Archive for November, 2008

WLAN Mesh on a VPN?

Posted: November 26, 2008 in Posts

We noticed an article in InformationWeek recently on the subject of WLAN Mesh:

WLAN Mesh Moves Into New Territory:

“Enterprise mesh’s benefit is clear: pervasive connectivity throughout the organization. Unbound by the constraints of copper or fiber, wireless mesh enables enterprises to deliver ubiquitous access and services to parts of their facilities that previously were untouchable by their wired architectures, while managing it as a subset of their overall wireless architecture.”

Mesh is used primarily over close geographic distances; a neighborhood, office park, or large office building. Connecting to a mesh network from a VPN seems to run into a couple of issues:

  1. When you roam from node to node, does your VPN client need to re-establish connection and authenticate?
  2. How do you manage a corporate network over a mesh in a large office park or building? The Mesh Networks Research Group seems to suggest that this would be a management nightmare with SSL. Meanwhile, this video explores some larger considerations for security strategy over a mesh network.

The impact of WLAN Mesh on VPNs is clear… but how do you deal with it? Has anyone had to rethink their strategy? We’re interested in hearing any and all insights or feedback.

What we’re reading, week of 11/24

Posted: November 24, 2008 in Highlights

From Tao Security…
Don’t Fight the Future
Richard Bejtlich discusses his predictions for the future of IT security. Among his projections: every device will be able to communicate with every other device; every device must protect itself; Intranets and VPN connections will disappear. Do you think Bejtlich has missed the mark on any of these predictions?

From Emergent Chaos…
Quis custodiet ipsos custodes?
Adam calls attention to two prominent news stories of internal organizational data leakage. “There’s a couple of things happening here. The first is that everyone who works in an organization with lots of personal data knows that snooping has gone on forever. But organizations are changing their approach. They are now starting to audit and address that snooping.”

From Schneier on Security…
BNP Database Leaked
Bruce Schneier points us to another story of data leakage, from the British National Party, and speculates on what the implications of this leak might means for some of the party’s members (who may have wanted to remain discreet).

From TaoSecurity…
A two part series. In part one, Managing Security in Economic Downturns, Richard Bejtlich outlines seven requirements for managing security in a dissicult economic climate. In part two, Reading on Justifying Security Operations, he compiles an excellent set of external resources on this topic – specifically related to security value-measurement and metrics.

We read an interesting piece in the WSJ by Bruce Schneier today…

Why Obama Should Keep His BlackBerry – But Won’t

Schneier discusses the communication security measures Barack Obama’s lifestyle will have to undergo once he takes office. He brings up a great point in that the heightened security standards within the highest offices of government simply cannot keep up with the pace of openness in communication technology:

Until our CEOs blog, our Congressmen Twitter, and our world leaders send each other LOLcats – until we have a Presidential election where both candidates have a complete history on social networking sites from before they were teenagers– we aren’t fully an information age society.

What do you think? Will the office of President keep pace with American society’s expectations about communication security? This period we’re heading into, where there lies such a contrast between the security standards in the White House and the technological realities of everyday life, is guaranteed to be a fascinating struggle.