Sunday, September 18, 2005

Once more in to the breach....

So I have started to recount this phrase to myself on a Sunday evening ( over a beer.. or two.. ) before stepping once again in to my job on a Monday morning...

I am an 'Information Security' practitioner for a large national mobile Telco and the landscape _is_ always changing... ( though we face the most basic challenges of yesteryear also..)

...out of the trenches and march forward in to the (semi)-unknown! Perhaps someone will allow the 'Red-Cross' in and sing 'Stile Nacht' over Christmas, while we bunker down and play a MMORPG.. however I doubt it as the Internet never sleeps! ( And nor should SecOps! )...

I have been aware of 'Marcus Ranum' for a while but revisted his site recently after a link was sent around for 'The Six Dumbest Ideas in Computer Security'..

I would like to share with you some of the 'nuggets' in this 'Prophet's' site, that not only _pre-date_ but echo most of my sentiments -> if you have been here before:

Aside: I am only a mere mortal vs. this 'security-techno-demi-god' !

Quotes like:

1) Set up the production systems
2) Make them work
3) Test them
4) While true; do
If they are working; Continue; Endif
If they are not working; GOTO 2; Endif
5) Done

( Maybe OpenBSD + layered security + quality userland software.. )


The mainframe programmers of the 70's and 80's used to write of a practice called "Change Control" - in which production systems were managed with care and forethought. During the late 90's the last of the Change Control believers were taken out and shot, and their cubicles were given to the consultants who were there to mark everything up in XML in order to make everything better in some manner nobody understands yet.

maybe the 'calender' based upon the classic 'Motivations' calenders:

1 comment:

Anonymous said...

Nice link @ ranum's.

I like his firewall - the thought had occurred to me.

A variant would be to plug the phone line into the power socket when you get those infuriating automated numbered menu responses.

However, a number of hardware compatibility issues would need to be resolved first.

Keep up the posting. Good provocative stuff.