Hotel concept better than castle concept...

Hi malware fighters,

A browser consisting of several modules and a kernel, old security schemes are left, new are being found up. Internet is becoming more and more malicious, malware gets more advanced and more aggressive all the time. The moment is before us that we are not able to withstand it any longer. Well that is to say, when you hang on to the “castle concept” of organizing your security. What is that all about?

Virtual lords of the castle see their organizations as a lonely building that they can easily manage and defend through a single firewall and av‐software sitting between the evil Internet and the intranet (their own network) – the mighty thick walls, the moat, the bridge of old. Traditional castles do not protect from threats that come in from the air or from below the ground. Every innovation of warfare, like the invention of bombs and the fighter plane, weakened the strength of the castle concept further. In our days and age you cannot use this concept any longer. Information security also undergoes an arms race. The traditional security concept – the ‘castle’ – does not stand against to-day’s and to-morrow’s threats. These attacks will only be more refined, more aggressive, etc.

There is no way around it: the intranet will undergo the same fate as to-day’s Internet. What we are going to do about it? The ‘hotel‐security concept means a way out of this dilemma. Inside a real hotel a lot of rooms form up the public space: the lobby, the reception, the restaurant, etc. The visitors are checked in by the receptionist and security staff. Security service has camera’s installed and detection systems are active all the time watching all that goes on inside the hotel and out. Stricter security is applied where the hotel rooms are concerned, as well as the kitchen, and not to forget the office - you can only go there when you have the full and proper accreditation; so the hotel concept works semi-openly where it can be, and closed firmly where it should. This will be the way information security will go.

Within the hotel-concept every PC and server can be looked upon like as a hotel room protected by a personal firewall, certificates and encryption. Also servers are protected by certificates, host firewalls and authentication application as a second line of defense. Clients and applications are buffered by several demilitarized zones, firewalls neutralizing data traffic.VLAN’s and bandwidth control check on unofficial outbreaks. Intrusion detection and prevention systems ward off attackers and unwanted data traffic, fully automatically designed and working according to well defined rules.

A thing of the future? Come on. Every organization will work according to the hotel-concept of security very soon. Aren’t you feeling more comfy in a hotel room rather than behind the walls of a murky dungeon?

polonus