Interview with Marcus Ranum
I normally wouldn’t post something that has been linked of off Slashdot, however I really enjoyed reading Marcus’s interview and rants on computer and network security.
I was introduced to firewalls by someone who was of the “Proxy firewall” school of thought versus “Packet Filtering”. The
first firewalls I setup/used were Marcus’s firewall products (specifically gauntlet, and the older TIS Firewall Toolkit).
I was introduced to the concept of firewalls and network security in an environment where security policies were taken
very seriously and outbound traffic was scrutinized just as much as inbound traffic and we took the “If it is not
explicity allowed then drop it” approach.
Little did I know at the time, this was the exception not the norm. My first role where dealing with security was part of
my job was in what was probably the most security focused/minded environment I have worked in to date. I have spent loads
of time after that job convincing the people I work with that this is something that needs to be part of their process,
business, and lifestyle.
Anyways, this interview inspired a little walk down memory lane for me.
"I believe we’re making zero progress in computer security, and have been making zero progress for quite some time. Consider this: it’s 2005 and people still get viruses. How much progress are we making, really?"
Interview with Marcus Ranum
I normally wouldn’t post something that has been linked of off Slashdot, however I really enjoyed reading Marcus’s interview and rants on computer and network security.
I was introduced to firewalls by someone who was of the “Proxy firewall” school of thought versus “Packet Filtering”. The
first firewalls I setup/used were Marcus’s firewall products (specifically gauntlet, and the older TIS Firewall Toolkit).
I was introduced to the concept of firewalls and network security in an environment where security policies were taken
very seriously and outbound traffic was scrutinized just as much as inbound traffic and we took the “If it is not
explicity allowed then drop it” approach.
Little did I know at the time, this was the exception not the norm. My first role where dealing with security was part of
my job was in what was probably the most security focused/minded environment I have worked in to date. I have spent loads
of time after that job convincing the people I work with that this is something that needs to be part of their process,
business, and lifestyle.
Anyways, this interview inspired a little walk down memory lane for me.