« May »
Locations of visitors to this page

Powered by blojsom

Radovan Semančík's Weblog

Sunday, 14 May 2006
« Effort to implement Enterprise IDM | Main | Single Directory Paradigm »

InfoSeCon 2006 conference is over. It was really great conference with unique atmosphere. The opportunity to talk in length to other speakers and to share the ideas was priceless. I also appreciate that the conference was vendor-neutral. That's something that we cannot see that often in our longitude. It was unquestionably the best conference I've attended in Central/East Europe.

The presentations and discussions with other attendees provided a lot of insight and tons of material for toughts. I will follow up with more in depth meditations later. Now I only want to present the overall "look & feel".

Marcus Ranum perfectly summarized current state of information security in two words: "all sucks". That's exactly what most of the presentations were about (including mine) - at least partially. Firewalls do not really work, workstations are insecure, it is really difficult to get the security management processes right ... nothing really helps. But what is even worse: nobody really know what to do about it.

There was a lot of good presentations focused on methods to get the security processes right by the "risk managament" folks. Marcus Ranum talked about the fallacy of "generation 2" and "generation 3" firewalls, while hinting about what went wrong and what can be done about it. There was an excellent presentation by Vince Gallo describing the promise and limitations of security system of Windows Vista. But one way or another, no satisfactory short-term solution seems to exist.

Maybe we should call this the "Security Crisis" ...
(gee, I hope haven't I just created a new buzzword)

Posted by semancik at 9:59 PM in security

Add your comment:
(not displayed)
Generate another code

Please enter the code as seen in the image above to post your comment.
Your comments will be submitted for approval by blog owner to avoid comment spam. It will not appear immediately. Also please be sure to fill out all mandatory fields (marked by asterisk). This ... ehm ... imperfect software does not have any error indication for missing input fields.


[Trackback URL for this entry]