However, a common mistake is to think that if you contract an automated vulnerability scanning service you will offload the infosecurity chores from your staff. Well that is the case if you don't plan to act upon the results of the scans (a bad idea!). But if you do plan to act on the results, then you will face the patch management and distribution problem, which could also be automated, and this means having to decide what to patch and when - and that decision can not be automated without an in-depth understanding of your organization. So, overall a vulnerability scanning service can be of great help to your security if you understand what is the best use for it in your organization.
Wireless networks are more and more replacing the current wired networks. What do you think about the current state of wireless security?
It is very close to non-existent. Wireless security is a very immature field and current solutions are at best 'weak'. I would expect substantial improvements in the next few years. I am an optimist, I believe in people, even scientists, engineers and businessmen are able to learn from past errors and avoid repeating them. :)
What security related books can you suggest to our visitors?
- "Security Engineering: A Guide to Building Dependable Distributed Systems" by Ross J. Anderson
- "Building Secure Software: How to Avoid Security Problems the Right Way" by John Viega, Gary McGraw
- "Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community" by The Honeynet Project (Lance Spitzner et. al.)
- "Honeypots: Tracking Hackers" by Lance Spitzner
- "Computer Security: Art and Science" by Matt Bishop
What should we expect from Core Security Technologies in the future?
You should expect Core Security Technologies to continue providing world-class security expertise in our CORE IMPACT product and our consulting services. CORE IMPACT 4.0 is due out in Q3 2003 and will have some amazing new capabilities.
And we have many other things up our sleeve.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.