Encapsulating computing operations has been encouraged to maintain integrity by separating and hiding functionality for years. Meanwhile, personal computing technologies have intertwined our daily functions onto one computing platform. Banking, gambling, mailing, and other daily activities are all performed on one machine over a single line of communications.
Lately I've encountered several critical network infrastructures that haven't merged abstract functionality onto mainstream technology platforms. In the interest of redundancy, machines perform single or few functions, operated and managed by simplistic custom operating system platforms. Production is designed to continue functioning as long as there is a power source. Complex mainstream platforms like Windows and Linux are only used for analyzing data exported from production lines only. As a result, such environments have remained largely unaffected by security threats depending on mainstream software. Of course, any environments controlled or actively interacting with Windows, or other mainstream platforms, must be protected with production network protection initiatives.
More frequently, security education encourages the use of one computer exclusively for banking, and other machines for normal browsing, returning to the encapsulation idea of separating and hiding functionality from unrelated activities. Technology compartmentalization in networks can be expanded further beyond the network layer topology. Moving to a physical network encapsulation will greatly enhance security against malicious threats.
Administrators know that web servers, email servers, and databases should be separated onto their own dedicated hardware. However, they fail to move functionality into segmented locations. where the same threats are less likely to affect multiple functions. As network encapsulation increases, security solutions supporting network protocols such as CIFS and SMB, like Norman Network Protection, will be valuable as we reconsider ancient computer science architectures for integrity.
Add comment
If you find the content of this comment offensive, you can report it and our crew will have a look at it
Comments