Thursday, May 19, 2005

Richard Clarke Knows the Drill

The latest edition of SC Magazine features an interview with Richard Clarke titled Failure must be a part of the plan. Hallelujah, someone with a wide speaking forum understands that prevention eventually fails. I saw Mr. Clarke speak at RAID 2003 and I was impressed by his thoughts back then. Here is a quote from his interview, with my emphasis added:

"'The first thing that corporate boards and C-level officials have to accept is that they will be hacked, and that they are not trying to create the perfect system, because nobody has a perfect system," he says.

In the end, hackers or cyberterrorists wanting to infiltrate any system badly enough will get in, says Clarke. So businesses must accept this and design their systems for failure. This is the only sure way to stay running in a crisis. It comes down to basic risk management and business continuity practices.

'Organizations have to architect their system to be failure-tolerant and that means compartmentalizing the system so it doesn't all go down... and they have to design it in a way that it's easy to bring back up,' he says."

Preach on, Mr. Clarke!

The same SC Magazine issue featured a review of the Innominate mGuard PCI, pictured at left. This is a PCI card with two NICs and an on-board firewall. You connect the NIC of your PC to one of the mGuard's interfaces, and connect the other mGuard interface to your access switch. I like the idea of offloading firewall functionality into another device. You're getting the benefit of per-host access control but you are not tied to the weaknesses of the host operating system. I just emailed Innominate asking for a demo card. If I get it, I will review it here.

I am aware of similar products from 3Com, but as far as I know they are not stand-alone units. They require central management, which involves buying an expensive software package. That is overkill for my situation.


Anonymous said...

I've seen a vendor package this in their product.

Richard Bejtlich said...

Thank you for that link. The comparison chart pointed me to similar products by other vendors.

tweedledeetweedledum said...
This comment has been removed by a blog administrator.