RE: Castles and Security (fwd)

[Frank Knobbe <FKnobbe () KnobbeITS com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's late and I just flew through a pile of email, but I wanted to
toss in a few thoughts anyway.

I think the caste model is flawed. Back then (well, or with castles
today), they exist in the physical world. If you kill your attacker,
he's dead (Never mind an army of attackers). In the information world
we don't have hackers crawling through wires, instead their thoughts
in form of intellectual property (hack tools) and intentions
(computer directives). If you kill them (speak, kill the packets),
your attacker does not die. In addition, he could spawn a million (as
in DoS). Now imagine an army of attackers.... shudder.... If ONE
script kiddie can deface a page, if ONE hacker can penetrate into a
network, imagine what an ARMY of them could do. I don't even want to
think about it.

I think the model of fighting attackers by defending the castle is
not close to the reality anymore. It's more like an (immune) defense
system trying to fight off an attack of viruses (how fitting that
word is). In other words, hackers are not like knights (white or
black), but rather like a disease, like cancer, spreading fast and
furious. Kill a million here, and two million will pop back up
again...

In regards to the arms, you again are dealing in a virtual world. In
the physical world the terrorists trade/acquire guns and assault
rifles. The good guys can actually do something about that (i.e.
inspecting cargo). In the virtual world your cargo can a) be
duplicated ad infinitum, b) (re-)transmitted forever, and
successfully cloaked (using encryption). So all the (few) barriers of
the real world are gone. Image to be able to just copy an assault
rifle and email that to someone. Why not carbon copy a few friends on
it while your at it. In the information world, your arms are the
tools for the exploits. Try getting that under control.

I don't want to sound like a pessimist, but I think we (humans) have
yet to fully comprehend what a Pandora's box we have opened with the
virtual world. All known laws cease to exist and chaos is just around
the corner.

So how to stay ahead of the game? My guess is we (good guys) won't.
We'll always run behind or beside the bad guys, but I doubt we can
jump ahead of them. Anyhow, running in a constant head-on-head race
we'll advance together into other uncharted territories of
cyberspace...


Regards,
Frank



-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOlQIR5ytSsEygtEFEQIPmwCfawtN2xkc4Lx25D7VcqkyVXbJso4AnjoP
sZye2L0niVrEJi+Vl8vxJTSv
=lN7I
-----END PGP SIGNATURE-----

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards