How many here practice what they preach?

[Und3ertak3r]

hmmm..

after Gore's description I am left to shame..

when it comes to compared to work.. my home system is more secure.. (one my home ADSL modem /router has a basic hardware firewall) .. have IE security to max, set FF as default on All machines.

I have one box that is setup like how I prefered my girlfriends when I was a teenager (Insecure and easily penitrated), it lives either on the orange of the smoothy or on the red.

so in that regard I have one machine that is definatly less secure than any of my work or customers PC's..

As for physical security.. Home wins again.. Mrs Undies dont like nor will she go near the PCs with out being there.. and strangers dare not cross mrs undies (hell I dare not cross Mrs undies)..

[gore]

Originally posted here by chsh
So with all that gore, (btw, thanks for providing a map of your defenses) you'd give me root on your boxes after I stole them all?

Actually I'd give you an account if you wanted. You're one of the few I'd give it to though. I didn't list ALL defenses, though I maybe did list more than I should have


I just now got home from the ER. My Ankle is fuxxored and.... I got a shot of Moprhine and Visterol And some Lortabs for tommorrow. It rocks

I love you all

Ich Liebe Du Alles.

[gore]

Originally posted here by catch
Hmm gore, that seems a little overkill, considering that I, true to form use no firewalls, malware scanners, and patch my system as often as my work does (every few years if a new application requires it). As for physical security Mike and Maddie (100lbs and 70lbs American Staffordshire Terriers respectively) have that covered... in reality I think they might attempt to lick an intruder to death, but they looks scary.

I guess I am past the "fun" phase of this field and am at the "if it ain't broke, don't fix it" phase.

cheers,

catch

Catch, remember I don't work in IT though.

I work on cell phones and when it's not busy, Quake and Doom. The way I'm looking it over, if I can do this at home, it can become a habit so I don't screw up as much when I finally get into IT. I think you could agree with me there that at least, it's good practice.

LOL, Ask Horsey about my encryption My key is biggers than youuuuuurs.

As for dogs they don't bother me, there are poeple in this Earth who can hold back the scent of fear and make it easy to get in. You could put a mountain lion at your door, and if you offered the right price I'd probably get past it.

I didn't type all this out though to make anyone feel bad, so sorry if I did, but I want to know I know how to do this properly.

HEh, now if you'll excuse me, Quake + Morphine = WOOT.

Oh, I'm not hurting much right now either hehe.

Actually, Chsh, you've given me an idea. We could set up a little war game on AO! Pooh did this before and I think it could be fun. It would be a fun discussion, and we could test who really has taken some time but not in the way it becomes a pissing match but like, set up a box to let people try to get into and if Jupiter gets involved maybe have a prize for whoever's box doesn't get owned.

[catch]

See... my security is based on the concept of "What costs the least amount to implement and even more so to upkeep that will mitigate at least the minimum amount of risk this system requires?"

A wargame would be fun... but I think the rules should require that each participant completely publish every step they followed from default install to the entered configuration, if it can't survive the attacker knowing everything about it, it ain't secure.
Each system should be kept online without administrator modification for 3-6 months, if it can't survive that long without patching, it ain't secure.
Attackers should be granted access to the administrative account (u/gid:0/sid:S-1-5-21-XXXX-XXXX-XXXX-500) which should retain all of its permissions (though perhaps not its privileges) again, if the system can't survive this, it ain't secure. (can you say "rouge admin?")

Keeps it more sporting that way, not to mention an excellent educational opportunity. Anything else is just a matter of what new exploit comes out first.

cheers,

catch

[Spyrus]

Unfortunately my network isnt as secure as it could be but on that same hand I dont do anything that I really need to worry about. I have one hard wired system that is locked down running its own firewall and such for any purchases or billing I have to follow. Then I have a wireless router that the only thing I have changed on it is the default password. no WEP or anything else running, but then again if anyone ever got close enough to my house to use my wireless I would know about it and they wouldnt be able to stay around for long enough. All computers keep patches up-to-date and regulated/automated virus and spyware scans

[XTC46]

I dont need my home computer to be locked down as tight as the network I work on. So I just do the basics. Patching, AV, Software firewall. Things like strog passwords are habbit so I do that always. But my work has the money to dump for high end hardware firewalls, better networking equipment, and has paid staff (like me) to lock things down.

[okay]

I'm an idiot and don't work in IT. But I do like Windows and IE - use both nonstop, don't use an AV and think Linux is a fashion trend for wannabe geeks. I use WiFi, at times with WEP, but mostly without, save passwords and even write them down on paper if I forget them. Basically, a monkey with some time could break into my computer. But who cares? What are they going to get? My e-mail password? A list of Google searchs I've done? Bah at you internet security nutheads... majority of you that like me don't shop online and keep personal stuff off your computer should pull off your tin foil hats and put on your pirate hats... yar mateys!

[Tiger Shark]

I'm an idiot

Well, I think you made that abundantly clear......

[XTC46]

I'm an idiot and don't work in IT. But I do like Windows and IE - use both nonstop, don't use an AV and think Linux is a fashion trend for wannabe geeks. I use WiFi, at times with WEP, but mostly without, save passwords and even write them down on paper if I forget them. Basically, a monkey with some time could break into my computer. But who cares? What are they going to get? My e-mail password? A list of Google searchs I've done? Bah at you internet security nutheads... majority of you that like me don't shop online and keep personal stuff off your computer should pull off your tin foil hats and put on your pirate hats... yar mateys!

but when your ISP cuts your internet connection out of nowhere one day becasue it seems your IP is a major participant id a DDoS, or a major spam distributor, then im sure you will say that its not your fault.

[The Grunt]

I'll put it this way: If I worked in IT, and someone had computers secured as well as my home computers are, I would fire them :P I keep em safe from viruses, worms, adware, etc, but I'm not worried about having it so secure that it's incredibly hard to get into... I've got a software firewall with decent rules that will tell me if I've got a RAT or backdoor or something of that sort, and that's enough for me...