Risky Business #110 -- Industry pioneer Nir Zuk, Gumblar, PCI lawsuits and more
Thu, 06/04/2009 - 16:09
This week's show is hosted by Vigabyte and brought to you by Sophos.
On this week's show we chat to an industry pioneer, Nir Zuk. He's widely credited as the creator of the first stateful inspection firewall.
These days he works for the company he founded, Palo Alto Networks. We're chatting to Nir about his thoughts on security technologies -- everything from firewalls to IDS to DLP.
Fri, 06/05/2009 - 12:51
#2
Devils advocate
@Switchblade.Kult: I don't think they completely missed the point. Saying it comes back more to the openess of the actual disclosure proceedings. This will always be difficult as there will always be a market for 0-days.
Let me play devils advocate. I am a big proponent of OSS, I am a member of Ubuntu-au and occasionaly attend a Linux users group. But just because something is open source doesn't make it secure, and just because something is closed source doesn't make it insecure.
-Open source has the either real or imagined advantage of the many eyes looking at the source, and the speed of patching. Shorter release cycles, and usually a more global team that is basically awake 24x7.
-Close source has the stability of greater testing (usually, take MS that test their final releases on thousands of machines in the lab then huge beta groups), and a defined patch cycle to keep that stability. As we know stability issues can lead to compromise.
There have been bugs discovered in closed source that sit for a long time, the recent Windows smb bug that was patched for example. Then again there can be bugs that sit for a while in OSS, or aren't even noticed, the infamous debian-ssh bug was there for two years.
On the more security front, closed and open source do continue to backport patches for a while. But they both tend to give up after a while. This is where OSS has the advantage as you can simply hire someone to patch some old code. You would probably have to throw a bit of money at MS to support win 3.11 now-a-days.
@Patrcik: I like the podcast and almost completely agree with Paul, I think OSS tends to lend it self to full disclosure more often than closed source.
I found it interesting what Nir Zuk was saying, packet filtering based on content has been around for a while. You can do it in ISA for crying out loud, I had a client a while ago where I blocked the MSN traffic over port 80 by blocking the ip header, push out the ISA servers SSL cert and you can even block specific data tunneled over https...
I don't agree with Nir in regards to firewalls or IPS, they do a job, they aren't dead. Yes everyone has them so they are less effective. But every car has seatbelts, just beacuse less people die from crashes shouldn't mean we can ditch the seatbelts.
I think you guys missed a key point on which is more secure of the open source or closed source. What you guys talked about is initial security. While I think that is important I don't think it is really what you need to really focus on because as you discussed there is no clear winner either way. The problem with closed source code is it is only up for review by the internal developers and if a bug is found you have to wait on the owners of that code to fix it. With an open source solution, even if it isn't as secure as a closed source project initial, given enough time it will always become more secure than a closed source solution. It is more likely a bug will be discovered and more likely it will be fixed quickly than with closed source. How frustrating must it be to discover a bug in a closed product and see them sit on it for over a year when you could have just uploaded a fix yourself in a week?