provocative headline right? I just recently read that thats the way to catch readers *blunt*
Im not going to discredit your networks security in this (short) post but just want to make a point I’m making over and over again to everyone who is talking about network security:
I dont think there are secure networks anymore today!
The Web 3.0 (or 2.8 as Microsoft might version it) is just too complex and even the layers and layers of security gateways you can shove into your network to protect it can cause security risks themselves. Examples:
I think with the right kind of backing (money and influence mostly) everyone can hack everything. Whole stretches of countries like Russia and China live on cyber criminality nowadays and skilled hackers come cheaper by the day.
A good example for this is the, in terms of IT calculation of times, ancient DigiNotar hack which was properly disclosed by the security company that researched it. A quite extensive report can be downloaded here:
I recommend this as a good read for every Network Security administrator and anyone who is interested in secure network/dmz design and how it can be circumvented in the end.
Most companies would rather die, or get hacked again and let it leak ;), than disclose such detailed reports on how their network security failed! So this report is a real jewl in my opinion!
But as the CCC stated the SSL-System is broken anyhow:
But don’t get me wrong: I still think all those layers of network security are important (to save my job and) to keep all those script kiddies and lesser skilled hackers and competitors at bay!
Feel free to leave a comment about how you feel regarding Network Security as a whole.