Warning: include_once(/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php): failed to open stream: Permission denied in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304

Warning: include_once(): Failed opening '/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php' for inclusion (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304
Everything old is new again « The InfoSec Blog
The InfoSec Blog
14Sep/16

Everything old is new again

http://www.databreachtoday.com/whitepapers/seven-reasons-micro-segmentation-powerful-to-have-painless-to-add-w-2704

What's the saying "Those who forget history are doomed to repeat it over again"?

Weren't we doing this with routers and ... well if not firewalls as such then certainly filtering rules in the routers, way back in the 1980s?

Jon Postel, c. 1994

Jon Postel, c. 1994 (Photo credit: Wikipedia)

I recall attending a luncheon put on by Dell about "Software Defined networking". Basically it was having routers that were 'agile' enough to change routing and implement tactical policy by load, demand and new devices or devices making processing demands.

Again we were doing that in the 1980s. Working with ANS as they cut over the academic internet to the commercial internet with their "CO+RE" pseudo-product. basically it was that they had been supporting the academic internet and were not selling commercial services using the same backbones, trunks and "outlets" (sometimes known as 'point of presence'). This 'policy based routing' was carried out by custom built routers; they were IBM AIX desktop boxes -- the kind I'd used to implement an Oracle based time management/billing system for at Public Works Ottawa a few years earlier, along with some custom built T3 interface cards.

ANS wasn't the only company selling commercial internet services by the end of the 1980s; I was running UUNorth here in Toronto and Phonorola were trying to sell leased line service in Ottawa. Phonorola had a problem, though, they were a telco and telcos then traditionally had a complex matrix of pricing by bandwidth of connection, bandwidth of use, time of use and few other factors.
I did much better by using either fixed monthly fee or connection time based billing.
It was easier for the customer to understand and was much easier from my point of view since it required less complicated software for billing purposes.

But the ANS routing simply *had* to do what we today call 'software defined networking'. New subnet were being added as customers gained them, registering with the IANA function of administering registries of Internet protocol identifiers (including the distributing top-level domains and IP addresses) which was was performed by Jon Postel, a Computer Science researcher who had been involved in the creation of ARPANET -- what since 1998 is ICANN -- and this was done in a very haphazard way. There was no logical hierarchy and some organizations implemented their own cross-geographic routing of their subnets..

Not only were subnets being added, they were being moved, and routing tables needed to be dynamically re-written. Local routers had to recognise their connections and communicate with others, so we developed a host of inter-router management protocols and further routing and aggregation algorithms as this went on. Firms like Cisco developed their own, optimized for their own product and often closed protocols.

But if we step back 25 years we can see the process of 'software defined networking' going on. At that Dell lunchtime presentation at a downtown Toronto steakhouse I found myself frustrated with the sales-droids dressing up the old in new clothing as if they had invented it.

And here we have another example.
The simplistic case of segmentation is at the router with the traditional DMZ.
But even in the 1990s I was suggesting that there be many instances of the DMZ, with one and only one machine, service, on each. Trivial, 'degenerate' or "beedin' obvious" depending on your point of view.

What comes to mind is a quotation from Voltaire:

If we believe absurdities, we shall commit atrocities.

Posted by Anton Aylward

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.