Sexy Jihad

Sexy Jihad header image 2
Funny Iraqi War Cartoon Play Monopoly For Real

Interview With Marcus Ranum

June 22nd, 2005 · No Comments

Marcus Ranum

Securityfocus has an interesting interview with Marcus Ranum (he’s done many things, including inventing the proxy server). An excerpt:

It’s not a technology problem, it’s a management problem. There are plenty of tools that can be used to control inter-host trust, but they are generally not used because they’re “too hard” or “inconvenient” or whatever. For example, the big Cisco switches all have the ability to process ACLs at high speed. Isolating and filtering each host is very possible and would be very effective using existing technology.

Let’s imagine a simple scenario: suppose I have a subnet consisting of 150 hosts that all access a local departmental server with file serviceand print service, etc. Further, let’s imagine that the hosts on that subnet need Internet browsing access and access to an enterprise Email server (IMAP + SMTP) that sits someplace else on my corporate LAN. And, perhaps, some of my users need access to the mainframe for SQL, while others don’t. So, I could put ACLs in the switch to, “allow all/all to the local subnet server,” “allow IMAP, SMTP to the off-network mail server,” “allow all, port 80, to the web caching proxy off-network,” “allow {list} SQL to the mainframe,” “default: deny all.” That’s not very hard, is it? Does Bob’s workstation need to talk directly to Jane’s? No? Then don’t allow it.

And a network like that is going to be extremely resistant to worms or active penetration. Of course nobody does that kind of thing: they just plug it all together, make it work, and then ignore it and hope it doesn’t get hacked.

In order to build really secure systems you need to understand the trust relationships between your systems and then build your systems to enhance and support your mission based on those trust relationships. But that’s hard work that very few people have the courage and patience to undertake. So instead, they want to just throw technology at the problem - which won’t work - because there is no amount of technology that can effectively build your trust relationships for you if you don’t understand them yourself.

While I agree with a lot of the stuff he says (especially that most security/IT managers have shit for brains when it comes to security), I don’t agree with him when he says that Hackers are to blame for the state that security is in today.

If anything hackers should be applauded, without them there would be no OpenBSD, no SSH, no NMAP, no netcat and buffer overflow techniques would only be known by criminals.

All in all though, an interesting interview.

Gary McKinnon Interviewed

Interview With Hayao Miyazaki

Interview With Mke Lynn

Duchovny says yes to new X Files movie

Kevin Mitnick Interview


Tags: Security · Internet

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment