|
|
Back in the Middle Ages, smiths got better and better in working with iron until they could coat an entire knight with it. The knights thought this made them invulnerable to enemy arrows. It did-and then the enemy invented crossbows and (later) muskets. With enough iron on them to stop bolts and musket balls, the knights couldn't move-so much for armor.
The very process of technology is one of continual improvement. Hardware and software doesn't spring fully formed from the brows of inventors. Ideas grow and are improved over time. What this means, however, is that any given technological moment (remember the 486? Lotus 1-2-3?) will be transcended-and replaced-by the next. This is especially true of computer security. A computer system or network may be considered 'secure' because it takes a long time for someone to break into it. A long time- today. Next week, heh-all bets are off.
There is a way of breaking into a computer or a network called a 'brute force attack.' (I'll talk about it in detail later in this book.) Without getting too technical right here, it basically means trying passwords until one works. When it takes a 486-33 eighteen months to mount a brute-force attack against a network, you can forgive someone for considering that network secure. However, a modern Pentium 4 running at 2.1 GHz can try a lot more passwords in a lot less time, and might break the same network in five hours. Now it's not so secure…
Being able to trust a security system last year says nothing about being able to trust it next year. The job of securing a computer or a network-or anything else-is never 'done.'
|
|