A presentation entitled The Current State of Network Security is available.
A paper entitled “Some Thoughts on Computer Defense for Small Business” is available.
A paper on “One Page Checklist for Securing and Cleaning a Malware Infected Windows PC” is available.
More technical papers...
The current state of network and computer security can be described as abysmal. Computational infrastructure is now critical to all local and global personal, economic, and regulatory activity. Yet despite millions of dollars in federal, private and university based research and development, the tragic fact is that entire networks, businesses, communities, nation-states and even countries suffer from damage inflicted from malware or "bad actors". Worse than this, resourced entities that are either state, criminal, or nationalist based (or any combination of the three) have found strong economic and geopolitical motives to sponsor the development of malware and malware based organizations. And these organizations are growing and diversifying in every part of the globe, most especially in impoverished 2nd and 3rd world nations who have turned their keyboards towards more affluent nations like the United States.
The need for comprehensive security in today's digital environments would be less terrifying if comprehensive solutions existed. Unfortunately, this is not the case. Current AV (Anti-Virus) scanners miss critical signatures or develop critical signatures too slowly. Current viral technology exploits anti-forensics, anti-AV, anti-firewall, software poor practices, and "polymorphic" strategies to continually evade detection; thus making even the best automated security products ineffective or subject to exploitation. Worse than this, security is still very much an "add on" to home PCs, businesses, networks, and e-commerce. Most individual PC users and many network administrators do not have the skill to configure firewalls, install and configure anti-virus or detect evidence of malware, infections, and data-loss. A very real and critical adjunct to such a disastrous and (literally infectious) environments are the threats of cyber-attack, cyber-black mail and cyber-war on businesses, corporations, nation-states, and critical (global) infrastructure. Because the networked world of computational devices function anonymously at near light-speed, detection and attribution of malware, attacks, and attackers are as yet critical issues still unresolved.
The hard truth is that complete solutions to network and data security are just not available despite many vendor claims otherwise. At best, thorough ongoing reviews of monitored systems when coupled with updated security vendor products, competent network administration, user training, 'security aware' HR practices, and business strategies that prevent and prepare for loss (of products, patents, ideas, identities, financial information/data) can help mitigate risk to any individual, business, corporate, or state based entity. At worst, unprepared firms of all sizes can see their accounts, financial reserves, and reputations destroyed in very short periods of time. There is nothing that can be reliably promised in the world of network security. But there is everything to lose. The solution to this dilemma for most business is the adoption of whatever affordable and appropriate amounts of risk prevention are available. Who you choose to help you design these solutions is why I am in business. You can contact me at:
RMF Network Security
You can read my blog(s) as I write and code my way towards methodologies, business plans, white papers and marketable services!
Thanks for your time,
Ryan M. Ferris