10/15/03

All in 1 Security Devices

Recently, Internet Security Systems, Inc. (www.iss.net ) announced "Proventia", an "All-in-One" security device. (See their press release at ugly URL http://bvlive01.iss.net/issEn/delivery/prdetail.jsp?oid=22929.) It is supposed to do away with the need for firewalls, antivirus, content filtering, anti-spam, and IDS. Their press release quotes their chairman, president, and CEO Tom Noonan as saying, "Today marks the end of an era in stand-alone security technologies. Internet Security Systems' Proventia products will revolutionize information security, delivering complete, cost-effective protection and simplicity." What, the end of another era?

Well. First off, I kind of like stand-alone security devices. Single-purpose machines are easier to trust than multi-purpose machines. It's the old "security/complexity" teeter-totter. (See Security Axioms.) A few years ago what was the first Internet firewall to have a CERT alert posted against it? Okay, right, it was Firewall-1, but a few months later CERT issued CA-2001-25 reporting "Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code." This happened—as far as I can tell—when Network Associates started making Gauntlet more complex. The problem was a buffer overflow in a stub program to allow the use of "Cyber Patrol" URL screening. It was not a bug in the Cyber Patrol code. It was in the module added to allow the hooks for Cyber Patrol.

My point is the more complex, the more likely of introducing a bug. In a security device, it will likely be a security-related bug. I don't like large, multipurpose security devices. They scare me and they should scare you.

The press release goes on to say, "Proventia unifies firewall, virtual private network (VPN), anti-virus, intrusion detection and prevention into one engine, under one management system, to protect at the network and the gateway. In the future, Proventia will add application protection, content filtering and anti-spam functionality to the unified engine." Yipes. Complex, no? But then it says, "Proventia's simplified protection for every layer of business infrastructure eliminates the complexity associated with today's legacy security products."

So, here's what it looks like. This is a very complex system doing only loosely-related things. All of these functions will be managed from one management console.

This may provide "maximum security" that is "simple" as well as being "cost effective," but I'd want to be convinced. What do those terms mean to you? To them? Do you trust them to be able to put all of those things together into one "easy to use" system? If you are taking an "all-in-one" approach, you'd better trust everything under the hood.

No comments: