Information Technology Reference
In-Depth Information
that creates inconveniences and performance downgrades. It is there because it's
mandated.
In the 1980's and 1990's, the security concerns brought upon by the network
connectivity forced us to became very good at building castles and moats. DEC
(Digital Equipment Corporation) was a relatively progressive company at that time
and its SERVNET effort at the end of 1980's served as a good example. The concept
of SERVNET was to connect all of DEC's customers together so that DEC could
deliver new paradigm of field services such as on-line service delivery (instead of a
man with a van), remote system patches and distributed preventive maintenance
remotely. Such thinking was innovative at that time and clearly had its business
advantages. So new business paradigm led to new IA requirements:
1.
Businesses were living within the castles and DEC saw a business opportunity by
connecting them together.
2.
Security implication was paramount and DEC was planning to deploy a large
number (multiples of hundreds) of VMS machines as gateways/firewalls for these
connections.
In reality, DEC could not possibly hire enough system administrators to man these
gateway machines 7x24. Nevertheless, the risk was high due to potential intrusions to
DEC as well as liability from possible intrusions amongst the customers.
Consequently, DEC's Artificial Intelligence Technology Center located in
Marlborough, Massachusetts developed a real-time expert system in Knowledge Craft
to analyze VMS syslog files as security monitoring. The code name was ESSENSE
(Expert System for SERVNET Security). ESSENSE led to one of world's earliest
host-based intrusion detection system (IDS) product in the early 1990's—
PLOYCENTER Security ID.
1.
New business paradigm led to new IA requirements.
2.
New IA requirements led to new IA technology development.
The beginning of IDS technology illustrated that the focus of IA then was to
protect the perimeters. This is often described as the French-bread model — crunchy
crust and soft inside. The focus of the protection is on the boundary. Thus, following
that strategy, we became very good at building tall, thick walls and deep moats for
these medieval castles. On top of that, in order to facilitate connection to the outside,
we also became very proficient in putting in draw-bridges and drilling holes on the
castle wall to accommodate various protocols. The assumption was such that if the
wall was thick and tall enough, the number of the holes was controlled and the
activities around the wall were well monitored, everything would be safe. It was not
until after year 2000, this castles-and-moats model started to fall apart. The evolution
has accelerated into a revolution, and the world is moving rapidly away from the
castles and the moats.
2 Fundamental Changes to the Sociological Computing Game
2.1 The Slippery Definition of “Computing”
21st century computing is that of a revolution, not an evolution.
