This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
Where Are They Now?
Catching up with 10 blasts from the past.
If you hate some of the clichés that are the sole domain of information security, such as the one describing corporate networks as a "crunchy shell around a soft, chewy center," point your ire at Bill Cheswick. He coined the phrase. While you're at it, though, consider that this may be the only debit on Cheswick's ledger sheet.
His contributions to network security are innumerable. A firewall pioneer, Cheswick co-authored the seminal Firewalls and Internet Security: Repelling the Wily Hacker with Steve Bellovin in 1994, and it remains the bible of network security professionals. The first edition sold 100,000 copies, and a second edition was printed in 2003. He also ran a project starting in 1998 with Bell Labs colleague Hal Burch to map the Internet. That data is still used to map routing issues, DDoS attacks and traceback.
"One of the reasons I did it was to get data for the researchers, and there have been papers written analyzing the data we collected," Cheswick says. "I don't know if it's changed the world particularly. The images themselves have been a marketing breakthrough." Cheswick notes the images are prominent
| in some senators' offices and many corporate board rooms.
After years at Bell Labs, Cheswick joined Lumeta Corp., as its chief scientist in 2000, before returning to his roots this year at AT&T Research as a member of its technical staff.
"My legacy was training the first generation of network administrators in security," Cheswick says.
The next generation? Well, for starters, Cheswick isn't so sure the Internet is as broken as everyone seems to think, considering the industry built upon it. He concedes there are security worries, but innovation in Vista and other platforms is a solid starting point. He's also aboard with the notion that the network perimeter is toast and most computers can indeed live without a firewall.
"Perimeter security was an excuse for not securing our hosts, which we didn't know how to do, or couldn't do very well," Cheswick says. "Getting out from behind the DMZ is a paper I have in mind. We have VPNs, stronger host security, crypto, a variety of tools that make us more secure. We're learning that hiding behind a wall isn't such a safe thing."
Cheswick is also aboard with virtualization and sandboxing systems.
"There's lots of commercial and academic activity on caging software. I think we have to do this because basic programs running browsers and mail readers are giant, dangerous programs that I doubt we'll ever get in secure state," Cheswick says. "You want them in a sandbox. My goal is for grandma to click on any site and not have her computer taken over."
Hear the complete interview with Bill Cheswick at searchsecurity.com/10thanniversary.
This was first published in January 2008