Wednesday, September 24, 2003
Cloudshield -- Scary at Layers Two through Eight
Cloudshield is a packet analyzer that can look at the contents of packets at line speeds apparently up to OC-48 -- and maybe faster if we look behind the black curtain. From Cloudshield's website:
Worse, Cloudshield is FUDding with the tired pseudo-spectre of Internet collapse.
Even more egregiously, Cloudshield is trying to implement security in the wrong place. If "good guys" could know the packet contents of every packet on the network, what would they use this knowledge for? They still won't be able to distinguish an innocent "Let's take the 7AM flight tomorrow," from a guilty one. And they won't detect the criminal actions of Kenny Boy Lay or Gary "Global Double Crossing" Winnick. Or find Weapons of Mass Destruction where there aren't any. But they *will* be able to tell audio files from text files, and then they'll be able to differentially block, or charge different rates for the two types of traffic. Will Cloudshield networks block unknown media types? If so, at what cost to innovation? Will certain keywords (or, more abstractly, certain ideas) trigger different kinds of actions on Cloudshield networks? If so, at what cost to our Rights to Free Speech, Privacy, Freedom of Religion, Freedom of the Press? Bad guys will find a work-around, but the rest of us might be sorely stifled. I don't see one word about the Bill of Rights on the Cloudshield web site.
"The Internet will choke under its own success if intelligence continues to be relegated only to the edge of the network. The notion that networks should remain 'dumb' and simply perform transport is outdated. Deploying certain application functions closer to the network core, instead of solely at the edge, relieves pressure on downstream access devices and applications, and allows the network to be more efficient, manageable, resilient and secure.I can get over the fact that Cloudshield is ignorantly trash-talking the Stupid Network.
. . .
"CloudShield develops innovative solutions for carriers, service providers, large enterprises and government organizations to reduce the cost of operating networks, improve efficiency, and provide more granular control over content. CloudShield's Packet Server and RAVE software development environment offer a platform for 'Cloud-based' network solutions that can inspect and manage packet contents (layer 2 through 7) at multi-gigabit network speeds."
Worse, Cloudshield is FUDding with the tired pseudo-spectre of Internet collapse.
Even more egregiously, Cloudshield is trying to implement security in the wrong place. If "good guys" could know the packet contents of every packet on the network, what would they use this knowledge for? They still won't be able to distinguish an innocent "Let's take the 7AM flight tomorrow," from a guilty one. And they won't detect the criminal actions of Kenny Boy Lay or Gary "Global Double Crossing" Winnick. Or find Weapons of Mass Destruction where there aren't any. But they *will* be able to tell audio files from text files, and then they'll be able to differentially block, or charge different rates for the two types of traffic. Will Cloudshield networks block unknown media types? If so, at what cost to innovation? Will certain keywords (or, more abstractly, certain ideas) trigger different kinds of actions on Cloudshield networks? If so, at what cost to our Rights to Free Speech, Privacy, Freedom of Religion, Freedom of the Press? Bad guys will find a work-around, but the rest of us might be sorely stifled. I don't see one word about the Bill of Rights on the Cloudshield web site.
Comments:
Post a Comment