-complexity","category-internet","category-iot","category-security","tag-apple","tag-cybersecurity","tag-security","tag-vulnerabilities"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2262"}],"version-history":[{"count":2,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2262\/revisions"}],"predecessor-version":[{"id":2266,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2262\/revisions\/2266"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}