Information Security News mailing list archives
Another brick in the wall: Fighting a losing battle on the front lines of security
From: InfoSec News <isn () C4I ORG>
Date: Thu, 20 Jul 2000 04:30:02 -0500
http://www-4.ibm.com/software/developer/library/su-wall.html [Excellent article well worth handing out around the office, I'm planning to include this for a class I'm teaching next week! -WK] by: Brian Martin DSIC Security Group July 2000 You sacrifice convenience for security and security for convenience. For which goal was your computer network built? Security? Oops! In the realm of human endeavor, there is usually a simple logic applied to the process of building things. This logic is seen in the way houses, computers, a even cans of mandarin oranges are built. We do not near completion of the production of these items only to attempt to squeeze in some vital element that was meant to be first. Foundations are not built after finishing the roof, processors are not seated after the case has been secured, and oranges are not added after the can has been sealed. Yet, when security is considered, this simple application of logic seemingly fails on a majority of computer networks. We must identify one caveat when addressing this issue. Most computer networks (especially the Internet) were first designed with an open philosophy -- one of sharing information freely with anyone who needed it. Security was the little known hobby of a few geeks who enjoyed the cat and mouse game of "hacking" and securing machines. It's hard to pin down exactly when security became the big push in corporate America, but I think it safe to say it publicly surfaced in the last three or four years. Just as the Internet had been, five- and ten-year-old corporate networks, when new, were built for connectivity and convenience. As a general rule, you sacrifice convenience for security and security for convenience. The more unrestricted the access you enjoy, the less security is present on the network. Networks built from the ground up with all aspects in mind, especially security, enjoy a stronger foundation. A losing battle The real suffering surrounding network security can be found in the system administrator population, which is now playing catch-up. For years, the cries from above were for functionality. Integrate this, introduce this new technology, give us the ability to read sensitive corporate mail from our personal American Online (AOL) accounts. Management worldwide didn't care how things were done or what changes had to be made, they just wanted everything to be easy! With the media and fledgling security companies preaching about the benefits of and need for good security, administrators are scrambling. Armed with a new corporate directive, administrators must weed through hundreds of self-proclaimed experts and thousands of inadequate Web sites to find pieces of the security puzzle. Missing the overall philosophy of security, they often become consumed with nit-picky details and technical countermeasures that are not always appropriate for their network. Network administrators today are simply fighting a losing battle, plugging each springing hole in their dam. The advice everyone asks for Between security consulting by day, and running a nonprofit security-oriented Web site at night, I get asked a lot of questions. The second most-asked question (after "How do I hack?" which is ignored) comes from system administrators all over, who ask: "How do I secure my system?" [...] ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Another brick in the wall: Fighting a losing battle on the front lines of security InfoSec News (Jul 20)