I have a deep-rooted hatred for the medical community. Those buffoons in white coats and extra-thick glasses just can’t seem to make their mind up about anything. Asprin is good, then its bad, then it’s a life saver, then it’s the anti-christ. Meat is good for you and then its not. You should exercise moderately, but then none of them can agree what ‘moderate’ is.
A newborn should be made to sleep on its stomach, no no, that increases cot-deaths so it should be the back, errm actually on the side is probably better.
Yeah ok whatever you say Doc, its not like you’re dealing with anything important here!
The result is that you can go to anyone’s house and peek a look in the cupboard where they stash their regular medication and I guarantee it will look like they just raided a pharmacy. The stashes of anti-allergic pills, painkillers, anti-depressants, inhalers… the list just goes on and on. Modern medicine hasn’t made life any better. Its just made us dependant upon a hundred and one forms of medication which have made major pharmaceutical companies very very rich in the process.
Well, this brings me onto the topic of a presentation I attended a short while ago on the topic of virtualisation. It was a very slick and professional presentation and the free tea and biscuits were yum. A lot of the techno-babble just flew over my head and I slipped into a coma for a little while as the geeks droned on about stats. But it all sounded very good and was frantically scribbling notes about how virtualisation would bring security benefits.
Then it hit me. The very same people (well all geeks look the same) had spent the last decade or so convincing people dumb terminals were ancient and the power of the pc bought your applications and power to your desktop. Yet now we’re being told that virtualisation and thin clients (dumb terminals) are the way to go. The mainframe was meant to be dead and buried and it’s components buried in some landfill somewhere, yet it is alive and well. Many lives have been lost in the battle of the network. Is a perimeter necessary? What’ the point in an IDS if no-one ever looks at its output, does anyone even understand the output??
It seems like the security industry is sliding down the same slippery slope as the medical community. Never making their mind up as to what constitutes good security, but have made a lot of product vendors very rich in the process.
Did I mention how much respect I have for the medical community?
#1 by Anonymous on August 20, 2008 - 3:14 am
What do you mean that no one understands the output form IDS logs.
I have spent many hours reviewing IDS logs and hence take offence to your comments. let me simplify it for you.
you get data scrolling up the screen as there are so many ‘intrusions’ detected on a second by second basis. You stare blankly into the screen every time your manager is sitting behind you, to give the impression that you are concentrating and should not be disturbed at this point as you believe you have spotted a pattern. Then you switch tabs to the BBC website to see what’s going on, whilst you manager goes on a break of sorts. As soon as he arrives you switch back to the IDS log and scroll frantically, again giving the impression you know what you are doing and believe you now have evidence of fraudulent activity, as the IDS logs shows you exactly what a perpetrator has done, how much money has been swindled, shows a full audit trial of what they have been up to since primary school and generally, is the key to a successful investigation. Alas, it’s a false positive. 7 hrs have passed, time to go home.
what could be simpler?