Security is Broken

Security is Broken
Rik Farrow

Citation
Rik Farrow. "Security is Broken". Talk or presentation, 31, August, 2007.

Abstract
Our computer security model is broken. Worse yet, it never really has worked ... all certainly desktops and laptops, but also most servers. The current security model was not designed to protect users from themselves, and this goes a long way towards understanding why security is so difficult. I end by looking at strategies for improving security -- but no real solutions. The point is to start thinking outside of the box, while adopting best practices today. What we have done in the past has not worked, and can not work. We need to look at the security model in a new way, and that is the real point of this presentation. Bio: "Rik Farrow provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984, and with TCP/IP networks since 1988. He has taught for NASA, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, CSI, USENIX, and for many US and European user groups. Farrow also consults with firms in the design and implementation of security applications, and works with organizations to create secure firewalls and Internet facing servers."

Electronic downloads

http://www.rikfarrow.com/broken.pdf

Citation formats

HTML

Rik Farrow. <a
href="http://www.truststc.org/pubs/156.html"
><i>Security is Broken</i></a>, Talk or
presentation,  31, August, 2007.

Plain text

Rik Farrow. "Security is Broken". Talk or
presentation,  31, August, 2007.

BibTeX

@presentation{Farrow07_SecurityIsBroken,
    author = {Rik Farrow},
    title = {Security is Broken},
    day = {31},
    month = {August},
    year = {2007},
    abstract = { Our computer security model is broken. Worse yet,
              it never really has worked ... all certainly
              desktops and laptops, but also most servers. The
              current security model was not designed to protect
              users from themselves, and this goes a long way
              towards understanding why security is so
              difficult. I end by looking at strategies for
              improving security -- but no real solutions. The
              point is to start thinking outside of the box,
              while adopting best practices today. What we have
              done in the past has not worked, and can not work.
              We need to look at the security model in a new
              way, and that is the real point of this
              presentation. Bio: "Rik Farrow provides UNIX and
              Internet security consulting and training. He has
              been working with UNIX system security since 1984,
              and with TCP/IP networks since 1988. He has taught
              for NASA, Department of Justice, NSA, US West,
              Canadian RCMP, Swedish Navy, CSI, USENIX, and for
              many US and European user groups. Farrow also
              consults with firms in the design and
              implementation of security applications, and works
              with organizations to create secure firewalls and
              Internet facing servers."},
    URL = {http://www.truststc.org/pubs/156.html}
}

Posted by Christopher Brooks on 1 Feb 2007.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.