April 15, 2005

Preparing a presentation

The last week has been a crush of work and related activity.

I just finished preparations for an ISSA presentation date that was just moved up a month. I will let you know how it goes tomorrow. Below is the teaser:

Feel like our world is too complex and spinning out of control? Just as economic changes outpace our legal system in economic globalization, technology outpaces security in the virtual world. Globalization has led to conflict between 'core' states which embrace connectivity and 'gap' states which reject it. Electronic connectivity brings a flood of content flows (including ideas, culture and debate) escalating this conflict. In the virtual universe we also have our 'core' and 'gap' entities which are 'Net Ready' or open to disaster. These forces bring discipline, services architectures and privacy mandates. E-commerce requirements continue to invalidate the value of perimeter security and increase value of defense in depth and replacement architectures such as boundaryless information flow.

The core premise is based on the highly influential work of Thomas P.M.
Barnett where awareness of Y2K problems led to preemptive efforts while the World Trade Center attacks led to reactive strikes. So, too, we can choose to take a preemptive or reactive stance toward cyber threats as organizations and as a system. Armed with this knowledge we can seek solutions that address these concerns.

Join us for: Are We Ripe for a Cyber 9-11 Attack? Or How I Learned to Stop Worrying and Love Globalization.

Stuart Berman is a security architect at a local large global corporation.
He specializes in Internet and firewall architecture, has been a network engineer for over 10 years, was a Master CNE when people used to talk about Novell and regularly corresponds with Thomas Barnett and his associates. For additional information on Thomas Barnett visit his blog or website at: http://www.thomaspmbarnett.com/

I have also worked on an article that should appear in one of the trades next month - keeping my fingers crossed.

Continue reading "Preparing a presentation" »

Apr 15, 2005 2:50:56 AM | Globalization, Security

April 04, 2005

Expert Voices

In Lexus and the Olive Tree Thomas Friedman argued that economic interdependence equals prosperity and peace. In his new book he says the argument's over; globalization is here and it's good. But succeeding takes work, forethought, and resistance to "idiots" who say borders protect us.

CIO Insight has published a remarkable interview with Thomas Friedman who talks about outsourcing and his forthcoming book.

CIOs and IT management need to have a much better understanding about globalization and to get the message to stop shirking the duty to talk about it. His point about spreading stupidity about globalization is dead on as well as the ‘rule of law’ being a competitive advantage for us.

...a lot of things need to change. First of all, we need leaders who will dare to describe the world to us as it really is and make us smart, not make us stupid. ... Jobs are produced by thriving companies that are growing, and they may be produced all over the world, that's a good thing, but plenty will be produced here.

As an IT technologist I can’t agree more with Friedman. I have a choice to learn to become an interface with whomever we choose to get IT services from or to work for an IT services firm. The IT labor shortage taught us that each company can’t afford to be its own vertical IT supply chain, IT staff is now able to provide dozens of customers with the services it used to provide to only one.

The smartest things that I've seen companies do is trying to make their employees "versatilists," which is another word for untouchable. Versatilists are people who don't just know XML, they also know how to do distributed computing.

You take every employee, and you make this bargain with them: We cannot guarantee you a lifetime job, nobody can. But we can guarantee you that while you're here, we'll give you every opportunity to really become a versatilist. So if you stay here, you're more valuable to us because we can move you from here to here to here to here. And if, God forbid, we have to lay you off because we've found other ways to do this job cheaper or more efficiently, you'll be that much more marketable somewhere else.

Friedman also offers some wisdom about Sarbanes-Oxley:

Some people view Spitzer and Sarbanes-Oxley as hindrances to America's global competitiveness.

I think that's about as dumb as the day is long. Anyone who believes that is an idiot. The rule of law is one of our competitive advantages, and that's not to say that at times regulation can't go too far. But I'd rather err that way, and reel it back, than not have it at all.

Friedman does a great job explaining globalization conceptually, but I find that Thomas P.M. Barnett does a better job of describing its practical effects, however Friedman has an advantage now of knowledgeably addressing today's IT issues within a global context. Recently Barnett dismissed Friedman's forthcoming book but it is more likely from the stress of trying to birth his own new book. If Friedman's book is written along the lines of this interview it may offer plenty.

Apr 4, 2005 10:23:49 PM | Books, Current Affairs, Globalization, Trades

March 05, 2005

It's about relationships, friend

I am a security professional and I often ask myself what value we bring to the business. Why does the business want my services? I usually end up at the same conclusion. Business is about relationships and these relationships are built upon a degree of trust. Security functions to protect that trust.

You look around and see how much technology and life has changed us. The life of your grandparents' childhood seems alien, the pace of life, their prospects, and their goals. Yet very little has changed. Life has always been about relationships. You conducted business on the basis of trust and agreement. You started families on the basis of trust. You went to war over lack of trust.

Trust is also the basis of our government and society. We think of our laws as rational and blind based upon logic but in reality they are subject to relationships. When our laws cease to serve us and have been turned against us that trust is broken and relationships dynamics force them to change. In the 18th century this wrought the American revolution. We saw our recent election as a vote of confidence in our government. And today we see this force visible in the Middle East as change sweeps through the deserts like a great tsunami.

An important factor is the culture of a society which defines those relationships.

In the U.S. our relationship with our government could be described as subservient to the citizens. The design of our Declaration of Independence, Constitution and subsequent Bill of Rights is of limited power and limited trust. We believe our Creator has bestowed upon all people certain unalienable rights. Individual liberty is inviolable and held in highest regard. This doctrine of ours is infectious and admired, disdained and feared around the world.

Other governments are the opposite. There are monarchies where the power is considered to be granted by God to the rulers and citizens are subject to that power. Other governments claim to be a service to the people but the legal fiction is far from the truth such as evidenced by the tyranny of Baathist regimes. Those oppressive relationships which were seen as inescapable are now being rethought. We see the instinctual reaction of people to this hope of freedom and we also know from our own experience that the transition is neither smooth nor easy. But it is worthwhile.

Is this the issue today between 'Left' and 'Right'? Do Liberals expect perfection of the law to be our trust? To create a fair system that is incapable of oppressing people? Do Conservatives expect to withhold trust from a system that will never be perfect and always subject to corruption? To rely upon limited powers and the dynamics of relationships to balance the needs of the people against the needs of individuals? Or is it that the 'Left' is right brain driven looking at the emotional impact of our society fearing the responsibility of actions while the 'Right' is left brain driven seeking a logical framework which is tempered by common sense?

Of course the truth is somewhere in the middle or at least a combination of these extremes. Read on to find links to my discussions on national identity systems.

Continue reading "It's about relationships, friend" »

Mar 5, 2005 12:39:02 AM | Current Affairs, Globalization, Security, Weblogs

February 27, 2005

Win Win World

Stanley Greenspan in his new book, First Idea, proves that language development and the ability to reason are founded on emotional responses between an infant and its environment. This disproves Noam Chomsky's assertion that language skills are genetically hardwired into the human brain. That's two down, Noam seems to have lost a lot of credibility, first in his avocation, now in his vocation.

John Perkins wrote Confessions of an Economic Hit Man which portrays America as profiting at the expense of other peoples. While I believe he gets the analysis all wrong (even though his experiences were I am sure as described) he is right about the solution. In his discussion on CSPAN he describes the need to help other nations become prosperous and to reach out to them with our hearts. He reveals his real passion about this and in this regard he is very right. We need to be compassionate and care about our neighbors and when they know this we will see real success. This is a win-win world we live in.

Feb 27, 2005 7:22:43 PM | Books, Current Affairs, Globalization

Help Wanted to Expand Free Speech Globally

From Dan Gillmor's blog:

A group that wants to assist free speech in authoritarian nations is looking for a technically savvy person -- a CTO or lead engineer type -- who can do a short term study, possibly leading to a longer-term job. This is a paying gig for the right person.

Seems to me a perfect fit for FreeNet

H/T Emergent Chaos

Feb 27, 2005 5:44:11 PM | Globalization, Security, Weblogs

February 26, 2005

The World has Changed

Omar from Iraq the Model has this to say:

Bottom line is: the world has changed, we're not living in the fifties anymore and when a tyrant is kicked out, no other tyrant can claim his place. Why? Because nothing can be done behind closed doors anymore, the whole world can watch and have a say in almost everything everywhere and the era when thugs could reach power against a nation's choice is over. The world has simply changed and the change cannot be reversed.

This fellow in Iraq sees the past, present and future. Do we see the effect we can have?

Continue reading "The World has Changed" »

Feb 26, 2005 12:25:50 AM | Current Affairs, Globalization, History, Weblogs

February 24, 2005

Isn't America a great place?

There was an article in today's Wall Street journal that shows the interesting differences in opinion between IT management and corporate CEOs. The IT managers are fed up with insecure software that costs companies fortunes (ATT spends $1 million per month to patch) to maintain (Microsoft Windows being the obvious target) and desire changes to the laws that would change the liability to software vendors. CEOs on the other hand are suggesting reducing the liability exposure of technology users (so they don't have the buck passed to their companies) rather than increasing the liability of software vendors. So I hear that IT managers don't want the costs in their budgets and CEOs are more concerned about getting sued by customers and vendors. Isn't the obvious answer to stop purchasing that flawed software and buy something more secure? Within the same article I see an unexpected benefit of Sarbanes-Oxley, that is how it is raising the security expectations of compliant companies.

Now that may be changing because of tough new accountability and privacy rules, such as the Sarbanes-Oxley financial-reporting standards, federal health-information regulations and California laws protecting customer data. Corporations are telling technology suppliers that if flawed software makes customers liable under these rules, suppliers should be, too.

Others like Adam Shostack on Emergent Chaos think SOX is detrimental to corporations.

There is a glimmer of hope for Thomas Barnett's vision of the civilized world coming together for its common good - in yesterday's WSJ:

Mr. Helmer is the informal leader of a small band of British, Polish and Czech conservatives in the European Parliament who look to the American conservative movement for inspiration.

The addition last year of 10 mostly pro-American countries to the EU -- many from the former Soviet bloc -- has lent some legitimacy to Mr. Helmer's mission...

But in his desire to shake up the European way of thinking, Mr. Helmer has found allies among some of the new Polish and Czech members of the Parliament, who remain scarred by communism and militant about standing up to international thugs and dictators.

The newcomers share with the ... Britons an intense opposition to a European constitutional treaty. It would help foster a "United States of Europe," they say, that would challenge American dominance -- and shrink from the Bush doctrine of spreading freedom and democracy.

Michal Kaminski, a 32-year-old member from Poland, chose to praise Mr. Bush in his first speech last June before the 732-member chamber. He was booed. "It didn't bother me," Mr. Kaminski says. "I grew up under communist occupation. There were only two leaders that helped my country at that time: Ronald Reagan and Margaret Thatcher."

A Czech member of the pro-Bush faction, Jan Zahradil -- who may be his country's foreign minister if his party wins the 2006 elections -- says he supports Mr. Bush because "any weakening of the United States means a de facto threat for the whole world, especially Europe."

Speaking of threats, that dear valedictorian from a Virginian high school who plotted to murder our President, Abu Ali... turns out this was no ordinary high school but one of many Saudi funded (US based) private madrasas-like high schools that teach hatred for Jews and Christians. We don't seem to be hearing much about poor Ali's background, can't a US schooled terrorist get a break?

But we face plenty of threats from people who work around us. Another WSJ article described the growing problem of identity theft often taking place in hospital rooms - often victimizing terminally ill patients. They don't need their money or identity anymore, do they?

Hospital patients are vulnerable in part because they are unlikely to detect anything amiss. Some may never leave the hospital. A team of alleged identity thieves arrested in 2003 in New Jersey were targeting the terminally ill, according to police.

Identity-theft experts recommend that patients and loved ones protest any visible use of Social Security numbers, such as on wristbands or unguarded charts. At the very least, patients may be able to darken a couple of numbers. Patients should refuse to answer aloud any verbal request for those numbers when they might be overheard.

I will follow up with a post on spyware soon - one of the less understood threats that will probably blossom into a real epidemic this year.

People are upset by the changing economy, outsourcing, foreign affairs and even the weather (equated with climate). But it isn't a time to despair as we are going through enormous changes and most of us don't like change. But should we go back to living in the 16th century - embroiled in wars and overcome by diseases such that we expect that many of our children wouldn't survive to adulthood? Our history is that of human resourcefulness and ingenuity striving to provide a better world for our children. The forces of change around us allow us to grow and improve our condition. It's also painful and not without risk. Expect criticism and resistance as some want to turn back the clock (perhaps to a time when we built cars without caring about competition and we could wrap ourselves in our own luxury and keep our eyes tightly closed), but as Tom Barnett likes to advocate - let us build 'a future worth creating'.

Let's stop expecting the government to take care of us. They need to have a limited role in our lives as our founders understood. We don't look back to the days of the founders - we should build on the success that they found in creating this country where the rights of the individual are preeminent. We must remember to be humble and respectful as not everything is as it seems.

Feb 24, 2005 9:39:17 PM | Current Affairs, Globalization, Security, Web/Tech

February 21, 2005

Dictators, Moms and Manhattan

I noticed an ad in Fortune magazine for an upcoming Fortune GLOBAL FORUM 2005 conference for China and the New Asian Century where Chinese President Hu Jintao will be the keynote speaker and thought that Barnett's view of peacefully rising China is unfolding before us.

Then I noticed that the Feb 13 issue of Parade listed the world's 10 worst dictators based on input from Amnesty International, Human Rights Watch, Freedom House and Reporters without Borders. What strikes me as odd is how President Hu Jintao of China gets the number four spot. While China is certainly not free and the regime is repressive, it seems odd to compare despots who rule as absolute dictators with heads of government that happen to be repressive. That would be like calling Gorbachev a dictator. Both men were leaders of repressive regimes, Gorbachev led his country to freedom, Jintao may be on that path as well. If it means anything China went from number three last year to number four this year - a trend that ought to continue.

Our local paper has a piece on the growing demand for Chinese baby adoption by single mothers. The repressive Chinese government prefers adoption by couples and restricts the number of annual adoptions by single mothers and forbids adoptions by homosexuals. I can't imagine being a single parent and wanting to adopt children - it takes my wife and me all we got to raise our kids. Seems like some of these women are succumbing to 'biological clock anxiety' or just plain selfishness.

I forgot to mention that last week we took the bus into north Manhattan then the subway (A train) down to the World Trade Center site. We walked to Battery Park and then to a nice restaurant overlooking Times Square before heading back to the hotel. I can't believe how civil and clean the subway is now (last time I rode was over 35 years ago). WTC was somber and stirring. I was surprised at the 17th Century history that was leeching out during our walk through lower Manhattan, from the thought of the old stockade designed to keep the British out (now called Wall Street) to the site of the United States Custom House (today the National Museum of the American Indian) which was formerly the site of Fort Amsterdam and the one site forbidden to Native Americans at the time.

Our flight back from Newark was delayed and we missed our connection. Instead of staying the night in Detroit, I rented a car to drive the two hour drive home - my business partner managed to find a few other souls who were desperate to go with us. We spent the middle of the night talking about spyware and identity theft, one of the passengers (who happened to be the navigator from the flight) asked how some of the online companies were able to provide information such as social security numbers on others. I guess the recent ChoicePoint scandal answers that question.

Feb 21, 2005 9:57:53 PM | Current Affairs, Globalization, History, Security

February 20, 2005

Rule-Sets and positive models

I just returned from a business trip to New Jersey and realized that I need my own personal rule-set reset. This has been in the making since last year when I ran a 10K run and after a few weeks found my knee uncooperative in any kind of running. Coupled with business travel and too much sedentary activity I have reached a point where I am motivated to change some dietary and exercise habits. After an extended exercise sabbatical I was pleased this morning to be able to complete a short run. Thankfully I didn't require a system perturbation, such as a heart attack, to motivate me but I have noticed that the context of my environment has a huge influence upon the success of my efforts. The rest of my family flew out to the West coast to see relatives and I am taking a few days off from work to catch up on personal efforts which have suffered as a result of too many hours spent at work. Just like breaking the habit of cigarette smoking, the greatest obstacle to embracing and implementing a rule-set reset is the existence of old habits.

The boys at The New Rule Sets Project, LLC look at global security issues such as system perturbations such as World War II led to rule-set resets such as the Marshall Plan and implementation mechanisms such as NATO. Their focus is on current issues such as globalization in a post 9/11 (system perturbation) world. As in my case the problem in moving forward seems to be the old habits that nations are reluctant to release. Within the US typical mind-sets that pose hurdles are various positions such as our role 'nation building' and as a 'global police force'; the role of the UN; deficit spending; outsourcing; and short term returns.

In the world of IT Security it may be worth considering the rule-sets of network firewalls. Network firewalls are always being 'tweaked' - rule sets are changed slightly to adjust for business at hand, such as allowing the public to reach a new web site. It is unusual to make a sweeping change (rule-set reset) without good cause (system perturbation driven). An example of this would be a huge spike in virus/worm/malware activity (or perceived increase in threat) that triggers major policy change (such as going from a 'default allow' position to a 'default deny' position or blocking outbound traffic not on well known ports). While this change may be seen as very positive from a security practitioner's point of view the resulting change would certainly cause a huge upset to the user base. Any experienced security person would consider this and understand that the big obstacle to trying to implement this new policy would be people's web habits. A couple obvious ways to get this better policy implemented would be by dictate (unilateralism) or by stages (evolution) but in any case would still involve pain on all sides.

Back to New Jersey... Network firewalls are extremely dumb. (Well - technically packet filter firewalls are really dumb, whereas proxied based firewalls are rare. Joel Snyder points out that historically proxy firewalls also 'cheat', vendors wrote proxies for certain applications and the rest of the traffic is handled in a filter like manner.) IT Security models are typically negative which is that we block stuff that we know is bad and otherwise allow activity. The system that I saw in New Jersey by Whale Communications called e-Gap offers a positive model that looks for good and known behavior and blocks other behavior. One of the reasons IT is struggling with malware and patches is that formerly unknown activity causes trouble until new signatures and patches are developed and deployed.

I see that e-Gap will be very valuable in networks as a supplement to protect sensitive applications and systems at an affordable price. (I recently read an article that estimates a thorough application vulnerability assessment may cost $50,000 per application.) Whale has a problem because it's product does not neatly fit into a standard category. They do several things all within the same product (although licensing determines functionality): e-Gap is a remote access device (SSL VPN) which is able to limit access to application specific functions; e-Gap is an application firewall with some common applications pre-defined; e-Gap 'breaks' the network connection to protect systems from network based attacks; and e-Gap provides end-point (remote PC) evaluation to ensure that remote PCs are secure enough to access an application. Most of their competitors can't or won't come close to providing the value they offer. I had the opportunity to see their impressive product, meet their staff which is very smart and full of enthusiasm - watch them closely. The time seems ripe to consider the advent of another system perturbation as applications are being hacked through application weaknesses rather than through network or OS hacks. The time seems right to adjust our rule-sets where we add another layer of defense to critical applications as well as ensuring that potential clients meet minimum qualifications.

Some of the positive/negative models can be seen in daily life:

  • You normally aren't blocked from walking into a public store such as Target. But if you start behaving 'wrong' such as screaming at the top of your lungs - then you will be escorted out of the store.
  • You aren't given a tour of available homes until you are 'qualified'.
  • You could attend an event like Woodstock and almost any behavior was tolerated.

Along the same lines, some applications require nominal protection, others require better protection and others even more protection.

Continue reading "Rule-Sets and positive models" »

Feb 20, 2005 5:30:54 PM | Current Affairs, Globalization, History, Security, Web/Tech

February 14, 2005

Link to Jackie's blog

Things got a little testy over at Jacqueline Mackie Paisley Passey. A case of mistaken comments and poor inference on my part. Luckily Perry was gracious. I can imagine that this could have been a 21st century version of how the Hatfields and McCoys feud got started. Oh well, that's how I learn manners - I seem to learn more often at the school of hard knocks

Jacqueline is a smart young economist Libertarian lady (who informs us that the "Libertarian Girl" blog is actually penned by a guy - glad I didn't have exposure to that) with a very smart crowd.

I ended up jumping into the comments around the Iraq war and economics. I couldn't resist referring Tom Barnett especially with all of his work with Cantor Fitzgerald and the 'global transaction flows' that should be right up the alley for those interested in economics. I hope they weigh in on his work.

I look forward to more visits there (hoping to stay out of trouble, too) and highly recommend the site.

Also mentioned my latest comments at ZenPundit about the possible motivations of the Islamists and hoping to get Dr. Khaleel Mohammed's input.

Feb 14, 2005 1:20:11 AM | Current Affairs, Globalization, Religion, Weblogs
« Previous | Next »

Stu

I'm a corporate network security guy with 2 kids

Search

Recent Comments