Sorry, this page is no longer actively maintained
Security is a process not a state. My personal interest was network security. Just as there is no perfect network there are no secure networks. Networks expose systems to new risks whilst facilitating their greater usefulness. Perhaps the best to aim for is a network that, at least with the knowledge and skills we have today, provides sufficient security features and controls to support end system security to allow sufficient confidence that application security and, ultimately, information or data security can be maintained. Networks should exist to benefit system users. Networks may aid security by, for example, allowing end system monitoring and easing software updates. However, they also give easier access to end systems to crackers, viruses, worms, trojans, spyware and other malware. Network connectivity increases the complexity of systems and their software. Networks expose critical data to disclosure, loss or change. Even when we can, by some definitions, trust our users, vendors and suppliers they will make mistakes. A trusted computer or a trusted user or a trusted network, in computing terms is not one that we have reason to trust: it is one that we are trusting. We need to know how well-founded that trust is. This page lists some resources that can help with that but the resources need to be used carefully. When browsing any security resource an up-to-date patch state (operating system, browser, virus tools), an evaluated firewall and a secure anonymizing proxy are all tools to consider irrespective of whether the resources are, on the face of it, black hat or white hat. As always with security issues: don't talk to strangers and don't run untested software or software of doubtful origin on a machine that matters or that is on a network.
They have computers, and they may have other weapons of mass destruction
Janet Reno, US Attorney General, 2/27/98.
No comment :-) ?
Last modified $Date: 2006/07/12 11:31:40 $.