5/23/05

The Same Old Drum Beat

A few week's ago at Interop, Marcus Ranum penned (okay, he 'keyed?') an editorial, "What is 'Deep Inspection?'" Well-written, of course, and more detailed than anything I've recently written, of course. I commend it to your reading.

In March 2004, in less detail, I wrote about the subject of forgetting history in our discipline, under the title Security Redux. In it I discussed the security of firewalls coming back, but never quite getting all the way back, to the things that Marcus and others taught in the early 1990s. In September 2003, I wrote an Information Security Magazine column, Debunking the Firewall Hype.

My question is... why are we still writing about this? Why is Marcus? Or, better yet, why don't we get it? He writes, "Customers need to understand their objectives and requirements, so they can best select technology that facilitates their mission." Absolutely true. But, that could have been written in the late 1980s. Heck, it probably was -- by Marcus.

Then this afternoon I got some spam sent through my Information Security Magazine mailbox (I guess I keep it in case they ever want me back :-)). It was an invitation from a PR firm to interview the president of one of their client companies. According to this email, he is a "'White Knight' professional hacker. A world-recognized expert in security issues..." I'd never heard of him, but I've only been doing this for 20 years. "The Hook" to the proposed interview -- "Security is an ongoing process, NOT just a product."

Well, stop the presses!

And another new and revolutionary idea: "Continued awareness and prevention is the mantra that is being evangelized by" the White Knight guy. They go on to say, in this enticement to call him for an interview, "The Facts: Companies and individuals are too passive, even complacent, when it comes to safeguarding their networks and PCs." Brilliant, eh? They invite me to speak to him "to gain a 360 degree perspective about the ongoing challenges of security breeches and fixes faced by organizations and individuals."

I don't know whether to laugh or cry. No, that is a lie. I laughed.

When are we going to get it? When can we move on to other things?

No comments: