RE: Next Generation Security Architecture

[Nigel Willson <NWillson () tbg com>]

Not just Microsoft, it is a general problem with the quality
of software and innovation, especially when the codeset on a
PC is updated on a continual basis nowadays and executes
dynamic applets/controls from an un-trusted network.

A *huge* problem facing enterprises is the extension of their
security perimeter into employees homes and the need to use 
secure remote access and "personal" firewalls to protect access
and data. Many home PC's are employee-owned and used both for
business and personal use -- a recipe for compromise.

A PC really needs an integrated combination of "personal"
firewall together with anti-virus/trojan with integrity
checking (verify code checksum before execution and auth./trust
by Firewall -- Tripwire variant?) -- so that there is some 
concept of a trusted computing base (TCB). 

Everything needs an identity, a signature, to be authenticated,
authorized and, logged in both directions.

Today, it is tough enough to manage application versions and
ensure that code is up-to-date in its ability to provide its
functionality without error or vulnerability. However, millions
of lines of code equate to hundreds of potential bugs, equate
to too many security vulnerabilities.

Nige.

Senior Consultant
iSecurity Consulting Program
The Burton Group   http://www.tbg.com


> -----Original Message-----
> From: Darren Reed [mailto:darrenr () reed wattle id au]
> Sent: Saturday, February 17, 2001 9:22 AM
> To: NWillson () tbg com
> Cc: lance () spitzner net; mjr () nfr com; firewall-wizards () nfr net
> Subject: Re: [fw-wiz] Next Generation Security Architecture
>
>
> In some email I received from Nigel Willson, sie wrote:
> [...]
> > Enterprises do need help, however, to dig out from what
> > they have today and to develop an architecture, in a 2-3
> > year plan that sets the direction, consolidates, integrates,
> > and in a migration strategy, begins to improve the complex
> > and fragmented reality of today. Or we can give up?
>
> > I wouldn't buy this one from vendor, it has to be a set of
> > open, integrated, and interoperable best-of-breed solutions
> > -- the distributed mainframe.
>
> I'm working on a project where we're *attempting* to do this.
>
> You want to know what the biggest threat/problem is?  Microsoft.
>
> Not everything can be done with COTS software but it will get you
> far enough that what you end up writing you would probably want to
> anyway.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards