« Red Hat Linux vs Microsoft Windows: what really matters | Main | The effect of legislation »
April 22, 2005
Built-in not bolt-on
I just gave a talk at the Systems and Software Technology Conference, the major IT conference for the Department of Defense. I had an interesting conversation with someone from a branch of the military, who told me about their need to have security "built-in" and not "bolt-on."
The reason? Laptops that are used on the battlefield can be in storage for prolonged periods of time in between usage. If they are reliant on security systems that need updating, such as Antivirus signature-based systems, they could be out-of-date each time they are deployed.
This could be a serious risk, since such machines may become internet exposed, depending on their location in the network. And of course, it only takes a worm in one of the laptops to infect all the others. Furthermore, they may also be vulnerable via wireless.
Consequently, they would prefer it if they could have systems that are immediately protected when they are deployed. An interesting application of the Innate Defense concept indeed - the idea that you have inbuilt protections for common classes of security threats, such as buffer overflows. Innate defenses are generally not comprehensive, but solve one problem effectively, without requiring updates or tuning.
Comments
One option might be flash memory HDs which are refreshed with the latest OS and apps before being put into the field. the last thing a soldier wants to do is patch their system and reboot while being shot at. the main system which flashes the laptops can be updated daily and possibly have remote communication with the child systems to push updates. installing an OS and then walking away from it for more than a few months is a major security issue.
Posted by: jojo at March 21, 2006 06:56 PM