| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 |
||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||
 COLUMN
This tour of duty ends with fond memories and expectations for a secure future IT SEEMS LIKE yesterday that we decided to take up the challenge of writing a weekly column that propels security issues into the consciousness of IT. When we wrote our first column, in 1998, and declared security the next big IT crisis, little did we know how painfully right we were. After nearly three years and 125 columns, it is with sadness and immense optimism that we relinquish this space. But instead of getting mushy, let's look back at what started it all and offer up an image of hope for the future.
Think outside the box One underlying paradigm strikes us almost immediately as we browse through our archive: It is the power of thought. After covering dozens of cunning and creative information break-ins and technologies, we have become convinced of the power of the human mind to surmount any obstacle. And by far the most successful (albeit hackneyed) manifestation of this power is the act of "thinking outside the box." This relatively simple phrase encapsulates the overwhelming strength of the human mind. You must think like the bad guys to defend against them. This is the premise of our book, Hacking Exposed, which was born from our efforts in Security Watch. The idea of attacking a system to secure it, still considered heresy in some circles, is a way of casting aside the limitations of the status quo and striking at the heart of the security challenge: how to build a complex application that deals gracefully with all manner of input thrust from the Darwinian soup of the Internet. Old-fashioned security controls such as firewalls and intrusion-detection systems aren't enough anymore: One must embrace the methods and mind-set of the enemy. To understand the tricks and techniques of attackers is to understand their mind-set, and consequently their motivation. The predators that exist today are much like Star Trek's Borg, preying on and devouring the weak in their drive for complete assimilation. As a wise Star Trek character said, "To become a thing is to know a thing. To assume its form ... is to begin to understand its existence." Picard understood what it took to destroy the Borg because at one time he was a part of the Borg. They assimilated his body, but he broke free and became the definitive expert at combating them. Our purpose in presenting security information in this raw and uncut manner has had a singular goal: to educate. Our methods may not have been traditional, but our results have been phenomenal. You'd understand if you could see the lightbulbs going off over the heads of CTOs when they give us the chance to demonstrate (live) their insecurity. Barriers to security magically begin to disappear, and security becomes a priority. In spite of some naysayers, our educational tactics work. Picard said it best in the final episode: "[You must] believe that I am doing this for a greater purpose, and that what is at stake here is more than any of you can possibly imagine. ... So I am asking you for a leap of faith, and to trust me." Full disclosure of vulnerabilities and securing your systems by breaking into them, with all their warts, blemishes, and boils, remain the quintessential means of securing your computer systems. Despite the possibility for abuse, the needs of the many outweigh the needs of the few. You may not have agreed with our tactics of education and throwing open the drapes of the darkened world of security, but we hope you have come to understand their value. As Q stated in the final Star Trek episode: "We wanted to see if you had the ability to expand your mind and your horizons ... and for one brief moment you did. ... For that one fraction of a second, you were open to options you had never considered. That is the exploration that awaits you." It has been an honor and a privilege to share the journey with you and chronicle its memoirs in this space. For those readers who wish to keep up with our future work, keep an eye out for us at Foundstone (www.foundstone.com), Hacking Exposed (www.hackingexposed.com), and Microsoft's TechNet (www.microsoft.com/security). You can reach us at stuart.mcclure@foundstone.com and joel.scambray@foundstone.com. Stuart Mcclure is president and CTO and Joel Scambray is managing principal at security consultancy Foundstone ( www.foundstone.com ). Next week you'll meet our new Security Watch author, InfoWorld Test Center Senior Analyst P.J. Connolly. P.J. has built, maintained, and secured numerous networks in his multifaceted IT career.  RELATED SUBJECTS  SecurityMORE > SPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
