Interview: Ira Winkler, author of Spies Among Us
David Geer recently spoke with Ira Winkler, author of Spies Among Us. Winkler is also the President of Internet Security Advisor's Group and a former employee of National Security Agency. Following is an edited transcript of that conversation.
You may also listen to the original interview here, or visit our Podcast Center for more audio interviews.
David Geer: What single theme defines you with respect to how you approach security issues?
Ira Winkler: I look at security much more as a process issue. A lot of people tend to say it. I've kind of lived it ... where it doesn't matter to me what sort of process controls or what sort of technical controls are in place. It's the use of the technical controls or the operational controls that actually make a difference with regard to security. You could add the best technology in the world, but the best technology in the world, not used properly, becomes completely worthless and works against you because it gives you a false sense of security. I [also] don't look at computers for the sake of computers. Computers are generally useless. What's valuable about computers is that the information or services they provide. I don't even approach security as trying to make computers secure. I look at security as a way of protecting information as a whole. Another thing that kind of makes me unique is the way I look at things in general. I try to look at the very basics of security, [and] how can [the basics] either be compromised or how can they be better secured?
Geer: You've done security work for the government and you've done it for public corporations. What kind of issues actually appear in both the corporate and government worlds -- things that people might actually be surprised or shocked [to learn]?
Winkler: It all still comes down to the basics. There's a lack of basics inside the government, like there's a lack of basics outside the government.
Unsecured web servers, for example, have been a major pain that's caused a lot of information leakage and a lot of embarrassment. Ways you set up and give out information. Private companies don't have good policies in place in much the same way that we've seen leaks in the Federal Government, because again, the processes and the policies in place are not really that great.
It's the little thing[s] that allow the most sophisticated attacks to be big. So when we see loss of information about individuals in the government, we see it in the private sector as well. And when it happens in the private sector, that information then involves many, many more people than the leak in the government. So that's one issue. But I've also seen cases in the private sector where, for example - you know, I've seen foreign intelligence agencies target companies and corporations. In one
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
