StillSecure, After All These Years: Riddle of the day: What do you get when you mash up IPS, LDAP and a firewall?

August 05, 2007

Riddle of the day: What do you get when you mash up IPS, LDAP and a firewall?

Wonderbread_1 WonderNAC of course. My friend Dominic over at Nevis has been on a bit of a tirade lately about the great things his companies products are capable of. Reading it, you can almost believe that they are actually selling any of it, almost anyway. First I was wrong, now Mike Fratto is wrong, who will be next? Seems everybody is wrong, except the Nevis folks (OK, I bet they think ConSentry is right too, on second thought not really, after all ConSenty competes with them too.)

To hear Dominic tell it, pre-connect posture checks and such are useless. After all, if you put their wonderbox in line and pray that it doesn't go down and bring your network down with it, it is going to find and stop anything bad anyway. And using their latest innovation in technology, they can actually control where people go on the network, better then switches, VLANs, ACLs and everything else can. In spite of the billions of dollars that the leading network infrastructure companies have put into this, Nevis would try to have us believe they have something better. What is this new feat of technology you ask? Why a firewall of course. Lets face it, what Nevis and their ilk are really trying to push on us is yet another expensive black box that has a firewall, an IPS and integrates with LDAP. Plain and simple that is it. Oh yeah you can buy it in a switch form factor too. That is because they realized trying to sell it as a stand alone appliance just increased the amount of hardware you need to run your network by a factor of 2.

So what do you get with the wonderbox/switch? Is the IPS that is claimed to work at line speed as good as the best IPS's? Is it a Tipping Point, an Intrushield, an ISS Proventia? Is it an IPS you ever heard of? Or is it a vanilla Snort clone using 30 day old signatures? Dominic would you really have us believe that it is going to catch all malicious attacks and traffic, whether intentional or not? Come on Dom come clean, what kind of IPS would you have us bet the house on? And the firewall? Checkpoint? Pix? Sidewinder? Or is it a hacked up IP tables and what is the rule limit on it before it brings the black, wonderbox to its knees. Of course you don't worry about how much throughput the box can handle, because the limitation on the number of firewall rules will kick in and choke things way before that anyway.

What about it's switching capabilities? Does it have the advanced features of the latest Cisco, Extreme, HP ProCurve or Foundry gear? Can it handle the kind of throughput that Force 10 can? Of course not. Its switch capabilities are closer in performance to a decent linksys or d-link box. Great for your home network, but are you going to trust your enterprise to it?

Lets look at this from another angle. If I asked you to invest in a new company that is going to replace Cisco, HP and the rest of the switch vendors out there, as well as replace the leading IPS's with a wonderbox. That has neither new switching technology nor superior IPS functionality, how much would you write a check for? At best they can hope to be bought by a switch company and have thier technology incorporated into a real switch. If the switch vendors don't do it themselves first that is.

So what do we really get with the wonderbox? We get a mash up of yesterdays technology on an expensive box made to look like a switch. It doesn't do IPS as well as an IPS. Doesn't do firewall as well as a real firewall and doesn't do switching as well as a real switch. So what does it do? Well it doesn't even do what NAC started off doing (yeah thats right Dom, I was there and that is what NAC was supposed to do, not sure where you were then), namely checking devices before they come on the network. Is it any wonder that this is what Cisco NAC, Microsoft NAP and the TCG/TNC do. They all do pre-connect posture checks. This element of NAC is frankly a weak spot in the wonderbox model, so the spinmiesters would have us believe it is of limited or little value. Well, pre-connect health and re-occurring posture checks are still what is driving the NAC market, despite what Dom would have us believe and I think the sales numbers back that up. Dom and his brethren will tell you that this is the difference between Network Admission Control and Network Access Control. They blame Cisco for the confusion. So Dom let me give you a little history lesson. Cisco's NAC framework was originally called Network Admission Control. It was the folks at Gartner that co-opted NAC to mean Network Access Control. You have made it a holy war, but it is still about checking devices to make sure they are not introducing anything bad into the network. The identity based access and IPS functionality are bolt ons.

That is not to say that identity based access control and IPS like functionality as well as remediation (how are you doing remediation without some kind of agent BTW Dom?) are not valuable capabilities that a NAC solution should sport. The product category is still evolving. But make no mistake, mashing up a second rate IPS, firewall with integrated LDAP on an expensive box/switch does not a NAC make.

10:40 AM in NAC, other security companies | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/547509/20600230

Listed below are links to weblogs that reference Riddle of the day: What do you get when you mash up IPS, LDAP and a firewall?:

Comments

Lijit Search

disclaimer

The views and opinions expresed here are those of myself only and in no way represent the views or positions or opinions of my employer, Latis Networks, Inc. d/b/a StillSecure or anyone else.

Forbes.com

StillSecure, After all these years, the podcast

Currently Reading

James Carroll: Constantine's Sword: The Church and the Jews -- A History
Looks like a book I will learn a lot from. It is long, but than again it covers two thousand years. Will be interesting to see what I say when I finish. (****)

Read Recently

Wilbur Smith: The Quest
Smith has an amazing ability to transport you back to ancient Eygpt. I have read several of his novels about Eygpt and am always totally absorbed from the very first pages to the end. (****)
Jeff Shaara: The Rising Tide: A Novel of World War II
Great historical novel about WWII. North Africa and Sicily campaigns come alive. You feel like you really are getting to know Ike, Patton, Rommel and the rest. (****)
Dale Brown: Strike Force: A Novel
Another great book by Dale Brown. Iran is getting help from Russia and the Iranian monarchy is trying to overthrow the theocracy. Dreamland's super weapons to the rescue! (****)
Christopher Moore: Lamb: The Gospel According to Biff, Christ's Childhood Pal
The Gospel according to Jesus's childhood pal, Biff. Need I say more. Actually pretty funny stuff. (***)
David Weber: Off Armageddon Reef
Aliens have destroyed humanity. A small isolated colony has been hidden to grow into a new human empire, but they are robbed of the knowledge of their inheritance. A religion based on keeping the people in the dark about their legacy controls the world. Great reading, good fantasy (****)
Michael Chabon: The Amazing Adventures of Kavalier & Clay
Brad Feld gave me this book. It is a Pulitzer Prize winner from the author of the Yiddish Policemens Union. This book is even better. Funny, yet biting it brings the horror and excitement of WWII to life through the eyes of a jewish refugee from Prauge and his cousin from Brooklyn. All about the comic book industry and real life tragedies and love. Worthy of all the praise and awards! (*****)
W. Michael Gear: People of the Nightland (First North Americans)
I have read almost every book in this series of paleo Indians by this husband/wife team. I don't know what it is, but I love hearing these stories based upon Native American legends and myths. (***)
David Michaels: Tom Clancy's EndWar (Tom Clancy's Endwar)
A new series inspired by Tom Clancy and based on a game. It is WW III, Saudi Arabia and Iran have exchanged nukes and the Russians are fighting the US and Euros. Not up to Clancy himself standards, but a good airplane read. (***)
John Grisham: The Appeal
A new legal thriller from Grisham. Does anyone do these better? It started right up from the get go and holds the reader captive. Without giving away the ending, Grisham brings the end of this book home to today's political climate. (****)
Gary Jennings: Aztec Rage (Aztec)
A continuation to the series started by the late Jennings. Not quite as brilliant as the first novel, but it is fairly faithful to Jennings style and continues the history of the Aztec/Spanish mix that becomes Mexico. (***)
Stephen Baxter: Navigator: Time's Tapestry, Book Three (Time's Tapestry)
The 3rd in this alternate history series by Baxter. I am still waiting to see what is alternate about this history. Alternate or not though, Baxter is a master storyteller and it is a pleasure to read. (****)
Harry Turtledove: Opening Atlantis
The first in a new trilogy by the master of alternate history. In this series there is an 8th continent between Europe and America called Atlantis. How it effects the unfolding of world history will be the subject of the series. So far it is pretty interesting. (***)
John Grisham: The Innocent Man: Murder and Injustice in a Small Town
This is a non-fiction book but reads like lots of Grisham's legal thrillers. After reading this book it is hard to think that the death penalty can be enforced in this country without innocent men being executed. It also makes you think Oklahoma is just not a great place to be living in. (***)
David Michaels: Tom Clancy's Splinter Cell: Fallout (Tom Clancy's Splinter Cell)
I really like this series and its hero Sam Fisher. Based on a video game the author has done a great job making Sam Fisher a real person. In this one Sam is chasing his brothers killers who are involved in nuclear terrorism in the former USSR.
Michael Crichton: Next (Harper Fiction)
Everything comes together a little too coincidentally, but it shows us what can happen with gene science gone mad. (**)
Raymond Khoury: The Sanctuary
I liked his Templar book so thought I would give this one a try. Set in 1700's Europe and modern day Iraq and Lebanon, it is a good thriller. (***)
Stephen Baxter: Conqueror: Time's Tapestry Book Two (Time's Tapestry)
Book 2 in the time tapestry series, it is a great historical novel of post-Roman Britain. I am just not sure what the alternative history is here. It seems pretty much as I remember learning it. (***)
John Grisham: Playing For Pizza: A Novel
Another one of Grisham's easy reading non-legal thriller kind of books. A disgraced NFL quarterback goes to play for pizza in Italy. (***)
Harry Turtledove: The Grapple (Settling Accounts, Book 3)
Somehow I am on book 3 of this series. I read book 1 and 2, but did not write up the review of 2. Anyway, in book 3 the tide turns against the CSA and for USA. Great alternate history of WW II (***)
Bill Bryson: The Life and Times of the Thunderbolt Kid: A Memoir
I was looking for something light on a trip back home. Though I am a bit young (beleive it or not) for a lot of this and did not grow up in the Mid-West there are some things about growing up that are universal. Very funny book! (****)
Dale Brown: Dale Brown's Dreamland: Retribution (Dreamland (Harper Paperback))
One of the better ones so far in this series. Lots of cool weapons and sinister bad guys. (***)
Thomas L. Friedman: The World Is Flat: A Brief History of the Twenty-first Century
Finally it comes to paperback and a new updated edition at that! For some reason I never read this bible of our brave new world. So much of it now seems obvious, but there is still much to learn here. (****)
Brian Herbert & Kevin Anderson: Sandworms of Dune
Finally! All of your questions around Dune are answered. The fate of the Universe and the Tyrant's Golden Path is revealed. Every Dune fan should read this one to tie up the loose ends. Also reading Herbert and Anderson's prequels to the original series will help. (*****)
Jack Whyte: Knights of the Black and White
I don't know what it is with Templars, but I am facisinated by the story. This is a good one and looks like the start of a series. I reccomend it! (****)
Patrick M. Lencioni: The Five Dysfunctions of a Team: A Leadership Fable
Got this book from Mitchell. It is a quick read and offers some excellent insight into how a real team can function allowing for the free flow of information and exchange of ideas in a healthy and productive way. Great read for anyone part of an executive team. (****)
Harry Turtledove: Return Engagement (Settling Accounts Trilogy, Book 1)
The start of WW II in the alternate history series by Turtledove. The CSA gets off to a quick start against the USA. (***)
Michael Chabon: The Yiddish Policemen's Union: A Novel
Full of Yiddish sayings, in this alternate history of post-WWII Jews is both funny and sad. A good read wrapped in a detective story who done it. (***)
Dale Brown: Edge of Battle
Dale Brown does better when doing battle with other superpowers, not drug smugglers, terrorists and tackling topics immigration reform. I love his action and technology, but didn't like the subject matter. (**)
Kevin J. Anderson: Of Fire and Night (The Saga of Seven Suns, Book 5)
This one clears up a lot of the plot lines from the first four books in a neat bow. However, just when you think the end is near, a new twist comes along that has you waiting for the next book. A big time scifi epic! (****)
Kevin Phillips: American Theocracy: The Peril and Politics of Radical Religion, Oil, and Borrowed Money in the 21stCentury
This can be dry and slow reading, but will open your eyes to what is really going on here. Phillips, a former Republican strategist, lays out a strong case on how oil, religious wars and debt are driving America away from world leadership. (****)
Raymond Khoury: The Last Templar
Another book on the long lost secret of the Templars, which can bring the Church to its needs. It was a good thriller. All of these DaVinci Code spawn are starting to run together in my mind. (***)
Harry Turtledove: American Empire: The Victorious Opposition (American Empire)
Turteldove is the master of alternate history. Many other SF writers are trying this genre, including Card and Baxter. In this one, the Confederate States of America takes on the role of the Nazi's in pre-WWII. Good read. (***)
Steve Berry: The Templar Legacy: A Novel
A DaVinci Code type of novel, with the recent press and controversy around the tomb of Jesus being discovered, this one became more real from it. A good read. (****)
Steve Berry: The Third Secret: A Novel of Suspense
A love story of a priest, a pope and the woman they loved. Wrapped around a quest for the missing 3rd secret of Fatima and an anti-christ potential new pope. Good story (***)
Tobsha Learner: The Witch of Cologne
A little slow moving at first, it picks up steam mid way through. A tale of the end of the inquisition and the begining of modern Europe. This is the backdrop of a forbidden love between a Kabalah trained midwife and her inquisitor priest. It did get you into the plot. (****)
Mark Winegardner: The Godfather's Revenge
Another follow on authorized by Mario Puzo's estate. This fills in the time between Godfather, Part 2 and Part 3. With the characters from the original, it can't help but be good. (***)
Orson Scott Card: Empire
Its the red versus blue states, urban versus rural, neo-cons versus the far left, in this American Civil War II. A little far fetched, the treachery though kept you guessing who and what was really behind it. (****)
James Patterson: Honeymoon
My first Patterson book. I don't usually go in for this type of thriller, but I was getting on the plane in 5 minutes and had to have something to read. I finished it in just a few hours, it was pretty good. (***)
Stephen Baxter: Transcendent (Destiny's Children (Paperback))
The third in the hive series by Baxter. It has his usual long historical sweep between the near and far future. Good harc core sci fi. (****)
David Michaels: Tom Clancy's Splinter Cell: Checkmate (Tom Clancy's Splinter Cell)
This series based on a PC game (corny isn't it) has actually turned into one of the better Clancy series out there. It is number 3 in the series and was pretty good. (***)
Dale Brown: Dale Brown's Dreamland: End Game (Dreamland (Harper Paperback))
Another in the Dreamland series by Dale Brown. It started off a bit slow, but revved up to the usual Brown level of thriller. (***)
Eric Flint: 1812: The Rivers of War
A good alternative history of the War of 1812 and the role of the Native Americans. The alternative prospective is allowing the Cherokee's a planned retreat West and sparing them the Trail of Tears. (***)
Harry Turtledove: End of the Beginning: A Novel of Alternate History
The great sequel to an alternative history where the attack is Pearl Harbor is followed by an invasion and conquest of the islands. No we take them back with a vengence. (****)
Mitch Albom: For One More Day
Like all his books, this one will make you laugh a little, cry a little and think a lot. This particular story was a bit close to home for me. It is a quick read. (*****)
Eliyahu M. Goldratt: The Goal
A great book to make you think about managing a business in a new way. I highly recomend it to anyone interested in how to measure and effect efficient production (****)
Brian Herbert: The Road to Dune
Sort of like viewing the bonus features on a DVD, only the most hard core Dune fan is going to appreciate this. Stuff that wasn't good enough for the originals put together here. (**)
Brian Herbert: Hunters of Dune (The Dune Series)
OK the son is not the father (talking about the authors, not the characters), but this is based on his outlines and haven't you always wondered who the outside enemy was. This is chapter 7 of Dune and if you read the others, you have to read this. (****)
Harry Turtledove: Days of Infamy
I love Sci Fi and Historic novels. So I am drawn to alternate . This one involves the invasion of Hawaii after Pearl Harbor. Of course it will change the course of WW II, at least for a little while before the inevitible. (***)
Dan Simmons: Olympos
Great conclusion to Ilium. This book ties up the the varied stories of both books into one story line. A vast sage, I think this may be his best yet! (****)
Jeffrey Anderson: Second Genesis
Great story on genetic manipulation, stem cells, medical ethics and just a great thriller. I really liked this book about genetically enhanced chimps. (****)
Chris Stewart: The Fourth War
With everything going on in the Middle East, this one got a little to real. Pakastani nukes are up for grabs. The Israeli Shin Bet and US CIA try to get to them before an Al Queda type of organization can get there hands on them. Scary stuff! (****)
David McCullough: 1776
McCullough is a master of well researched history. This is just about the first year of the revolution and puts you in the middle of the pivotal events. (****)
Kevin J. Anderson: Scattered Suns (The Saga of Seven Suns, Book 4)
After my last two books, it was time for something a little lighter. This is book 4 in a grand SciFi space saga. Lots of characters and plots, good reading. (****)
Karen Armstrong: A History of God: The 4,000-Year Quest of Judaism, Christianity and Islam
A great historical look at the evolution of our concepts and beliefs in God, primarily from the view of Judeo-Christian-Islam perspective. However, other philosophies and religous beliefs are discussed as well. It is very heavy on philosophy and mysticism. You need to think with this book. (****)
James Bradley: Flag of our Fathers
A detailed personal look at the 6 Marines in the famous Iwo Jima flag photo, written by the son of one of them. The loving attention to these American heros is well deserved. (****)
Arthur C. Clarke & Stephen Baxter: Sunstorm (A Time Odyssey)
A sequel to their first book together, A Time's Eye, this is hardcore SF at its best. The story revolves around the inner workings of the sun and the catastrophic results to Earth and humanity if any minor deviation of the Sun's energy output were to take place (***)
Edward Rutherfurd: The Rebels of Ireland : The Dublin Saga
Another great book by the master of historic novels. He may even be better than Michener. This is the sequel to The Princes of Ireland and is even better than the first. (*****)
Stephen Baxter: Exultant (Destiny's Children (Hardcover))
A grand sweeping space saga of the type that Baxter is known for. This one covers from before the big bang to the early history of our universe and such hard science topics as dark energy and dark matter. Great book! (****)
Peter F. Hamilton: Judas Unchained
The sequel to Pandora's Star, this book had almost too many sub-plots. It made it difficult to follow sometimes. The story that had so much promise in Pandora's Star, really seemed to just never get off the ground in this one. Not one of my favorite Hamilton books. He can be up and down like that. (**)
Dan Brown: Digital Fortress : A Thriller
For some reason I thought his other books were not going to be as good as Da Vinci and Angels & Demons. No religous theme here, but a good thriller with lots of twists to keep you on the edge. (****)
Steve Perry: Tom Clancy's Net Force 10 : The Archimedes Effect (Net Force)
This series used to be pretty good reading. Lately it is just not as good. It is OK to pass the time though. (**)
Troy Denning: The Swarm War (Star Wars: Dark Nest, Book 3)
Set after the New Jedi Order series, good filler for trying across the country. (**)
Joseph J Ellis: His Excellency
Good biography on Washington, by one of the masters of revolutionary war history. (****)
Michael Crichton: State of Fear
Great book about the environmental movement. Chricton has another thriller, but this will make you think about your views on global warming, the media and other environmenta issues (****)
David Michaels: Tom Clancy's Splinter Cell: OPERATION BARRACUDA
Based on a video game (yeah thats right), this series is actually pretty good. Makes for good airplane reading. (***)
John Grisham: The Broker
I had low expectations but this book really hooked me. I was over 200 pages in before I took a breath. The end was sort of rushed, but enjoyed this book. He is a master storyteller. (****)
Billy Crystal: 700 Sundays
Based on his one man Broadway show. Billy examines his relationship with his Dad who died when he was 15. He spent about 700 Sundays with him. You will laugh a little and cry a little but I think you will like it. (****)
Bob Dylan: Chronicles : Volume One
One cliche after another, you had to laugh after a while. A hodge podge of glimpes into his early and mid-career. The DVD is much better. (**)
Philip Roth: The Plot Against America: A Novel
A "what if" book. The premise is Lindbergh runs for president in 1940. He defeats Roosevelt, keeps us out of the war and institutes a anti-semtic, facsist administration. Scary! (***)
Ian Caldwell: The Rule of Four
Not as good as the Dan Brown novels I think but an interesting puzzle book. Lots of Princeton stuff by two new young authors (***)
Dale Brown: Act of War : A Novel
I have read all of Dale Brown's books starting with Flight of the Old Dog. If you like Clancy, you will love Dale Brown. (****)
Jeff Rovin: Op-Center XII: War of Eagles (Tom Clancy's Op-Center)
Uses Tom Clancy's name but by other authors. I read all of these series to fill time on planes. Not the greatest books you will ever read but they pass the time away (**)
Brad Meltzer: The Zero Game
My first book by Meltzer, it just seemed a little to simple for me. (**)
Stephen Baxter: Evolution
Great Sci Fi from one of the two new great authors of sci fi from the UK. Baxter and Hamilton pick up the baton from Clark and Asimov (****)
W. Michael Gear: People of the Raven
Another in the first American series. Here white people come to the Pacific Northwest thousands of years ago. (****)
Jimmy Carter: The Hornets Nest
It's hard I guess for an ex-president to really let loose. However, good historical novel of Georgia in American Revolutionary times. (***)