Saturday, July 15, 2006

More Notes from TechnoSecurity 2006

I found anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r page of notes I took at Techno Security 2006. These were from Marcus Ranum's talk, and I listen to Marcus. He observed that small vendors tend to sell products designed for sophisticated users, because large companies tend to sell products for unsophisticated users. Which market is bigger? The unsophisticates vastly outnumber cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sophisticates. Therefore, start-ups usually chase a very small market and tend to be weak.

Marcus said "security ROI is dead" and "legislation has made security a cost." He predicted "we will be competing with legal for money (or working for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m) in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next five to ten years." To hammer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point Marcus cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n said "cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re never was a security ROI." Amen.

For a way forward, Marcus offered two paths. Path A sees multi-level security rising from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ashes. Marcus claimed this is not likely, although papers like The Path to Multi-Level Security in Red Hat Enterprise Linux (.pdf) might beg to differ.

Path B involves cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 death of general purpose computing. Everyone will own appliances, perhaps even disposable ones like cell phones. All data will be on a backend somewhere. It's a return to mainframe computing that reverses what Marcus called cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "Satanic bargain" of general purpose computing. What's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bargain that was made in order to rid cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world of mainframes? "Everyone becomes a system administrator." Clearly that has not worked. Marcus said "distributed data equals distributed vulnerability," and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 recent public laptop cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365fts make that clear.

Marcus told his audience to watch for a day when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can no longer buy software. Instead, people will rent and lease "capabilities," not applications. We're already doing this with anti-virus, intrusion detection and layer 7 firewalls, etc. What's next?

3 comments:

Anonymous said...

Just curious, which layer 7 firewall are you referring to here?

Richard Bejtlich said...

Hi Chris,

"Layer 7 firewall" = any so-called network-based "intrusion prevention system".

Anonymous said...

interesting idea. took me a minute but I guess I agree for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most part. boy I sure do miss Gauntlet.