* Zachary Uram sez:
: Sounds bleak. So how will security industry deal with this coming
: deluge of expected escalatory and intensive proliferation of
: virus outbreaks and DDoS attacks?
Those who sold security in a product will slowly die out. Especially
those who claim to be able to stop DoS via Hardware. Those who sold
Security as a process, comprised of products and services, will gain
strength.
The Industry HAS to move on to a more service oriented approach (the
days soemone could tell anyone that ZoneAlarm is a Firewall are luckily
over now, I hope), more education and more user awareness. After all,
the question if and how you're DoSeable is dependent on quite a large
amount of factors. It starts with your ISP, his Bandwidth, your
Bandwidth, his router-configs, your router-configs, your systems and how
you are located within a network (being close to an IRC server or eBay
might not be the wisest choice if you want to stay away from collateral
DoS damage)
1995 I sold my brain to setup firewalls and IDSs. 1998 I sold my brain
to do the same. Today I would not make a single cent this way. Today I'm
selling my brain to predict risks associated with some factors and to
educate people on WHY it is a bad idea to do X,Y or Z and whi A,B and C,
though seemingly more painful, are a better idea.
Companies have understood that their internet connectivity, their
workstations, yeah even their email, has become more than mission
critical. They've been burned over the months and years by 'Make
$$$ecurity fast' vendors with shiny brochures, nice Java applets on
their homepage and sales people wo knew the buzzword dictionary back to
front.
As I see it, there's three big threats today: The lack of general
security awareness (perfectly displayed by some 8000 'fxxx USA
Government' defacements using an 8 months old trick), Sharlatans and
Snake-Oil-Vendors[1] on the Security Industry side and thousands of
kiddos just waiting to use their freshly downloaded scriptz on some
unsuspecting host.
[1] http://www.onetimepad.net/en/snakeoil.html
PGP signature
