You are here: Home / Cloud Computing / Computer Security: a change to the net assessment

Computer Security: a change to the net assessment

March 11, 2008 By

Sunray270 The threat to our computers and networks is very real.   Dozens of millions of malicious bots have been projected to be operating in PCs.  Hackers have penetrated sensitive, seemingly well protected corporate sites.  Denial of service attacks have been conducted against businesses and even countries.  And press reporting indicates even sensitive US government computers have been penetrated.  Leaders in allied countries have been quoted in the press saying their PCs have been compromised as well.

On top of this, if you look at projections of the future computing environment, our dependencies on technology and the threat of vulnerabilities only increases (see my posting on the future titled “Good and Evil in the Future of Cyberspace”).

So by any calculation, the assessment of our nation’s ability to succeed in cyberspace is in question.  The net assessment is not looking so good.

But there are some very optimistic things happening in Cyberspace, including a very powerful movement towards Cloud Computing.  And, with the right technological vision and leadership, we can make a significant change in the net assessment of that domain.

Let me give you an example that has me thinking very optimistically now.

I have a new computer on my desk.  It is a SunRay 270 built by Sun Microsystems.

Here are some of its features:

  • It is totally protected from bots, so no zombie programs are running on it, and they never will.
  • No data is stored in my new computer, so if I gave it to you or the nation’s greatest forensic lab (or even the forensic lab of a hostile intelligence service), my files would not be compromised.  The data is not in the device.
  • Although it might be theoretically possible for an unauthorized person to hack the backend of this system, there are so many protections in place that the odds are very very low that they would
    succeed.  The odds are very very high that malicious individuals would be detected during or after their unauthorized actions.  Bad people would actually have to hack from a totally different direction, not from the computer on my desk, but through hardened servers protected by
    more resources than I could ever bring to bear myself to protect my
    data.
  • The computer is connected to the net and is fully operational and delivers incredible functionality (I’m editing this post on it, for example).   Any web service/modern Web2.0 capability works on it.  Almost all old fashioned fat client applications work on it too.
  • The architecture that supports the computer on my desk gives me an incredible mobility advantage.  I can log onto similar systems around the world and securely have my desktop presented to me, with access to all my applications and data.
  • This computer has no moving parts.  So it should last a long long time before I need a new one.
  • It is very green.  It uses only a tiny bit of electricity.
  • New applications are immediately available.  And I’m not the one that has to install the new apps.
  • I have to admit, nothing made by humans can be perfect.  This computer is based on servers that run software that was created by humans and sometimes they will have to be patched.  The good news is that amateurs don’t get to touch those computers.  Professionals patch them and they
    patch them fast.

I’ve just scratched the surface on what this powerful thing can do.

So when will you get yours?  That all depends.  But if this computer proliferates like other dramatically transformational/disruptive technologies, we can expect its use to grow exponentially.  First the large enterprises will see its benefit and use there may double every couple years.  Many of these large enterprises will see value in putting these in their employee’s homes to empower their workforce securely.  And along with that we can soon expect commercial IT providers (cable companies? phone companies? ISPs?) to begin offering these capabilities as a service to all home users.  This may all seem to start slow, but I have no doubt the proliferation of these devices will follow a Kurzweilian curve.
When something doubles every couple years it always seems to start slow, but next thing you know your head is spinning at its rate of proliferation.

As for me, I can’t wait for this to be everywhere.  Every good person needs one.  You all deserve to have your information and resources protected from threats.

Filed Under: Cloud Computing, CTO, Cyber Security Tagged With: , , , , , , , , , , , , , , , , , , ,
About BobGourley

Bob Gourley is Crucial Point LLC’s founder and editor of CTOvision.com. Bob has received industry recognition including Infoworld top CTO award, AFCEA’s meritorious service award, and recognition as one of the top 100 “Tech Titans” in DC by Washingtonian magazine. He was named one of the “Top 25 Most Fascinating Communicators in Government IT.”

  • http://blog.devost.net MattD

    The return of the thin client!
    How are you testing this? Does Sun offer a hosted application server environment? I'd be curious to try it out at some point.

  • http://profile.typekey.com/ctovision/ Bob Gourley

    Matt,
    Who said I'm testing this? I'm really using it! But to your question, at this time I don't think that Sun offers a hosted application server environment for end users who just want to use the Sun Ray. They seem to be focusing on enterprises first.
    I'll give you a more detailed report when we connect next in the real world.
    Cheers,
    Bob

  • Art Peck

    Yes, cxonet. Contact brian.foley@sun.com for info and acct setup.

  • http://blog.devost.net MattD

    I look forward to more details.
    The CXOnet comment intended for me?

  • http://profile.typekey.com/ctovision/ Bob Gourley

    Matt,
    I think Art's comment was meant for both of us and hopefully other readers as well.
    Art,
    Thanks for the lead. I ran into Bill Vass of Sun Fed earlier today. He explained a bit more about the CXOnet. But it seems like something Sun is not widely promoting yet. I'm going to ask around and will also look for open info on the Sun site. If there is more that can be made available I'll point to it from here.
    Thanks again,
    Bob Gourley

  • http://www.cinbell.com/cbts Jeff Harvey

    Bob, We (Cincinnati Bell Technology Solutions)are hosting "Pure Play" Sun Ray for consumer, SMB, and enterprise from 5 tier 3 data centers. If you have the SRSS4 firmware_gui loaded on a Sun Ray VDC 2 model, point it to 216.195.86.145. Our Sun Ray demo service is in a DMZ, and will show both Kiosk Mode as well as smartcard redirection. If you insert your smartcard login with demo1 and demo-123 as the passwd. In Kiosk Mode we present a limited desktop with 4 key applications. This demo will also show MS interop to both XP and Terminal server running as guest VM's. We hope to have Sun's new product Virtual Desktop Broker as a scalable means of running XP to any client including Sun Ray very soon. I'd be interested in your feedback. Thanks.

  • http://profile.typekey.com/ctovision/ Bob Gourley

    Jeff,
    Thanks very much for that comment. The news of what you are doing makes me even more optimistic about the future of personal computing. Thanks. I'll check this out. Please keep me in the loop on how this is going.
    Bob Gourley

  • http://spaf.cerias.purdue.edu Gene Spafford

    Interesting.
    I was talking about the advantages of "thin clients" back around in the late 1990s. We've been using SunRay systems here at CERIAS since about 2002.
    Other advantages you left out include: centralized spam and virus scanning, simpler backup/restore strategies, better license management, better auditing, greater reliability (put RAID centrally rather than at only some clients, and more cheaply), better control over data (it is shared internally rather than shipped out to the endpoints) and more. As an added bonus, end-users cannot insert media that may introduce a virus or exfiltrate data.
    The reasons Sun hasn't had better sales of these have been two-fold: users aren't accustomed to not having a full system of Windows on the desktop, and the paradigm doesn't quite work with laptops.
    However, I'm still a big fan of thin-client systems for administrative and security reasons. Have been for a decade.

  • http://profile.typekey.com/ctovision/ Bob Gourley

    Dr. Spafford,
    Thanks much for the comments and info. I absolutely agree on the other points you highlight about thin clients.
    There might be a few other reasons that in the past limited the proliferation of these. But the way some enterprises are implementing them mitigates the first reason you mention. For example, at my last job we had a team of folks fielding a solution that presented Windows desktops through the thin client, one for each classification of info (secret, TS, etc). Most users generally appreciated that. The laptop issue is another key one. The way I personally deal with that is to use an iBook.
    Cheers and v/r,
    Bob

  • Bob Flores

    In the past, some fairly big iron was required in the back office (data center) to drive all thin client devices. And, windows-based (I know, I know) stuff had to be served up via some sort of terminal server. Has that changed with the new Sun Rays?

  • http://bobgourley.com Bob Gourley

    Bob,
    Thanks for the comment and question. A good thin client fielding does require a well thought out back end. What goes there has changed over the years, but largely because of the increased power of servers. There have also been a few changes to how the desktop is presented. Microsoft and Sun are partnering in this area much much closer now (no kidding!). So you really don't need Citrix to do this. But, you still need terminal servers to serve up the windows desktop.
    I don't know the current figures for how many users per terminal server, but it is in the tens of dozens of users per server, I believe, and scaling is easy.
    But, my SunRay at home is 100% Open Solaris and related Solaris apps plus web apps. I don't run a Microsoft free house, but with our Mac's plus this Sun Ray I am getting pretty close to it.
    Cheers and v/r,
    Bob
    Bob Gourley
    http://ctovision.com

  • Mike Spooner

    Re: Dr. Spafford's observation:
    In fact, it is possible to exfiltrate data via a SunRay, even if the server
    to which it is logically attached has
    been configured to disable SunRay plugin storage devices and serial ports
    (which is not the default, by the way):
    you can write a program to encode
    arbitrary data as an audio file (eg:
    mid-level encoded as Morse code) and
    play the audio file using standard Solaris/Linux/Windows utilities through
    the SunRay audio-out jack… where it can be captured by eg: a portable
    cassette audio recorder or (if you have
    to be hi-tech) a solid-state music player that has analogue audio-recording facility.
    So far, the SunRay server software has
    no way of disabling audio output…

  • Pingback: Social Engineering — Hacking by Asking | LaMont Price