Andrew Hay and Warren Verbanec, two of my former co-workers, along with Peter Giannoulis and Keli Hay have come together to make the Nokia Firewall, VPN, and IPSO Configuration Guide. These folks have put together a comprehensive tome covering all of Nokia's network security solutions, though the primary focus is on Nokia IPSO and Check Point VPN-1. I also played a small role in this book by writing the foreward for it, as well as helping both Andrew and Warren with various things over the years.

Of course, since the time this book was finished, but before it was printed and bound, and available on and other places, Nokia announced it was selling off the Security Appliance business. Even if the boxes have a different name on them, which must happen eventually as result of new ownership, they'll still be the same high-quality systems you've come to know and love from Nokia.

Several current and former Nokia colleagues are involved in a project called The Academy where a number of videos are posted related to configuring security appliactions. The website has been relaunched and it's shaping up to be a great resource for the security geeks out there. Now, where's some videos on Sourcefire, Peter? :)

The thing that has consumed my waking thoughts on Monday was the fact that Nokia has announced they are in the advanced stages of discussions with a financial investor to purchase this Security Appliance business from Nokia. Since this is the part of Nokia I work in, I am obviously a bit concerned by this.

All indications are that the Security Appliance part of Nokia's business will be spun out--intact--and made an independent company under new ownership. By itself, Nokia's Security Appliance business is fairly substantial. Not as big as Nokia's handset business, obviously, but it's still a reasonably sized business.

For customers, it should be business as usual. Operationally speaking, most of what makes up the Security Appliance business in Nokia is already fairly independent of the rest of Nokia. The relationships with Check Point, Sourcefire, and others will continue and likely strengthen. The only real change will be the name on the front door, though you will likely to continue to see the Nokia brand in use for a period of time while the marketing folks roll out the new branding.

I think it will be a positive thing for the business as a whole. I personally see a lot of opportunities in this new world order, both for myself and the business. That being said, I won't be part of Mother Nokia anymore, which I believe also has some interesting opportunities, but opens others. It's giving me a lot to think about.

In the evenings, I like to work downstairs on one of the kids computers. It's nice to sit somewhere else and work. Keeps the mind fresh, and it also allows me to experiment a bit.

One problem with doing this is the web filters, which I've set up to prevent "accidental" exposure to the naughtiness of the Internet. I'm using K9WebProtection, which is a free Windows-based filter that only filters access via the web browser. It does not filter other programs.

The problem is, I have the settings set fairly stringent. The default setting blocks access to Flickr, YouTube, Share on Ovi, and others. Things I tend to look at while I'm blogging. Whitelisting those sites is possible, but not happening. Having to type in my password every 15 minutes is just annoying.

I stumbled upon a solution this evening with some Googling. It completely and utterly bypasses K9WebProtection and could easily be done by someone without user privileges.

How did I do it? I'm not going to say. For obvious reasons. However, search the Oracle of Google and you'll find the answer. However, at least now I can do my work without disabling the Internet filter.

It's interesting to see Charlie Schick, one of my Nokia colleagues discuss--on the corporate blog no less--a subject that has gotten a lot of attention thanks how well the Nokia E71 was kept secret before it's launch. And like Charlie, I'm going to drag out some thoughts from Nokia's internal blogosphere--my own specifically. However, unlike Charlie, I don't work in marketing and, obviously, am not speaking for the company here.

I am not opposed to the policy of not discussing publicly announced products. I understand the reasoning. That being said, it's frustrating at times to not be able to participate in a particular conversation about something everyone knows about thanks to a product leak. I think pretending the leak didn't happen is simply silly, which is the corporate policy today.

When a product leak does occur--and let's face it, it's going to happen despite our best efforts--we need to have a communications plan in-place for dealing with it. Immediately, not when the product releases. Somewhere between the current "stonewall" policy and "spilling the beans." I'm not sure how realistic that is, but at least that way we might have some control over the messaging versus in the current regime where the blogosphere has already told all before anyone inside Nokia has had a chance to say word one.

Of course, even if every Nokia employee keeps their lips tight about upcoming products, the mobile phones themselves leak information. Whenever you visit a web site, or upload a picture to Share on Ovi or Flickr, the phone will leave bits of information indicating what kind of device it is as well as certain capabilities. For example, look at the number of photos on Ovi taken with the E71. All of the pictures here right now were taken with a pre-production E71. I can tell you from personal experience that pre-production units are somewhat different than production ones, both in terms of hardware and software. Using this sample to judge picture quality will give misleading results.

While this isn't the same as leaking a picture or sending a damned prototype to a reviewer, it's information none the less. It's the kind of information that shouldn't be out there--especially if we can't actually talk about an unreleased device. Our devices--at least in their pre-production form--should not inadvertently leak information about themselves.

I actually think there might be an interesting "security" feature here: relay as little about the end user device as possible with these service, or even provide the facility change it to something else entirely. I know this is possible to do. Why not make this a built-in feature, along with changing EXIF data and other identifying information?

I have more thoughts on this, but most of them are not well formed or not well suited for outside consumption. What do you think about product leaks and what should be done about them, if any?