home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers



Firewalling Your Persona l Perimeter

By David Willis
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/
 Maybe I could use a paper clip to hold up my eyelids, I thought. Sitting across the table was a security auditor reviewing our internal procedures. Hey, can I get some more coffee here? Or maybe some methamphetamine with a little foam?

The clipboard-toting weasel took three hours of my time and left a trail of new work behind him. Ultimately, his security study introduced layers of procedure designed to track every minor system change and collect mounds of user-activity information. This new process took hold for a few months and then was abandoned when another consultant identified that our IT staff was overburdened with administrative work and our systems wer e bogged down logging the movement of every user.

This story isn't unique. Most companies just don't know how to achieve a sane security policy, one that protects information assets for a reasonable cost. Instead, we thrash about with quick fixes--a form here, a firewall there, the occasional audit. The responsible forces at work are fear, a general distraction by IT and a lack of understanding that starts with IT and gets progressively worse toward the top.

First, we have fear--an emotion that many security vendors are perfectly happy to promote. Despite the fact that the highest risk to information is rarely at the network perimeter, the threat of hackers from the underworld still produces headlines and commercials on prime-time TV. Fear can generate substantial vendor revenue and divert money from important projects. But paranoid security is just a cost center, a bottomless money pit that won't enhance company performance.

IT, along with most software vendors, is principally concerned with adding capabilities that will contribute to the bottom line in some fashion, through user productivity, reduced labor costs, faster time to market and so on. My auditor friend doesn't help me here, but mostly gets in the way of delivering service to my customers. But it's my fault if I don't manage him well, and to do that I need to understand the risk and cost trade-offs that drive security policy and take over the problem myself by becoming a champion for a sane security policy. I also need to understand the tools and techniques that will keep it manageable.

A Practical Security Education Isn't It's not easy to take a rational approach to security, so we're doing our part to help. In these very pages, you've seen detailed discussions of the real-world limits of critical security technologies: certificate authorities, firewalls, S/MIME and VPNs, to name a few. We've assessed the overall state of security and how these technologies fit--or don't fit--your environment. Very few products get high grades b ecause we evaluate them against the ideal solution, not on a curve. If you don't need a product, we tell you.

Network Computing continues to promote practical security by presenting The Internet Security Conference (TISC) April 6 to 8 in San Jose (see tisc.corecom.com for more details). Our editors will be presenting sessions on secure e-mail, advances in biometrics, secure remote access, desktop encryption and our analysis of certificate authorities. A vendor fair will demonstrate real applications running across a distributed network, including VPN products running at Network Computing's own Real- World Labsý.

TISC will feature tutorials and workshops conducted by a world-class faculty, the really big names in security: Dr. Steven Kent will teach network security principles and protocols; Dr. Radia Perlman and Charlie Kaufman will provide an overview of commercial security systems from a technical perspective; Marcus Ranum will predict the future evolution of security tools. And those are just for st arters. These experts understand the technology inside and out, have decades of experience and are just plain interesting to hear.

I attend conferences to learn and I've always been disappointed by the security sessions. Academic presentations often cater to mathematicians, scholars and product developers. Vendor presentations have mostly been self-serving. Finally, we get a conference that provides something more memorable than a hangover.

David Willis can be reached at dwillis.nwc.com.


Other Articles by
David Willis

Secure Electronic-Mail: Return To Sender?

Managing Digital Keys

RFP: Detailed Solutions for WAN Tehnology

Listen Up! Cisco Now Does Voice

Other Columnists

Corporate View
By Brian Walsh
In The Middle
By Nick Gall






Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo JitterPlug Into The Cloud
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet EvolutionPyramid Research
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights