Researchers uncover truth about shadowy 'technology'.
Its the continuing adventures of self-defending Networks!
In our previous episode, SDN found itself facing threats on two fronts: in the fictional world of the television show "24,"
where SDN successfully thwarted an attack by sophisticated terrorists, and in the real world, where its source code was compromised by a teen hacker. But these threats were nothing compared with what SDN is facing nowthe free flow of information.
Our episode opens in a secret bunker somewhere in California. An SDN analyst stares in horror at a monitor. "Bad news," says the analyst. "A rogue security researcher
plans to give a talk at the Black Hat conference that will show how insecure SDN really is."
Jumping to respond is top SDN Agent 5500. "We have to stop this scum from talking," says 5500. "Hes going to reveal vulnerabilities in the core infrastructure of SDN that will let any competent hacker take it over. We must get to Las Vegas!"
Later, in a convention center in Las Vegas, a security researcher walks down a dark corridor. Suddenly, Agent 5500 emerges from the shadows and throws the researcher against a wall. "Your little game is over, scumbag," growls 5500. "As we speak, SDN agents are removing all traces of your talk from the conference materials."
"Youre too late," says the researcher boldly. "I already gave my talk to a crowd of cheering attendees. Now people know about the dangerous ways that the core routers of SDN can be compromised and used against their own networks."
"You maniac!" roars Agent 5500. "Do you know the damage you may have caused? Sure, by revealing the truth about the vulnerability, youre potentially helping thousands of people protect their networks against hackers, but did you think about the victims of your talk? What about the executives and shareholders in the company that makes SDN? They may have to cut back a little on their extravagant spending habits. And now they also have to deal with the embarrassing fact that reality doesnt match their marketing pitches. They cant handle the truth!"
"It doesnt matteryoure still too late," the researcher replies.
With an evil grin, Agent 5500 says, "Well, Im going to make sure you dont spread any more of your truth."
"No! Are you going to break all my fingers or electrocute me?"
"Worse. Im calling the lawyers."
Should software vendors come clean about vulnerablities? Heck, yes, says Jim Rapoza. Click here to read more.
Later, back in the secret bunker, the head of SDN addresses the troops.
"People, today we faced a grave threat from those who believe that knowledge is power and that information about security holes should be shared with customers rather than hidden. Luckily, using intimidation, narrow-mindedness and hordes of lawyers, we pulled out a victory.
"We must remain vigilant," the SDN leader continues. "There are many who dont believe in security through obscurity. They know that if a security hole exists, it is a good bet the real bad guys already know about it and know how to exploit it. These fools think knowledge about vulnerabilities should be shared.
"We must continue fighting these researchersno matter how bad we look in public. Sure, some in the technology media will say these actions show how clueless we are about security. They will say companies with much more experience and as much at risk from vulnerabilities have learned to work with researchers instead of intimidating them with legal threats. Just because that works for those companies doesnt mean it works for us.
"Above all, we must fight to conceal the secret of SDN. On the outside, people think Self-Defending Networks means technology that can defend itself against hackers and worms. We must keep them from learning the truththat it is called Self-Defending Networks because it uses lawyers to defend itself from bad publicity about known security holes."
Will SDN and its minions prevail? Will the researchers rally enough support among the IT masses to overcome the power of legalese? Will IT managers see through SDNs wily marketspeak?
Stay tunedsame network time, same network channel.
Labs Director Jim Rapoza can be reached at email@example.com
To read more Jim Rapoza, subscribe to eWEEK magazine.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.