Quick Links
Contact Us
Computer Science DepartmentSwarthmore College
500 College Avenue
Swarthmore, PA 19081
Phone: 610.328.8272
Fax: 610.328.8606
Email: info at cs.swarthmore.edu
Copyright 2009 Swarthmore College. All rights reserved.
Talk by Hal Pomeranz
The Consensus Approach to World-Wide Computer Security ImprovementMonday, Nov. 22
4:30 pm, SCI 240
Abstract
Computer vendors have historically shipped systems in a "wide-open" default configuration. This leads to significant problems when these systems are connected to "hostile" networks like the Internet. Compromised systems are trouble not only for the organizations that own them, but also for other organizations that are attacked from the compromised machines.
The approach taken by the Center for Internet Security (CIS) has been to get broad consensus on a set of "minimum due care" security standards across a wide spectrum of government, commercial, and academic institutions. Having agreed on a "standard", economic pressure can then be brought to bear on the computer system manufacturers and resellers to change their "default" configuration. We become the rising tide that lifts all boats.
Come hear about the problems that led to the creation of CIS, the free guidelines and tools we've created, our successes with major vendors, and where we're going in the future.
Biography
"Hal Pomeranz '89, is an independent computer security consultant and lecturer. Recently, he's been spending much of his "free time" developing Unix security standards as part of the CIS effort. This has been the most difficult yet most rewarding task of his career."
"SAGE is a suborganization of the USENIX Association. Its goal is to advance the status of computer system administration as a profession, establish standards of professional excellence and recognize those who attain them, develop guidelines for improving the technical and managerial capabilities of members of the profession, and promote activities that advance the state of the art or the community."
In 2001, Hal won the SAGE outstanding achievement award "for his exemplary contributions as an educator of system administrators, through works such as the Perl Practicum series, and for his years of leadership in the system administration community."