Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spaf's Crystal Ball: Network Security Predictions

Posted by ryuzaki0 on from the spaf-in-the-house dept.

remora writes "Eugene Spafford[?] (of CERIAS, and co-author of "Practical Unix Security") has written an article for Information Security Magazine with eight of his predictions for the coming years in network security. He touches on subjects such as "Spam will grow as a problem" (obviously), to the "Greater emphasis on international cooperation and communication. Some of the article is fairly predictable, but it is still interesting to hear from one of the more experienced security people out there."

7 of 93 comments (clear)

  1. Software Engineering by rovingeyes · · Score: 2, Interesting
    "Expect to see several established products fail or be withdrawn because they are too invasive, have unfriendly interfaces, or are found to be considerably less effective than claimed."

    1) Apparently this guy hasn't been using windows.
    2) He hasn't read the book "Mythical Man Month".

    As I see it this statement is not insightful but redundant.

  2. What the?! by Pat__ · · Score: 4, Interesting
    From the article... (emphasis mine)
    Other technologies about which we should exercise caution include VOIP, Bluetooth, open source, automated patching, RFIDs and biometrics.

    I always thought it was the other way around!
    As in we should exercise more caution about closed source systems no matter which one we are advocating !!
    Oh well! ... He is the security expert so I guess who am I to argue!
  3. Re:Interesting point... by wheany · · Score: 3, Interesting
    but at the same time, my dad (for instance) can feel comfortable with a product that he can understand.
    When you combine a personal firewall and an inexperienced user, one of two things will happen, judging from newsgroups:

    a) "My machine is completely invulnerable, I have a personal firewall!"
    b) The firewall says: "AIEEEEE!!! A dangerous hacking attempt is in progress", and the user panics, because someone pinged his machine.
  4. Re:Fads and Flash by Corporate+Troll · · Score: 2, Interesting
    We can Already intercept calls over GSM systems

    We can intercept them, yes. But can we do anything with the intercepted data? I don't think so because it is encyrpted -granted a small key- but that's good enough to kill off the amateur eavesdroppers. It's not like the analog crap of 10 years ago, that anyone with a scanner could listen to

  5. Re:Appliances? by Chanc_Gorkon · · Score: 5, Interesting

    Actually I kind of agree with him. I will tell ya why. Personally, when I am at home it's my time. I usually love unplugging for at least an hour if not the whole evening. Yeah I love technology and all, but why I want to is invariably, I always start to ask the question is it worth it when I start working on something. If it isn't, I push away and relaxe by watching a DVD. Now if I didn't have the hassle of normal day to day computer using, I would use it more. Case in point, my PDA is what I take with me on trips rather then a laptop. It works EVERYTIME and powers on in less then a second. People hate having to wait for the boot sequence and all of that. People want to work. Remember when the first home computers came out and they were real popular? Remember why? The reason it was was that they were instant on. No waiting for a disk to be read or any of that. On my Atari 800XL, when I wanted to write a paper for school, I would insert the cartridge for the word processor and turn it on. THAT'S IT! The software was available soon after (less then a second) I flipped the power switch. The only downside of the older ones was that saves took forever because you usually could not afford the disk drive so you were stuck with tape. My Atari 800XL cost LESS then the disk drive! We used a tape drive. There's no reason we can't have these type of computers and no reason to kill off the PC because of them. The PC could turn out to be a household server more then anything with everyone having a laptop style or pad style computer that could be used anywhere. When you were at home, the pad could periodically dump it's contents to the PC and when you leave you can make sure you have the files you really need with you. Appliance computers will happen eventually. Even us geeks will use them.

    --

    Gorkman

  6. predictions? hardly ... by AlCoHoLiC · · Score: 2, Interesting

    With utmost respect I can't see any predictions, he's just stating obvious facts and logical conclusions derived from the present state of things. I feel the hidden message in the whole prophecy: M$ sux, Linux sux, closed source UNICES rules. A few rants/unconstructive comments follow:

    1) Consumers will never be able to 'distinguish safe code from the typical dreck they're used to buying' just because there's no _SAFE_ code and they're not supposed to do so. They're _CONSUMERS_.

    2) Yes the sales of security products will grow, US goverment and media are working around the clock with their 'war on human rights'.

    3) I don't understand the point behind this rant.

    4) The spam _IS_ a problem already, but there're effective solutions. Smart ISP already offer SPAM filtering service.

    5) I hope he's not talking about US DOJ way of international cooperation when any human being living on earth is subject to US laws, which is also known as "All your ass belongs to us".

    6) When lawyers and insurance companies jump in, software prices will skyrocket and we're going to see even more stupid EULAs and laws. That's the way lawyers work.

    7) Oh, consumers _ALWAYS_ focus on wrong things, it's hardly any news. But, honestly who made him (or me) god to say: What you do is the wrong thing?

    8) Open source isn't technology it's more a philosophy, a way of thinking. Other mentioned technologies can be safe enough for average consumer or company when implemented properly. Even matches are dangerous technology in the fire-lighter's hands.

  7. One point where I disagree by djembe2k · · Score: 2, Interesting
    On the whole, this is a good essay that makes a lot of valid points. Some are just common sense, others show some real insight. But he says something that strikes me as just wrong:
    The market for add-on security (firewalls, intrusion detection, antivirus, monitoring, probing, etc.) will continue to grow, although we'll see considerable consolidation in the marketplace as the similarity of many tools becomes apparent. Sales of these items will be strong for years to come, despite the fact that the only real solutions require rearchitecting the underlying systems.
    It sounds like he is saying that intrusion detection, antivirus, firewalls, etc. are combinable, which is pretty questionable, and even more questionable, that they can be integrated into the "underlying systems". If I understand this correctly, he's talking about rolling all of this functionality into operating systems.

    The last thing I want is all my security tools prepackaged in my OS. Not all intrusion detection is the same. Not all firewalls are the same. I want to be able to pick the tools that make sense for the needs of my network. I want to be able to run some of my critical security services on separate dedicated boxes from critical network services. (Obviously the firewall, but other stuff too.) I want to create multiple layers of security distributed around my network. I don't want the OS of my production box to give away all the details of my security posture.

    We all know that admins out there fail to keep up patch levels at an enormous rate, let alone creating a well designed multi-layered security posture. Maybe rolling it all into one box would simplify the job of getting to a minimally secure configuration. But seriously, who doesn't believe that the black-hats wouldn't have a field day with this? He talks about real solutions, but the only real solution, now or 10 years from now, is hiring IT security experts to create and maintain a real comprehensive security solution.

    I don't disagree that "underlying systems" need to be "rearchitected" to meet basic security needs, if that means, for example, that MS needs a radically different approach to integrating security concerns into the OS development process. But that isn't a solution to the problems addressed by what he calls "add-on" security tools. That's a different problem, and an important one. But no matter how well designed my underlying OS, I'm still going to put it behind a firewall, I'm still going to run some sort of IDS, I'm still going to monitor the logs, and I want control over how I do those things.

    Or maybe I'm reading his relatively sketchy argument wrong, but I can't figure out a different way to take it.