Industry leaders debate state of network security tools

LAS VEGAS—Network security took a beating at the Black Hat Briefings held last
month.


Speakers offered up wildly divergent views. Some called network security adequate, but
others said it is irreparably broken and must be rebuilt from the ground up.


“I think we’re doomed,” said Marcus Ranum, president and chief executive
officer of Network Flight Recorder Inc. of Woodbine, Md., a maker of network monitoring
tools.


Security is bad and will get worse, Ranum said, because “there simply are no
incentives for producing high-quality software.”


Nonsense, said Ira Winkler, a former National Security Agency employee and now a
security consultant. Tampering workers and bad security policies pose bigger security
threats than flawed software, he said. Patches and other fixes for most vulnerabilities
are readily available.


“Upgrade to the latest version, and you’re OK,” Winkler said.


The two-day briefings on the nuts and bolts of network security drew managers, security
experts and hackers who get their kicks from punching holes in systems.


Winkler said the prowess of most network intruders is greatly overrated. Most hackers,
even those who achieve well-publicized results, are merely “script kiddies” who
execute simple programs downloadable from the Internet, he said.


“I could teach a monkey how to hack a computer in four hours, and that’s
being generous,” Winkler said. “The problem is: Potential victims don’t fix
the problems.”


Conference organizer Jeff Moss agreed. Moss is director of security assessment services
for Secure Computing Corp. of Roseville, Minn., the conference’s sponsor.


Moss said there are too many weaknesses, too many patches and too many
products—all of them changing too quickly for most administrators to follow.


“You could build a very strong network if you did everything that is
necessary,” Moss said. But most administrators have neither the time nor the
expertise to do everything, he said.


Moss, a self-proclaimed security Nazi, agreed with Ranum.


“More and more people are rolling out unsecure products,” he said.


Ranum blamed the failures on pressure to bring applications to market quickly.


“We have a lot of shovelware just being thrown over the wall with no security at
all,” he said.


Since computers first began to communicate with one another, each layer of the network
has ignored security, Ranum said.


“Security to this day is viewed as an SEP”—somebody else’s problem,
he said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • robot typing on laptop (Zapp2Photo/Shutterstock.com)

    GSA to agencies: Tap MGT for emerging tech

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group