Previous month:
October 2013
Next month:
December 2013

November 2013

Collected Thoughts on Security Architecture Evolution

Ed Amoroso's InformationWeek article, The New Security Architecture, looks at the subject of eliminating firewalls from a different perspective than my post, Eliminate Firewalls? but with similar conclusions and recommendations: collapse defenses around your data or assets, harden your organization's (mobile) endpoints, and look carefully at emerging cloud offerings, especially identity and access management as a service (IDMaaS), to see if these can improve your security profile.

 

Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.Over the past 18 months, many corporations have been forcefully introduced…

 

 

Continue reading "Collected Thoughts on Security Architecture Evolution" »


What's Next for Block Listing?

Spamhaus Shows What's Next For Block Listing
(via InformationWeek)

The broad, silent acceptance of a recent Spamhaus blocking action is a strong indicator that the rules have changed in the battle over spam and other kinds of email abuse. Last month, Spamhaus placed an entire IP address block (113.96.0.0/12) of the Chinanet Guangdong province network, the data communication division of China Telecom, on the Spamhaus Block List (SBL).

This was no small or inconsequential act. SBL users began to block email traffic originating from addresses within the Chinanet-GD allocation. Unsurprisingly, Chinanet-GD quickly took notice and worked with Spamhaus to clear the listing.

But what I find most interesting about this rapid chain of events is that the blocking action seems to have been accepted without public outcry or condemnation. Instead, Internet users and private network operators using the SBL appear to be saying tacitly, "We are exhausted trying to deal with the problems providers create for us on an incident-by-incident basis. We are convinced by your inaction that you are unwilling to remedy the problems you create. We are unwilling to remain at risk through your inaction. And so we will no longer trust you or any party whom you serve."

Continue reading "What's Next for Block Listing?" »