Security, Middleware, Appliances
RSalz 2700011QK0 423 Visits
Part of the appeal of appliances is that you know what's running on the hardware. You can't do this on a modern general-purpose operating system. I can go to my Linux workstation and type "ps" and there are things running that are completely mystifying to me. Does my desktop machine really need automated power management? Similarly, I can open my laptop and fire of the task manager, and be completely lost the minute I move from the applications to the processes tab. All I know how to do is click on the CPU column, and if my browser is making the system sluggish, I'll kill it.
On an appliance, I can do a ps -- if such a command existed, which it shouldn't -- and understand and explain everything. Further, I can walk through the filesystem and describe the justification for the existence of every single file. And if I can't do it, the appliance development team certainly can.
When an appliance leaves the factory, it should have only what's needed to perform its task. The supporting infrastructure of a general-purpose computer should be removed as much as possible. Or rather, start with the kernel and add items as you find you need them. The /etc/passwd file, and in fact almost all of /etc? Remove it. The /bin directory? Why? A shell? Your appliance should include some kind of command line, and be complete for problem determination, so get rid of bash, sh, ash, etc. Busybox? Only as a way to package many utilities in a small unit. If needed.
The less stuff you have, the smaller your attack surface: the fewer places folks can sneak in and get you. The fewer moving parts in the appliance, the more reliable it will be. Within reason, of course. If the problem-determination tools are completely integrated into the data-processing capabilities, then you'll get lots of "box becomes completely not responsive, and I can't log in" complaints. And you can take my word on that. :)
RSalz 2700011QK0 415 Visits
IT appliances can bring a lot to the table in terms of security -- more so that general servers, and especially more so than clouds. A major reason for this is their form factor, the physical configuration of the product. Appliances also benefit because they are not used for general-purpose computing; they're built, sold, and used for a specific set of tasks. (Or to use the IBM term, I guess I should call it workload.)
First, an appliance can be a sealed box with a tamper-indicating switch. If the case is opened, we can refuse to boot. In some circumstances we must just log an audit or diagnostic message. Making the appliance not boot is not a decision to take lightly -- it means that there are really no customer-serviceable parts inside. But if you can do that, you can also add extra features like special non-standard screws, and tamper-evident tape that breaks the seal if the case is opened.
An appliance generally needs some kind of storage to hold the firmware and configuration data. Even if someone opens the box, you went that storage to be somewhat protected. On most motherboards, there is EPROM space for the vendor to use, and you can put some key material there. Make that key be per-device -- this requires some coordination, if not outright ownership, of your manufacturing and fulfillment process. If someone rips the lid off and steals the drive, it will take some time to brute-force the key, and even then only that one, intruded, no-longer-booting, appliance will be compromised.
On some platforms, a TPM (Trusted Platform Module) may be available. This is a small piece of hardware that can verify a digest of various parts of your system -- the boot block, the BIOS, and so on -- and only release a blob (typically a key) if all the parts verify. TPM can be used for DRM (digital-rights management), such as ensuring that only an "authorized" player will display the DVD you bought; I dislike that. But when used in an appliance, to ensure that only the authentic software is running on the product, a TPM can make a lot of sense.
A joke thread from an alumni mailing list I'm on. Here's the two best:
A single cryptographer bring a date up to an apartment.
Date: Do you live here?
A: No, it's a one-time pad.
I also know a really great networking joke, but i'ts about UDP so I don't know if you'll get it.
And in the Usenet tradition, feel free to add your own appendages.
Maybe there's a problem with my delivery?