how much is enough?
Results 1 to 8 of 8

Thread: how much is enough?

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    18

    how much is enough?

    How much security is enough? Is it worth the electronic equivalent of the presidental security squad to protect the local phone directory on your harddrive; obviously not, but when does the buck stop?

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    That is like asking how much money is enough? I guess when you feel secure it is enough, although that is a very bad thing to say. If you go out and download every exploit known to man and run them against your computer, and nothing happens, then I would say you are almost secure. New vulnerablilies are always going to be discovered so you can never have enough security because your security will always become outdated at some point.

  3. #3
    Developer Extraordinar
    Join Date
    Jul 2002
    Location
    Internets
    Posts
    571
    I'd say there is no such thing as "enough security" as h3r3tic said there are new expliots, virsus ever single day for many different programs, and alot of the time, firewalls arn't enough, I'd say it's best to always be looking for ways to secure your self both phycially and other wise.

    PS. I do believe LoggOff is working on a tutorial on physical security for Unerror.net I'll post the URL to it, once it is finished.

    MB
    Come to UnError.com

  4. #4
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,696
    Enough would have to depend on the system. As has been constantly mentioned throughout posts on this site, there is no way to completely secure a system except for completely shutting off power.

    In my opinion, a personal system with a good firewall, current AV, and all necessary updates is secure "enough." There is no way to stop a dedicated (as long as they are skilled) intruder. Eventually they will find a way.
    Real security doesn't come with an installer.

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    142
    well i agree with h3r3tic and D0pp139an93r ... Nothing is safe in this world..every new day the sun rises with someone's eyes thirsty for sleep, working all night, resulting in some new discovery and that could be a security threat like MS Blast or Sobig.F.. Sometimes, i just think that people have such a great passion for this subject, and it excites me. I believe that this subject will keep on progressing every passing day. Hats off to all nerds out there, they are the one who put their blood and sweat in the field to make it a moving on.
    In a nutshell, nothing is secure coz there is no limit to human intelligence, I believe.

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Posts
    111
    Capitalizing the point on what everybody has said in this thread....
    THERE IS NOT A PINNACLE POINT OF SECURITY
    This also goes without saying that ignorance, in this case, is not bliss. Ignorance can definately hurt you.
    Creating further mindless stupidity....through mindless automation.

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Actually, it's often said that once the security costs more than the risk (usually determined in a risk analysis). There are some values that can be used to determine the cost of the risk (SLE and ALE) and if the cost of the protection are beyond that (say the risk is only $500 but it costs $1,000,000 to protect) then the cost isn't worth it.

    Single Loss Expectency(SLE) = Asset Value(AV) X Exposure Factor (EF)
    Asset Value = the value put on the asset. Can include but not limited to hardware, software, admin time to bring back into operation, data value (hard to estimate in value)

    Exposure Factor = the % of risk to the asset (aka, how great will this impact on the asset). e.g., a virus will only do 50% damage

    SLE = basically, what I can expect to lose in a single event or attack. (remember that events include things like fires, theft, terrorism, viruses, user stupidity, etc. It is whatever will stop a server or other asset from doing it's intended role)

    Annual Loss Expectency (ALE) = SLE X Annual Rate of Occurance (ARO)
    SLE is explained above.

    Annual Rate of Occurance = how often in a year will this happen. The values go from 0 (never) to 1 (every year). e.g., Windows users have an ARO of 1 for viruses; Unix users might have an ARO of 0.01 (it may happen but extremely rare).

    ALE = if this occurs every year, what will it cost us? This can be more or less than the ALE value. The cost of protecting the asset yearly shouldn't be too much greater than the cost of experiencing a loss.

    Hope that helps.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Junior Member
    Join Date
    Jun 2003
    Posts
    14
    MsMittens is 100% correct. That is the way to determine "How much is enough"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •