|
-
April 27th, 2005, 02:36 PM
#1
 Security for the Paranoid
Is it time to worry when security professionals consider you too paranoid?
http://www.securityfocus.com/columnists/320
Are extreme security measures acting on false threats that don't really exist? Some consider some of my security strategies a bit extreme. I call it meticulous precaution. Sure, the threat might not be real. No one may ever actually want what you have on your PC. But does that really matter? Does the threat have to be real to warrant strong security?
Meticulous precaution, I like it.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
April 27th, 2005, 02:57 PM
#2
Haha that was a great read, thanks. But when you're a security professional don't you kind of "have to be" a bit on the paranoid side? It's those guys that are proactive to security issues that survive and catch less flack than the guys that are running around like a chicken with their heads cut off when one of the unpatched webservers got hacked because someone forgot to change a default password. I do like how he practices what he preaches but he kind of went a bit far (IMO) when he said he uses Terrafly just to see what others can see of him as well as having his PC turned around at all times just to see if there's a keylogger. I think he's watched The Net one too many times. 
And so at last the beast fell and the unbelievers rejoiced. But all was not lost, for from the ash rose a great bird. The bird gazed down upon the unbelievers and cast fire and thunder upon them. For the beast had been reborn with its strength renewed, and the followers of Mammon cowered in horror. -from The Book of Mozilla, 7:15
-
April 27th, 2005, 03:25 PM
#3
I read the posts before I read the article and I thought, "yup it's good to be paranoid when dealing with security issues".
I read the article and thought, "ooh, he gone a bit far".
I got my current job on the back of a presentation I did, one big point of which was security has to be balanced against usability.
There is a lot more to Infosec then pure defensive security. I think this chap has forgotton the CIA triad. Confidentiality, Integrity and Availability.
This guy certainly has established the first 2 but if the information is so difficult to get to that it is nearly unusable then he has failed in providing Availability.
If I put my Pc in a bricked up room with no power or data cables and bury it under concrete the data is very safe and secure but FA use to me.
If he forced all the users in my office to follow what he does I think he'd have an unfortunate accident by the end of week 1.
I wonder if he wraps his kids in tinfoil before they go to school.
-
April 27th, 2005, 03:52 PM
#4
Junior Member
I don't just throw out shredded documents; I spread the shredded bits into my garden to use as mulch.
Gee, he thinks he is paranoid and he dosen't incinerate them first?
It takes five passwords to boot up my laptop and check my e-mail. One of those passwords is over 50 characters long.
This is the only thing I think is overly excesive, i would replace some of those passwords with biometrics or tokens.
Everything else he mentioned, I wish I had the time and money to do on my home network.
-
April 27th, 2005, 04:28 PM
#5
Paranoia and Obsessive-Compulsive disorder are both prerequisites for an IT Security Administrator these days. You never know who's going to hit you, or when, or how, but you know they're after you... Is there such thing as TOO paranoid when it comes to computer security? Never! If I had my way we'd all lock the bloody boxes up in a closet, forever with their switches in the OFF position, and revert to pencil and paper - the only system truly secure from cracking is one that's never put online. Barring that impossibility, we must be the voice of paranoia to our company while finding the happy medium which allows work to take place.
"No Mr. CEO, you aren't exempt from our IT policies. You may leave your dna sample and retinal scan at the door like the rest of us."
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
-
April 27th, 2005, 04:36 PM
#6
I liked the "I use a password that is 50 characters long", think about how long that would take to crack.....
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
April 27th, 2005, 04:48 PM
#7
Junior Member
It would depend on what the password was. I hate typing in my passwords and they are not even close to that legth, he probably spends 10 minutes just logging on his computers.
-
April 27th, 2005, 05:03 PM
#8
I require my kids to use at least 14 character passwords on our home network and I'm considering issuing them smart cards. [...] I don't just throw out shredded documents; I spread the shredded bits into my garden to use as mulch
Um yea the 14 char passwords thats ok but shreding documents and using them as mulch thats just a bit much.
-
April 27th, 2005, 05:13 PM
#9
We have cross cut shredders at work, and its funny when people yell at you for not FOLDING the paper first so it gets cut up even more....
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
April 27th, 2005, 05:17 PM
#10
Originally posted here by kr5kernel
We have cross cut shredders at work, and its funny when people yell at you for not FOLDING the paper first so it gets cut up even more....
Eh? Would that even work? Each part of the paper still only passed throught he shredder once.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote