Stories by Simson Garfinkel

Keep it simple

One of the hardest things about computer security is making the so-called secure computers easy to use. Indeed, building computers that are both secure and usable is so difficult that many IT professionals believe that security and usability are antagonistic goals that must be balanced.

Signed, sealed and delivered

Few organizations send confidential information on postcards. Credit card statements, medical records, job offers and personal correspondence are invariably sealed in envelopes before they are sent.

Calling for backup

FRAMINGHAM (03/15/2004) - Whenever I'm asked to do a security evaluation, the first question I ask is always the same: "Tell me about your backups." The answers, of course, are all over the map. "Backups? We want you to evaluate our security," is a typical response. Or, "We want to get all of our security set up first." The most common response is something along the lines of, "We back up the important stuff, and we keep our fingers crossed about everything else."

How to secure Web services

FRAMINGHAM (11/11/2003) - Securing Web services is easy: All you have to do is secure your Web server, secure every message flowing in and out of your server, secure every application that has anything to do with SOAP and XML, and secure the business operations and practices driving the whole thing.

Under Attack

Can your systems really benefit from penetration testing?

Ruling over unruly programs

Trojan horses. Keyboard loggers. Viruses. Bad insiders. Bad outsiders. Evil-doers. Perforated firewalls. Corrupt backups. Spam. A few years ago, many security professionals I knew looked forward to the day when the majority of the world's computer security problems were worked out. Back then, we thought that improving security was just a question of deploying technology, providing training and getting people to follow the appropriate procedure. But a look at computer science theory proves otherwise.

What is information warfare good for?

The sky hasn't fallen yet, but it soon may. At least that's been the message repeated for more than a decade by computer security professionals, military planners and multiple blue-ribbon commissions.

This year's hot security tools

If you want to predict the most important information security tools for CSOs in the coming year, just look at the problems that CIOs are trying to resolve today.

[]