December 15, 2006 - #173
Good Morning:
Big Friday and a huge day in my house. Tonight is the first night of Hanukkah, so the kids are very excited and it's given us a pretty good disciplinary wedge over the past week or so. Every time the kids would act up, you just throw out the "OK, we're going to give one of your Hanukkah presents to charity" and that gets them back into line pretty quickly. You know where their heads are at. So regardless of how commercial our little December festivities have become, it's great to see the kids excited and it provides an opportunity to get together with family, eat some fried food, and work hard not to burn the house down since the kids love to light the candles. So Happy Hanukkah to those of you out there that will be celebrating tonight.
I'm running late today and I need to dash off to the gym before my afternoon calls, so not much time to rant. Suffice it to say security vendors need to put up or shut up about PatchGuard (here [0]) because they are only making themselves look stupid by inferring that Microsoft doesn't have the right to change their OS. In blog-land we see the first potential issues of open source, given that it's becoming harder for communities to keep up with the number of security issues that materialize (here [0]). It's certainly something to keep an eye on.
FYI, there will be no TDI next Tuesday. I'm taking a family day.
Have a great weekend.
Technorati: Information Security [1]
 [2]Coming January 2, 2007 |  [2] |
Top Security News
http://www.smartmoney.com/onedaywonder/index.cfm?story=20061214&afl=yahoo [3]
Link to this [3]
http://biz.yahoo.com/prnews/061214/sfth032.html?.v=86 [4]
Link to this [4]
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1235055,00.html [5]
Link to this [5]
http://www.informationweek.com/showArticle.jhtml?articleID=196603888 [6]
Link to this [6]
http://blogs.ittoolbox.com/security/dmorrill/archives/Information-Security-Malpractice-13447 [7]
Link to this [7]
Top Blog Postings
http://1raindrop.typepad.com/1_raindrop/2006/12/open_source_sec.html [8]
Link to this [8]
http://www.computerworld.com/blogs/node/4175
[9]Link to this [9]
here [10]) that appliances are not like people, in that appliances tend to do one thing and people can evolve their skill sets and serve multiple purposes. Since Hoff's box can do different things depending on what software you run on it, he got a little grumpy about the contention. But once again the discussion gets back to different strokes for different folks. It really depends on how big your company is. Chris' point about many security skills not being readily transferable is right. You are not going to turn a FW admin into an IPS guru in a day, not in a large environment with millions of attacks and the need to tune signatures in real time. You need an IPS specialist. But in a smaller company, the FW guy must be the IPS guy because HE'S THE ONLY GUY. This situation calls for the generalist. So for a change, both of these guys are right - it just depends which color glasses you put on to look at the problem.
http://rationalsecurity.typepad.com/blog/2006/12/people_are_tool.html
[11]Link to this [11]
http://riskmanagementinsight.com/riskanalysis/?p=67
[12]Link to this [12]