Welcome to Volume 4, Issue 13 of The Internet Security Conference Newsletter, Insight. Insight provides commentaries and educational columns, authored by some of the best minds in the security community.
TISC is about sharing clue. So is this newsletter. We promise to provide something useful each issue. If we don't, flame me. If you like the issue, let us know!
Enjoy, and be safe,
Many of you have inquired about the future of TISC. We've reviewed dozens of business models and watched the carnage wreaked on our industry in general and conferences in particular, and we've concluded that we should take a brief hiatus until business conditions throughout the technology sector improve. We'll run TISC again when we can deliver the kind of top-quality event that you expect and deserve.
Thank you for your continued interest - we hope to see all of you again next year!
During our hiatus, we will of course continue to publish Insight. We will also continue to offer security workshops through our OnSite training program. And we will continue to maintain our Security Resources list and on-line Security Bookstore.
During July, we asked Insight readers to describe their secure email methods, if any. The results have been tabulated and they are interesting and somewhat predictable:
# Respondents Question
20 I do not use anything to encrypt my email.
11 I use PGP to encrypt my email.
12 I use S/MIME to encrypt my email.
10 I use another secure mail product to encrypt my email.
It's predictable that a higher proportion of TISC readers, who are mostly security professionals, use secure mail than the general mail population. It's interesting and perhaps telling to note that no single secure email solution dominates. It's a good bet we won't be encrypting Insight any time soon, however...
Time for a new question. InStat/MDR recently published the results of a survey of VPN trends and futures. The report claims that "an impressive 90% of surveyed large US organizations (1000+ employees) either currently deploying an IP VPN or planning to do so within the next two years." The report also has one of my favorite technology trend graphs forecasting IP VPN services revenues as a "so-so market today about to exponentially grow to billions of dollars real soon now".
Hey, like many folks, I'm happy for any news and speculation that might kindle an economic turnaround. But I spend too much time exchanging mail with security curmudgeons. Is VPN deployment a global "given" by 2006?
You tell us, and we'll report back to you. Visit http://www.tisc-insight.com/poll.html to participate in this one-question survey:
When will your company deploy an IP VPN?
[a] We already have one deployed or under development now.
[b] We have one in the budget for 2003.
[c] We might get around to it before 2006.
[d] Not bloody likely that we'll ever invest in one.
As always, we respect your privacy - our poll gathers no data other than your vote.
August and author compliancy to writing deadlines mix like oil and water. Based on the comments and compliments received, I'll leave you today with a list of recent columns that are well worth reading or re- reading:
Issue 10, July 2, 2002, Stopping Wi-Fi Intruders, Lisa Phifer, Core Competence
WLANs are everywhere, and everyone worries about security. Lisa's column received lots of compliments when posted here and as a WatchGuard Live Security Service article.
Issue 3, February 15, 2002, Legal Liability and DDoS Attacks, Jeffrey Matsuura, Alliance Law Group
Worried about legal liability associated with DDoS? Jeff highlights basic actions that network operators can take to reduce their risk and enforce their rights.
Issue 23, December 17, 2001, Exploiting and Protecting Oracle, Pete Finnigan, PenTest Limited
I know, I know... Larry assures us that Oracle's uncrackable. Pete's column is still worth the read even if you are entirely comforted by Larry's confidence in his product.
Issue 14, July 27, 2001, Securing the Apache Web Server, Rik Farrow
Apache's had its share of vulnerability reports recently, but it's still the most widely used web server. Like every other security matter, Jeff Schiller's rule "Clue is a constant" still applies. Lots more apache admins means dilution of clue. Rik's forgotten more about securing Apache than I'll ever learn.
Hope you find these reads helpful. Have a good summer. See you... In September.