The vulnerabilities in home

By Peter Coffee  |  Posted 2004-06-14 Print this article Print

processes"> Bob, as part of the National Institutes of Health, youre in an environment where the independence of research is a real part of the culture. Do you find that users acceptance of configuration management and what you do with their systems has increased as the occurrence of various attacks and other vulnerabilities has become greater?

Rosen: A little bit. There are still a lot of people who cant stand it and dont want it and wont have it. But when they get personally hit, that seems to make all the difference in the world. When, all of a sudden, theyre inconvenienced or their work is shut down or lost or whatever, they become much more amenable to having us keep their systems up-to-date.

Gunnerson: Were seeing conversions one Trojan at a time.

Do you find that your need to do basic end-user training and support is on the decline at all as more people start to come into the work force having worked with technology since they were high-school age or even younger?

Gunnerson: I would say yes. Standard applications are known well enough that people can do their jobs. But what were seeing is that, as threats arise, there needs to be education about the vulnerabilities in home processes, especially if you have a VPN. People are having a problem with their kids getting adware all over their systems, for example, and they want to know how to fix it. Those are the kinds of things we try to deal with proactively.

Thats been something that all of you have focused on, right? People working from home or other remote environments and needing to be sure the remote nodes are configured as well as office systems are?

Calabrese: Yes. Weve put a Bose-owned asset in their home—a Bose-owned laptop or a Bose-owned desktop— and the access rights and permissions and the security levels and such are all preset on those machines. Theres no deviation.

eWEEK Labs tests of four SSL-based VPNs showed the technology is a sensible alternative to IPSec for securing remote access to enterprise resources and data. Click here to read the reviews. And those are the only devices allowed to connect, even through a VPN?

Calabrese: Yes. Now, there are some challenges, again because of the education of the users. People understand, "Gee, I can connect this to my home network, and I can take advantage of resources on my home network. I know I can, so why are you preventing me?" We have to address those issues. We have to address why you cant load the software that the hotel gives you in order to connect to the hotels broadband network, or why you shouldnt add the software that your DSL provider gives you but that you should go out and buy a router.

We have a policy, and we adhere to the policy. Im not necessarily saying its the best policy. It certainly is not cost-effective to outfit everyone who needs access to the corporation with a corporate-owned asset. It either means a more expensive laptop device, or it means two PCs and two licenses for everything. It would be far more convenient if we could leverage this ubiquitous computing thing and allow many of the things that we dont by policy—like access from handhelds, like access from Starbucks. But, right now, our security model is such that those are just things that we cant absorb yet.

Next page: Outsourcing and open source.

Peter Coffee is Director of Platform Research at, where he serves as a liaison with the developer community to define the opportunity and clarify developersÔÇÖ technical requirements on the companyÔÇÖs evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter companyÔÇÖs first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel