« Trackback sucks | Main | URLs continued »
March 25, 2003
Internet Security
I had a chance today to listen to a discussion today on Internet security by some of the luminaries of the field. Dr. Steve Bellovin, Mr. Bill Cheswick, and Dr. Avi Rubin were presenting a talk, which was presumed to be about their recent book update and re-release Firewalls and Internet Security 2nd Edition.
Initially, I had expected this to be a propaganda bit to promote the book. In 1994 when the original version came out, I had bought a copy (hard cover too!). This book had taught me an awful lot of the details I was missing in my unix knowledge, and as such I just had to try and meet these two just once and say thanks. Book promotion or not I decided it would be worth the time.
The interesting thing to discover was that the presentation didn't revolve around the book. Instead it was a brief overview of many of the current research areas each is working on. While not heavy on the technical details, the broad overview was to bring people up-to speed in new security concern areas.
Presentation wise things worked fairly well. Each author spoke for about 20 minutes on whatever topic they found of interest (typically their research). This trade off happened, with a fairly clean transition process between speakers. The speakers themselves though were what made the material more interesting. Dr Bellovin and Mr. Cheswick are both entertaining presenters with a dynamic style and lots of good laughs in there. I've heard Dr. Rubin speak numerous times now and while it was exactly what i expected, he did slide some nice jokes in there.
Brief rundown of each speakers topics:
Dr. Bellovin discussed two forms of Internet hijacking that consist of domain name hijacking and routing hijacking. Neither bit went into great detail about the concepts, but rather provided an outline idea for how things could (and do) go wrong.
Dr. Rubin followed up with a bit about security and trust. Essentially his speech boils down to we all place inherent trust in the software we have, but why? What happens when this trust is broken without our knowledge? What about with our knowledge?
Mr Cheswick followed up with a bit about pretty much everything. He did a run through about basic security, BGP security, passwords, WEP, and just about everything else in the alloted 20 minutes.
After all of this though, I never had the chance to shake hands and say thanks to these two. Kind of bummed about that, but at least I did get to hear them present their own ideas in their own words.
Posted by Dan at March 25, 2003 09:12 PM
Comments
Where was the talk? Dr. Rubin is a professor at my school. I almost took his security course this semester, but it didn't fit into my schedule. I heard from a friend he is a good professor and actually seems to enjoy what he teaches (unlike many I've had).
Glad to see you found the talks interesting as I have been to a few and found many of them to be very dry without the jokes to break the ice.
Posted by: Erik at March 25, 2003 11:39 PM