Monday, April 14, 2008

How to Build an Insecure Environment

One of the worst habits in the IT industry is for engineers to do things "because they can".

Today's manifestation of "because we can" comes from Cisco, which is introducing application server capability to routers. The idea is that since all your traffic's going to pass through a router, why not put the application right there in the router, so that the application is where the traffic is?

It's a very simple idea, and very obvious. So simple and obvious that it has, in fact, been tried before. Back a decade or more, I recall looking at enterprise network equipment with modules designed to host Novell NetWare servers.

It didn't take off then, and I hope it doesn't take off now.

In case you hadn't noticed, Cisco's name makes regular appearances in CERT advisories. Now, this isn't to say "Cisco's been slack", but rather to point out that its equipment, like all the equipment on the Internet, will be subject to vulnerabilities.

Only fools put all their eggs in one basket.

Where I will criticise Cisco is that in this case, the marketing pitch is at odds with the customers' interests. The customer's interest is to have a properly segregated environment; Cisco's interest is to be in command of as much of the customer's infrastructure as possible.

In previous iterations, "servers in network infrastructure" failed not because of security concerns - we all lived in a more innocent world 15 years ago. Rather, customers were concerned about tying their applications to a single-vendor execution platform, and expected that server vendors would run a faster upgrade cycle than network platform vendors (for whom servers were a sideline).

This time around, security should be the deal-breaker - if the customers are paying attention.