Competing Standards (and Platforms): More Than One Way to Skin a Spammer
Network News Break: It's always tempting to fall into a horserace mentality when it comes to competing standards and platforms. Sometimes, though, not having a clear winner ensures a lot more winners. Also: Battle-hardened wireless mesh, the XP SP2 breakage list, SCO running out of steam, and the common blindspot of WLAN admins.
|Main||Elsewhere||The Week in CrossNodes||The Week in Network News|
We've been giving a lot of attention to Microsoft's recent Sender Policy Framework (SPF)/Sender ID for E-Mail proposals in the past few months, but that's not because SPF is the only spam-fighting tech in town: Just this week, Sendmail, Inc. announced benchmarking results from its trials of Yahoo's DomainKeys technology.
Unlike SPF, which involves a modification to the DNS records of a given domain, Yahoo's DomainKeys involves encrypted keys, which provide both a means of verifying the origin of a message and impose a minor computational "tax" on each message.
DomainKeys has some advantages over SPF: For one, Yahoo has handled the matter of open standards and intellectual property correctly, seeing to it that there's no legal cloud over developers who want to implement DomainKeys for their own projects. SPF, which was similarly open, suffered a setback in that regard when Microsoft decided to adopt it as part of its own Sender ID for E-Mail initiative, thanks to Microsoft's rather overbearing license. We discussed that in some detail several weeks ago.
Paul Vixie of the Internet Systems Consortium offered a bit of wisdom about the two standards:
"This is not a problem. In fact, this kind of 'ecodiversity' may be the best thing, considering that all such authentication systems will come under continuous attack by spammers and data miners of all kinds."
We're inclined to agree. His thoughts on the matter brought us around to another line of thinking.
We've spent the last several days looking back on the last few months of coverage and examining what readers are responding to. We try to provide an eclectic mix of platforms and technologies (and next week we'll be making it even more so) because we know we have a diverse community of readers. One thing we discovered was that you not only respond to content related to different platforms, but that you respond to stories about interoperability.
Driven largely by the success of Linux over the past several years, the Unix computing paradigm has seen something of a renaissance. At the same time, Microsoft has steadily improved Windows into more of an enterprise performer. And Apple has leveraged the success of the BSD development community to further promote Unix both as a desktop and server technology.
But as much as all these platforms are fiercely competitive, with their share of passionate backers and zealous defenders, they're all still competing, and all remain competitive for at least some portion of the enterprise space. And most enterprise IT workers seem to at least tacitly understand that we'll continue to live in a multiplatform world for the foreseeable future.
It's tempting to think in terms of horeseraces: one standard triumphing over another, one platform reaching near-total dominance. But there are advantages to stalemates sometimes. We'd spend less time hammering the need for Microsoft to give away its most crucial security updates if the desktop market hadn't reached a state of near-total monoculture.
So it goes with DomainKeys and SPF: We need a flexible, dynamic net of anti-spam technologies that make it harder and harder on spammers and phishers. So it will go with CrossNodes: It's a multi-platform world, and we plan to keep reflecting that.
» If artillery and small arms fire are a concern in your company, you could probably do worse than to consider 3e Technologies International's 3e-527 mesh access point:
"What's key here for the unit in comparison to other 802.11-mesh products is distance (they claim to have managed a 7Mbps connection as far as 16 miles with line of sight) and security. The box supports full 802.11i, and is up for certification with the Wi-Fi Alliance's version of the same, called WPA2. It also is FIPS 140-2 certified, as required by many federal agencies, and uses cryptographic modules to deliver the encryption needed by the likes of the Department of Defense. All encryption is done at Layer 2.
Each box is ruggedized to survive outdoor environments, and includes a full 8-port wired switch, plus a ninth encrypted Ethernet port which Gilroy says was requested by the military."
» Microsoft has released a list of software that XP SP2 will break thanks to enhanced firewalling and other security measures:
The list includes Microsoft's own Visual Studio .NET and SQL products, as well as anti-virus software from Symantec, the ColdFusion MX Server from Macromedia and security products from Computer Associates and McAfee.
» Most people in enterprise IT are at least vaguely aware of the SCO vs. IBM lawsuit, mainly because SCO has, at various points, threatened to sue anyone using Linux for the cost of a license SCO says its legally entitled to issue. It appears for now, though, that most enterprise observers are feeling less and less uncertain about the case, and less and less worried that SCO can back up any litigation threats it makes. Bad news for SCO, which desperately needs potential licensees to believe its threats are credible, especially since the matter won't really be settled in any court for some time to come.
» eSecurityPlanet has an interview with the authors of the book Wi-Foo: The Secrets of Wireless Hacking. Money quote:
Q: What is going wrong? Why don't administrators understand wireless security basics?
A: There is a common flaw. It's a mindset flaw. They say, ''We don't have any valuable data flashing through our network.'' Our data is boring. Why would someone want to hack into it? This is a wrong perception. One of the first reasons people would want to do that is to hide their tracks... They could be sending spam or downloading pirated software or pornography or attacking a bank or a government network, and if an attacker is within 10 or 15 miles of your wireless network with an antennae, they can use your network to do that.
You've got a dozen ways to get into your headless Linux server over the network, so what do you do when the network card fails? Put down the monitor and grab a laptop: The serial console's your personal portal.
If you've been watching Wi-Fi security standards come and go, you know the move to secure wireless networking has been a slow and confusing crawl. Here's how to make sense of where we're at, and what the newly ratified 802.11i does for your WLAN.
Network News Break is CrossNodes' weekly summary of networking news and opinion. Please send your comments and suggestions to the editor.