The myth of cybersecurity

[Palemoon]

Boy the White House is really on top of things they have now figured out what a few million computer users know

"In late July at a technology conference in the nation's capital, President Bush's top cybersecurity adviser, Richard Clarke, said the technology industry was acting irresponsibly in selling computer network devices that remain remarkably easy to attack."

By Ray Ozzie : http://news.com.com/2010-1071-949678.html

[haknwak]

Interesting chap, this Clarke guy. I met the man and attended a conference over which he presided. He didn't strike me as anything out of the ordinary. BUT - he is taking advice from any and all facets of industry in working towards a security goal.

His goal is to place a "secure device" which the general populous will accept and trust in every household.

Lofty goals - I'm waiting to see the results.

[RiOtEr]

i saw somewhere that the pentagon said they have realised that they get thousands of port scans a day i almost fell outa my chair they had to realise it wouldnt u just assume...?
rioter

[digitalgadfly]

I am an IMSO (Internet Management Security Officer) in the US Army and would like to add that I feel our local network security on most machines is far below standard. I am not a top dog here but I wish there was a way to get them to tighten up. At the level I am at I try to do all I can. I am currently writing a SOP (standard operating procedure) on how we should implement network security within our unit. So anyone wishing to toss ideas out there I would appreciate it.

Here is some interesting news..... http://www.blackcode.com/news/view.php?id=297
There is no doubt in my mind that this happens more often than not.

[Ice Czar]

Implement a seriously strong password policy Alphnumeric + Symbol and over 20 characters long, and have in expire on a very short time frame. For starters.

Lock down the machines so no "new" software not totally vetted is able to be installed.
Damm this list is endless, more to the point what have you already done? VPN? DMZ? Honeypots? Intrusion detection? Scanning? Packet Capture? logging and real time monitoring?

http://www.sans.org/aboutsans.php > Specifically Security Reading Room
constantly boneup and run wargames, to get attention, have vulnerable networks compromised from an internal teams with only limited info

[retoor]

It is really scary to think that the U.S. Military doesn´t do more in order to protect their information! If it really is that easy, why don´t you hear about it more? Think ppl is to scared to try it the U.S. Army networks?

[souleman]

I love how the guy blames it on the industry. Maybe if the government would stop buying NT machines then Microsoft would be forced to make a more secure product. As far as their solaris and HPuX machines, if they would implement patches once in a while, it would be a lot better. Although a good portion of their security problems is with very poor policies.