[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Since crypto is often legally equated with arms, for reasons we all know,
the same analogy can be used to promote it.
M-16s & AK-4*s did not get on the market because there was a demand from
independence-seeking individuals that wanted to protect their personal
space, right ?
They got there because there was a massive demand from all over the world,
from peace-loving governments.
So crypto must become essential to these big businesses in order for
everybody to get it.
Now the strategy becomes simple: make it obvious that the only way to
protect information assets is to use encryption. In other words, force
the two-way choice: either use encryption or do not use computers.
The first targets are firewalls, which are synonymous with security in
the little brains of MIS professionals. If firewalls prove worthless,
what can be done to have security and connectivity ? One answer is
running all important sessions in IPSec-like fashion, leaving no ports
open for plaintext traffic (except http clients ... stripped of all
java/active-x nonsense.) The harder part is securing OSes against
cretins that execute e-mail attachments, but that is another rant.
(How to break firewalls ? Easy - use technology deployed with back orifice
clients that install it in virus-like fashion, just substitute bo with
http tunnelling client, and with some luck you will soon have cooperating
agent inside firewall that will happily relay any tcp/ip traffic that you
want. I am not advocating illegal break-ins, just pointing how easy it is
to pass the firewall.)