[ISN] 1999 year of computer security - maybe

From: mea culpa (jerichoat_private)
Date: Sun Dec 20 1998 - 12:49:45 PST

  • Next message: mea culpa: "[ISN] Computers, Freedom + Privacy 1999 Conferance"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.981219221919.15318Xat_private>
    Forwarded From: Will Spencer <wspencerat_private>
    1999: The Year Of Computer Security -- Maybe
    Newsbytes; 12/15/98
     WASHINGTON, D.C., U.S.A., 1998 DEC 15 (Newsbytes) -- By William Jackson,
    Government Computer News. What was hot in 1998? Security products. What
    will be hot in 1999? Security policies. Spending on network security
    worldwide this year will likely jump 53 percent from last year to $1.85
    billion, according to DataQuest Inc. of San Jose, Calif. It is expected to
    grow to $2.98 billion next year and reach $5.18 billion by 2000. 
      Unfortunately, many managers have not progressed beyond the
    product-buying stage. In a survey this year of 1,600 information
    technology professionals by PricewaterhouseCoopers LLP, 73 percent
    reported security breaches during the past year, but fewer than one in
    five had a comprehensive security policy. 
      "Senior management has not said, `Let's face up,' " said Alan Paller,
    director of research for the Sans Institute Inc. in Bethesda, Md. "They
    say, `Let's buy tools.' " 
      No single product or technology will ensure security, said Peter H. 
    Goldman, federal sales manager for Secure Computing Corp. of Roseville,
    Minn.  Products require policies to be effective, he said. 
      But indications are that the products-rather-than-policy attitude is
    shifting. Secure Computing's professional services division has more work
    than it can handle, Goldman said. Growth in security services is limited
    only by the availability of qualified professionals, he said. 
      The need for new and improved security products is here to stay. New
    forms of attack drive the development of new products, said Ray Suarez,
    product marketing manager for Axent Technologies Inc. of Rockville, Md.,
    maker of the Raptor Firewall. 
      For instance, "in the last few years, there has been a real push for
    audio and video support," Suarez said. 
      And the newest release of Raptor guards against recently publicized
    vulnerabilities in Microsoft Outlook 98 and Outlook Express 4.x e-mail. 
      The increasing use of virtual private networks that allow remote network
    connections over the Internet and replace modem banks also is increasing
    the demand for perimeter defenses such as firewalls, Suarez said. 
      "We are confident that our products are secure," he said. "But
    unfortunately, technology can't solve all your problems." 
      Properly configuring hardware and software, and implementing and
    enforcing security policies are essential to making even the best products
    work, Suarez said. 
      But many federal agencies have been unwilling or unable to undertake the
    labor-intensive and sometimes costly step of setting up and enforcing
    security policies, Suarez said. 
      "They're not going to do anything until the risk becomes great enough, "
    he said. 
      For some, the risk increased with Solar Sunrise, the Defense
    Department's code name for February's well- publicized intrusion of the
    Pentagon's computer systems by a trio of teenage hackers. In testimony
    before the Senate Governmental Affairs Committee in June, Lt. Gen. Kenneth
    Minihan, director of the National Security Agency, called Solar Sunrise a
    classic example of an unstructured hack. 
      "The attackers used tools and techniques readily available on Internet
    hacker bulletin boards," Minihan said. "Although these attacks were
    moderately disruptive, the good news is that the vulnerabilities exploited
    are relatively easily fixed." 
      But no one had bothered to fix them before the attacks. 
      Minihan warned that the country is engaged in an information-age
    conflict that requires an active defense of critical information
    "Such a defense requires that we have the best possible intelligence on
    the capabilities and intentions of potential attackers," he said. 
      Much of that intelligence has been freely available for years. Secure
    Computing sponsors a road show in which hackers-turned-security-experts
    address federal audiences. The recurring observation is that the old
    attacks, such as those used in Solar Sunrise, still work because agencies
    are not closing the back-door systems gaps and loopholes they depend on. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:15 PDT