End Node Problem
Encyclopedia
The End Node Problem arises when untrusted, individual computers temporarily become part of a trusted, well-managed network.
Within a vast computer network, the individual computers on the periphery of the network and those that often attach transiently to one or more clouds are called end nodes. Most often these are a user's office desktop that browses the Internet, a corporate laptop connecting at a coffee shop to an open Wi-Fi
access point, or a personal home computer used to telecommute. Such end nodes often are not managed to the network's high standards. They are often computers with poor security (e.g. no anti-virus or firewalls, unpatched software, etc.), questionable additional applications and content, and covertly exploited features. These nodes may ferry malware from one network (e.g. a corrupted webpage or an infected email message) into another, sensitive network. Likewise, the end nodes may exfiltrate sensitive data. The end node users may be corrupt. Other nodes may impersonate trusted computers. Collectively, these risks are called the end node problem. There are several remedies but all require instilling trust in the end node.
may be characterized as a vast, seemingly endless, array of processing and storage that one can rent from his or her computer. Recent media attention has focused on the security within and of the cloud. Many believe the real risk does not lie within a well monitored, 24-7-365 managed , full redundancy cloud host but in the many questionable computers that access the cloud.
Many companies issue laptops and only allow those specific computers to remotely connect. Some organizations use server-side tools to scan and/or validate the end node's harddrive. The US Department of Defense only allows its remote computers to connect to its networks via VPN and two-factor authentication
and then from within connect to the Internet.
Another approach is to trust any hardware (corporate, government, personal, or public) but restrict access to a known kernel (computing)
and higher software being run and then require strong authentication
of the user. The DoD
’s Software Protection Initiative offers Lightweight Portable Security
, a LiveCD that boots only in RAM creating a pristine, non-persistent, end node while using Common Access Card
software for authentication into DoD networks.
Within a vast computer network, the individual computers on the periphery of the network and those that often attach transiently to one or more clouds are called end nodes. Most often these are a user's office desktop that browses the Internet, a corporate laptop connecting at a coffee shop to an open Wi-Fi
Wi-Fi
Wi-Fi or Wifi, is a mechanism for wirelessly connecting electronic devices. A device enabled with Wi-Fi, such as a personal computer, video game console, smartphone, or digital audio player, can connect to the Internet via a wireless network access point. An access point has a range of about 20...
access point, or a personal home computer used to telecommute. Such end nodes often are not managed to the network's high standards. They are often computers with poor security (e.g. no anti-virus or firewalls, unpatched software, etc.), questionable additional applications and content, and covertly exploited features. These nodes may ferry malware from one network (e.g. a corrupted webpage or an infected email message) into another, sensitive network. Likewise, the end nodes may exfiltrate sensitive data. The end node users may be corrupt. Other nodes may impersonate trusted computers. Collectively, these risks are called the end node problem. There are several remedies but all require instilling trust in the end node.
The Cloud’s Weakest Link
Cloud computingCloud computing
Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility over a network ....
may be characterized as a vast, seemingly endless, array of processing and storage that one can rent from his or her computer. Recent media attention has focused on the security within and of the cloud. Many believe the real risk does not lie within a well monitored, 24-7-365 managed , full redundancy cloud host but in the many questionable computers that access the cloud.
Ever Growing Risk
From 2005-2009, the greatest and growing threats to personal and corporate data derived from exploits of users personal computers. Organzied cyber-criminals have found it more profitable to internally exploit the many weak personal and work computers than to attack through heavily perimeters.Mitigations
There are many ways to minimize the End Node Problem risk, for example, allowing only trusted remote computers to connect to the network.Many companies issue laptops and only allow those specific computers to remotely connect. Some organizations use server-side tools to scan and/or validate the end node's harddrive. The US Department of Defense only allows its remote computers to connect to its networks via VPN and two-factor authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
and then from within connect to the Internet.
Another approach is to trust any hardware (corporate, government, personal, or public) but restrict access to a known kernel (computing)
Kernel (computing)
In computing, the kernel is the main component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware level. The kernel's responsibilities include managing the system's resources...
and higher software being run and then require strong authentication
Strong authentication
Strong authentication is a notion with several unofficial definitions; is not standardized in the security literature.Often, strong authentication is associated with two-factor authentication or more generally multi-factor authentication...
of the user. The DoD
United States Department of Defense
The United States Department of Defense is the U.S...
’s Software Protection Initiative offers Lightweight Portable Security
Lightweight Portable Security
Lightweight Portable Security is a Linux LiveCD developed and publicly distributed by the United States Department of Defense’s Software Protection Initiative that is designed to serve as a Secure End Node. It can run on on almost any Intel-based computer . LPS boots only in RAM, creating a...
, a LiveCD that boots only in RAM creating a pristine, non-persistent, end node while using Common Access Card
Common Access Card
The Common Access Card is a United States Department of Defense smart card issued as standard identification for active-duty military personnel, reserve personnel, civilian employees, other non-DoD government employees, state employees of the National Guard, and eligible contractor personnel.The...
software for authentication into DoD networks.