Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 07/07/08 issue

Ed Amoroso | The big picture of network security

The chief security officer at AT&T discusses a new approach to network security services

By Joab Jackson

Many engineers believe the Internet thrives because of its lack of intelligence. It makes no assumptions about the traffic it carries — which makes it easy for outside parties to connect to this network of networks — and it allows others to develop unique software to handle any problems that occur.

But with security as an ever-growing concern, perhaps we should reconsider the idea of a network connection as just a dumb pipe.

Ed Amoroso, chief security officer at AT&T, discusses a new approach to network security services.
GCN: Why add intelligence to the network?
ED AMOROSO: In the mid- 1990s, we watched business networking gradually move…onto the public Internet. Every business, every federal agency had a connection to the Internet. It wasn’t terribly mission-critical in those days. This is when the firewall was introduced. You had your enterprise network. People had a pretty good grasp of their largely private-line infrastructure. They had their set of carriers that they dealt with. And they had an Internet connection with a firewall. It felt very manageable. There wasn’t a great deal of complexity.

But over time, two things have happened: One is that the one Internet connection became thousands and thousands of connections. And second, that firewall has expanded to include intrusion-detection and -prevention systems, antivirus and anti-spam measures, [Web page] filtering, and threat management policies. Where is this all going?

We think the big mess that sits at every Internet gateway can be virtualized. When I say virtualized, I mean it can be pushed out onto the network.

In the late 1990s, the idea [of dumb networks] was made very popular by writers like George Gilder in his book, “Telecosm.” Very influential book. He argued that telecommunications equals physics and that really all you need to do is roll out fiber and push all the work off to the edge. A lot of people did that. So you [have] a very dumbed-down infrastructure in many companies and a very intelligent edge.

More news on related topics: Communications / Networks, IT Security, IT Management