title
brancg
adam_ev
oped resources forums contacts subscribe site_map home
 

forums


OpEd

All Mac Considered
Amen Corner
Apple Peel
Digital Canvas
Editorials
Ether Nectar
iMaculate
   Conception
Infinite Loop
Notes from Dis
Scientia et
   Macintosh
Skewed Mac
Treo of Life

Resources

Books
Contacts/Mission
Forums
Links
Reviews
Subscribe

RadTech

Applelust is looking to add writers to its staff. If you are interested or want to be part of the Applelust community, drop us a line with your resume or vita. We are always on the look out for good, very smart, and reliable people to join the staff. If you think you have what it takes, let us know.

- The Publisher
A Note from Dis
Akesnay Oilway

© 2-28-03 Pat St-Arnaud

Am I dreaming? I must be. Because otherwise, the world has become even stranger than I would have any right to expect.

For those of you just joining us from a trip to some deserted island - having spent the last year and a half in seclusion - things generally look bleak. The 9/11 terrorist attack that destroyed New-York's World Trade Center was only the culmination of years of death and mayhem around the planet. Well - it never hits you as hard as when it happens in your backyard.

Combine it with the fact that we are on the edge of war, and you will surely understand the efforts made everywhere to secure computers, and computer networks. After all, bubble burst or no bubble burst in the dot-com business, computers have become a critical part of the global economy.

So the IT security business is a growth sector, meaning, there is much money to be made by being in it. Just as everybody and his sister called themselves "designer" when the Desktop Publishing revolution happened (resulting in wonderful publications using on a single page the whole Adobe font catalog) or "Webmaster" when the Internet hit prime-time (resulting in some of the most atrocious, gadget-plagued web sites seen by human eyes) there are many "network security experts" out there peddling new, guaranteed, paradigm-shifting solutions to the uninformed. Their common motivation usually is purely financial.

I could sell you such as solution as well, cheap, if you want: The title of this article is "AKESNAY OILWAY." That's pig Latin for SNAKE OIL. A time-proven, 100% hack-proof encryption method used by our new security software TAP2003, guaranteed to make your network ABSOLUTELY secure. Just mail me a check.

Yeah. Right...

Take this example - an advertisement published in the IDG.net's (yes, the MacWorld Expo folks) Security Update newsletter on Friday, February 21:

"PROACTIVE NETWORK SECURITY -- FREE GUIDE FROM QUALYS, INC.
Your existing security products -- firewalls, anti-virus and IDS -- simply wait for trouble. Automated Vulnerability Assessment lets you PROACTIVELY ensure your networks are safe from sophisticated attacks and worms such as Code Red and Nimda. FREE Guide shows you how to ensure TOTAL SECURITY for your network. Get it now."

I don't know whether Qualys' product line is good or bad. I lack the qualifications to do a full analysis, so I will avoid judging them on that. What upsets me about the ad is the language they use:

First, their attempt at scaring me into buying their product because my "existing security products simply wait for trouble." Their software is proactive... What does it mean? Why should proactive be better than passive?

Second, and most importantly, their unsustainable and absolutely idiotic promise of "TOTAL SECURITY for your network."

That's what REALLY got me going: "TOTAL SECURITY."

That's the grail for any network and system administrator: A way to make your computers entirely secure from intrusion and unauthorized access. It would be nice if there were one such method or tool. It would be complete bliss. THERE ARE NONE.

Well, actually, there is one, and it's rather counterproductive: It's called ISOLATION

You read me right: The ONLY way to make your computer TOTALY SECURE is to place it in a Faraday cage (to avoid capture of electromagnetic emissions), with an independent power supply (because standard electric wires could be used to capture information as well), and at least a few feet from any networking cable and equipment. Rent the movie ENEMY OF THE STATE for a visual example.

The minute you decide to make concessions on the above terms, you start having some security issues to consider. There are risks involved. Some and rather small, some may be bigger, but there are risks involved nonetheless.

If you remember one thing from this article, let it be this: Computer and network security is solely and entirely about risk management.

The words are not mine. They summarize statements made time and time again by one of the best-informed expert in the field: Bruce Schneier, founder and CTO of Counterpane Security, and creator of the Blowfish and Twofish encryption methods.

You may want to read at least one of his papers called SECURITY IN THE REAL WORLD: HOW TO EVALUATE SECURITY.

Bruce has been trying to make this point for years - yet there are still those who would rather believe in the Grail and take the words of snake oil peddler.

"Ask any network administrator what he needs security for, and he'll describe the threats: Web site defacements, corruption and loss of data due to network penetrations, denial of service attacks, viruses, loss of good name and reputation. The list seems endless, and an endless slew of press articles prove that the threats are real.

"Most computer security is sold as a prophylactic: encryption prevents eavesdropping, firewalls prevent unauthorized network access, PKI prevents impersonations. To the world at large, this is a strange marketing strategy. A door lock is never sold with the slogan: "This lock prevents burglaries." But computer-security products are sold that way all the time.

"There exists no computer-security product--or even a suite of products--that acts as magical security dust, imbuing a network with the property of "secure." Security products are risk management tools, some more effective than others, that reduce the risk of financial loss due to network attacks. These tools should be deployed when the savings due to risk reduction are worth the investment in the tool. Otherwise, it is cheaper to accept or insure the risk than it is to deploy the tool."
- Bruce Schneier, CLOSING THE WINDOW OF EXPOSURE

I do not accuse QUALYS to be a snake oil peddle, don't get me wrong. I don't know if they are or not. But the words they chose to use in their ad is enough to turn me away completely without further research. I don't even want to read their free paper. When it looks like a duck, and quacks like a duck - and you hate ducks - You just keep away.

In general, willfully selling those trying to protect themselves solutions under false pretenses or exaggerated claims is almost as bad as being the attacker. Creating fear - when there is enough real causes for fear already present - is an old hard-sell ploy that I find just as despicable.

Sadly, a buyer's appropriate knowledge of the technology is the only existing way to prevent abuse, both overt and more subtle. Only some basic guidelines exists to help you make a decision and expose the most obvious misrepresentations. But since the weakest link affects the whole network, and every user on it, we are all duty-bound to learn and gather the information necessary to improve our judgement in this matter.

It may not always be easy - but it is critical. When promised either the Grail or the Brooklyn bridge, you should know right away what's coming next.

- Pat St-Arnaud

What do you think? Talk about it in our Forums...

 

  • MacBook Pro (5-17-06) Dr. Neale Monks. A subjective review of the MacBook Pro
  • Freeway 4 Pro (2-28-06) Dr. Neale Monks. Freeway Pro, the Quark-like web design program from Softpress, has been substantially revised and sports a bright new look. But do the changes go more than skin deep? Neale Monks finds out.
  • Astrostack (1-18-06) Dr. Neale Monks. Long respected as one best astronomical image processing applications about, in its newest incarnation AstroStack now runs on the Macintosh. Has the wait been worthwhile?
  • Virtual PC 7 (11-23-05) Dr. Neale Monks. Virtual PC 7 is the update to the venerable Windows emulator to be entirely all Microsoft’s own work. Can Mac users expect to see any dramatic changes?
  • Eudora Pro 6.2 (8-5-05) Dr. Neale Monks. Eudora has been one of the most popular e-mail clients for the Macintosh for more than a decade. Neale Monks finds out how it compares with the Mail application that comes with OS X
  • MacAstronomica (4-22-05) Dr. Neale Monks. How does this amateur naked eye astronomy software stack up?
  • iKey 2.0 (3-11-05) Jeremy Young. How well does this automation utility work? How much time will you save?
  • Wolfram Research Publicon (3-11-05) Jeff Terry Does this new scientific word processor live up to the potential?
  • Microsoft Office 2004, Part 3, Word (1-28-05) Dr. Neale Monks. Are there enough new features to necessitate a jump from v.X?
  • REALbasic 5.5 (12-03-04) Dr. Neale Monks. Neale takes a look at the latest version of this programming package.
  • Office 2004, Part 2, Excel and Entourage (11-05-04) Dr. Neale Monks. In the second part of his review of Office 2004, Neale Monks looks at Excel and Entourage.
  • Phone Valet 2.0 (11-05-04) Pat St-Arnaud. The best question to ask might be "Is there anything that you can't do with this telephone/Mac integration tool?"
  • TiPaint Touch-up Kit and iKlear iPod Cleaning Kit (10-29-04) Dr. Neale Monks. Is it possible to restore the shiny good looks of iPods and PowerBooks even after years of use? Neale Monks looks at two cleaning products designed especially for Apple hardware.
  • Microsoft Office 2004, Part 1, PowerPoint (10-15-04) Dr. Neale Monks. In the first part of his review of Office 2004, Neale Monks looks at PowerPoint, for many people still the benchmark for presentation software.
  • ScrapX (9-17-04) Dr. Neale Monks. Aqueous Software's ScrapX brings the Scrapbook to OS X
  • CDFinder (8-20-04) Dr. Neale Monks. Finding what you want from among a stack of similar looking CDs can be a hassle, but help is at hand. Neale Monks looks at CDFinder, a budget-priced but powerful cataloguing tool.
  • Endnote 7 (8-13-04) Dr. Markus Geisen. EndNote 7 is a literature database that seamlessly interacts with your word processor. Is the latest version worth the upgrade?

 


forums_speak
home

©2000-2001 Applelust.com. All rights reserved. No part of this publication may be reproduced in any way without prior, expressed permission from the Publisher. It is the sole property of Applelust.com and its writers, who retain copyright to their own works. If you wish to link to us, please see our Privacy Statement for conditions. Apple, Macintosh, and Mac are trademarks of Apple Computer, Inc, with whom we are in no way affiliated or endorsed.

Hosting provided by itsamac.com -- Macintosh Powered Web Hosting

Serve Different

dreamy