|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Security expert: 'We are losing the battle'
From: InfoSec News (isn
C4I.ORG)
Date: Mon Apr 09 2001 - 22:26:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.zdnet.com/eweek/stories/general/0,11011,2705973,00.html
By Scot Petersen, eWEEK
April 9, 2001 3:23 PM ET
SAN FRANCISCO -- Cryptographer Bruce Schneier today reiterated his
managed security services gospel in a talk here on the opening day of
the RSA Security Conference. But if his message is really being heard,
there should be general panic among CIOs in corporate America.
"The future of Internet security is not very good," Schneier said.
"New methods are being invented, new tricks, and every year it gets
worse. We are not breaking even. We are losing the battle."
The reason not to panic, Schneier says, is that we have to accept the
poor state of security and work to mitigate the risk of attacks rather
than try to prevent attacks altogether -- an impossible task.
Schneier, and his firm Counterpane Internet Security Inc., have come a
long way since Schneier authored "Applied Cryptography" and created
the Blowfish algorithm. Only a few years ago, crypto was the No. 1
defense against hackers or other unwanted visitors; but as the
Internet has grown, cryptography has proven to be of little use
against break-ins or other forms of attacks such as denial of service.
And, Schneier said, things are not getting easier to defend.
What can be done
"Break-ins aren't even news anymore," Schneier said. "Now it's
business as usual. Most break-ins don't make the press, and most
companies don't know they have been attacked."
Technology, Schneier said, is not the enemy of security. It's only a
tool, one that hasn't been used very well -- or at all -- and that can
only serve as a preventative measure.
The answer, according to Schneier, is to combine frontline firewalls,
intrusion detection systems -- as well as cryptography and public-key
infrastructure where necessary -- with the watchful eye of a 24x7
monitoring team equipped to respond to the latest attacks. Static
technology is too easy an obstacle for skilled hackers to overcome.
"You have human beings attacking you," he said. "You need human beings
providing the security."
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]