I have not posted in ages, and then today I post three times.
So is life.
The point is that I posted that first photo of my son at the beach, but then I had to write something about Marcus Ranum interview…
Only now the blog looks less colorfull and so much more boring.
So I'll post another photo of the same serie:
Several People, including Stephen Tolouse, picked up this great interview with Marcus Ranum:
http://www.securityfocus.com/columnists/334/3
Here Marcus says also that he does not agree with the approach of De-Perimeterisation (moving the firewall from a centralized position to each host).
I admire him and respect him a lot, but I see that he can't imagine a world wihout firewalls, being one of the fathers of the firewalling technology…. 
But that's provoking. I mean it's just a tease to say that we don't need firewall at all.
Firewall is still necessary, but it will slowly loose its centrality, that's more the point, IMHO.
Attacks will and DO happen more at the application level only, to the point where you pass THOROUGH a firewall anyway, with those ports that are open everywhere (HTTP anyone ?).
So we should harden the machine and protect them LIKE IF there was no firewall.
I do like the De-Perimeterisation instead, like Steve riley says in the "death of the DMZ" (Italian Article/Translation here – Original Speech here).
Sure, ONLY taking care of the data is not enough, and the problem of Transitive Trust he mentions makes sense.
But again, ask 100 to get 10. If you push it to the extreme limit (=no firewall at all) you maybe get people to HARDEN their machines finally.
Then if you got both (hardening AND firewalls)…. well, that's better.
I think at the end of the day what really counts is INCREASING the security measures TO THE HOST level…. so you don't *just* rely on a firewall like many corporations have been convinced to be able to do for years… while being wide open in the soft center with a crunchy shell….
Not me now. No, now I am at work. But the past weekends we have been going quite often to the seaside.
Kids enjoyed it very much.
I have not posted in a while.
I have, in fact, been quite busy, both for work and personally.
Then the site has been down for a couple of days. hopefully now that is over.
It had to do with an upgrade which broke some things in my very peculiar configuration, you can find more about it at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=312562
This happened mainly due to this machine running on a UML kernel I suppose.
In fact this is a UML machine, but it isn't a honeypot. But this is another story…. this is another theory I got which I will talk about at one stage, where a virtualized environment does not necessarily means a honeypot, as some people like to say. This is a Virtualized machine from the very fine guys at rimuhosting.com
Then what ?
Then I found another awesome social networking site I did not yet know about: 43Things. This seems pretty cool.
And What else have I been doing ?
Mosty working. Not much time to get to post anything really…
Complete Status Feed
43people Feed
Local Feed
Shared Stuff I am reading
