InfoSeCon 2006 Thoughts

InfoSeCon 2006 conference is over. It was really great conference with unique atmosphere. The opportunity to talk in length to other speakers and to share the ideas was priceless. I also appreciate that the conference was vendor-neutral. That's something that we cannot see that often in our longitude. It was unquestionably the best conference I've attended in Central/East Europe.

The presentations and discussions with other attendees provided a lot of insight and tons of material for toughts. I will follow up with more in depth meditations later. Now I only want to present the overall "look & feel".

Marcus Ranum perfectly summarized current state of information security in two words: "all sucks". That's exactly what most of the presentations were about (including mine) - at least partially. Firewalls do not really work, workstations are insecure, it is really difficult to get the security management processes right ... nothing really helps. But what is even worse: nobody really know what to do about it.

There was a lot of good presentations focused on methods to get the security processes right by the "risk managament" folks. Marcus Ranum talked about the fallacy of "generation 2" and "generation 3" firewalls, while hinting about what went wrong and what can be done about it. There was an excellent presentation by Vince Gallo describing the promise and limitations of security system of Windows Vista. But one way or another, no satisfactory short-term solution seems to exist.

Maybe we should call this the "Security Crisis" ...
(gee, I hope haven't I just created a new buzzword)