We will bankrupt ourselves in the vain search
for absolute security. — Dwight D. Eisenhower
If you want total security, go to prison.
There you're fed, clothed, given medical
care and so on.
The only thing lacking... is freedom. — Dwight D. Eisenhower
The world is never going to be perfect, either on-
or offline; so let's not set impossibly
high standards for online. — Esther Dyson
He that breaks a thing to find out what it is has left the path of wisdom. — Gandalf in The Fellowship of the Ring
Few persons can be made to believe that
it is not quite an easy thing to invent a
method of secret writing which shall baffle
Yet it may be roundly asserted that human
ingenuity cannot concoct a cipher which
human ingenuity cannot resolve. — Edgar Allan Poe, in "A Few Words On
Secret Writing", Graham's Magazine,
From a practical standpoint the security problem will
remain as long as manufacturers remain
committed to current system architectures,
produced without a firm requirement for
As long as there is support for ad hoc fixes
and security packages for these inadequate
designs and as long as the illusory results
of penetration teams are accepted as
demonstrations of a computer system security,
proper security will not be a reality. — Roger Schell in the USAF report
Preliminary Notes on the Design of Secure Military
Computer Systems, written in 1973
He who fights monsters should see to it that
he himself does not become a monster.
And if you gaze for long into an abyss, the
abyss gazes also into you. — Friedrich Nietzsche in Beyond Good and Evil
This page remains under construction,
just as your information security policy should.
These pages are intended to provide some background for
the courses I teach, listing the references and URLs
for various tools, studies, and other issues that come
up in courses.
Plus, of course, once I have these pages I no longer have
to try to remember specific reference details!
Also check out
information assurance research and development group
and their resources at
Remember that installing some tools,
and even taking security quite seriously on an on-going basis,
does not make you secure!
There is no such thing
as a completely secure system.
Hence some lawyer repellent, er, I mean, disclaimer:
The following are no more than suggestions.
There is no guarantee that they will
make your system secure.
Mention here of a commercial product is by no means an
endorsement — I'm just trying to direct you to
several available tools, and I may have only one
such example handy right now.
Use this information as a tool,
in addition to what you have already learned.
Internet threat warnings
I find these to be helpful sources of information on
current events and trends: