Internet Age: Why Security Architectures Fail (The Story of the Maginot Line Under Attack)

No ratings

Presented at BlackHatAsia 2000 by

Pierre Noel

Why are so many companies, organizations and agencies regularly hacked? Some of these regularly hacked organizations have however invested huge amounts in crafting their IT architectures. Security products, both hardware and software, are available off-the-shelf. Some of them underwent strong security certifications, and they are widely used in the Internet, even by the companies mentioned above. So, what's wrong with the strategy? In a 1998 survey on the 'barriers and inhibitors to eCommerce,' four out of the five most important inhibitors were security-related; the same survey in '99 showed these security-related inhibitors pushed back to rank 20 to 50! Does this mean that security is no longer an inhibitor to eCommerce? Or does this imply something else? Prior to the second World War, the French Army erected the Maginot Line to protected themselves against invasion. Pride of the nation, the Maginot line proved to be totally useless, and the invasion of France took place at a very rapid pace. Can we possibly transpose this story to the IT world? With a series of 'field' observations, Pierre will discuss the reasons for security weaknesses, and derive simple paths to reducing these exposures.