The Six Dumbest Ideas in Computer Security

dahamsta

The Six Dumbest Ideas in Computer Security

There's lots of innovation going on in security - we're inundated with a steady stream of new stuff and it all sounds like it works just great. Every couple of months I'm invited to a new computer security conference, or I'm asked to write a foreword for a new computer security book. And, thanks to the fact that it's a topic of public concern and a "safe issue" for politicians, we can expect a flood of computer security-related legislation from lawmakers. So: computer security is definitely still a "hot topic." But why are we spending all this time and money and still having problems?

Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying "trying to ignore reality." Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don't fully understand the situation, but other times it's just a bunch of savvy entrepreneurs with a well-marketed piece of junk they're selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them.

For your convenience, I've listed the dumb ideas in descending order from the most-frequently-seen. If you can avoid falling into the the trap of the first three, you're among the few true computer security elite.

[...]

.....

smeggle

That was excellent! And so very true lol

I especially liked this page Link

He missed one of the 'Dummest' - Anyone using 'Outlook Express' - Now that is just Dumb .. ROFLMA

In fact anyone who uses a Download agent fits that category...

Think about it - you open good old outlook, log on to your e-mail and download merrily away. I could have allready put arbitary html code to resolve an executable the minute it's opened - Accidentally or otherwise. Do it server side - far safer. A correctly configured server and e-mail client should kill that .exe immediately.

And if your on an NT system such as xp - his advice 'Default Deny' is spot on. Create a limited user account for internet use. Anything you want to save can be accessed via your admin account which should be given very restricted internet access. It takes like 30secs to log between accounts, onstall the bit of software you just downloaded (After a virus check - no matter where that .exe came from! A bad or partially corrupted download will be seen by AVG. Don't run it as it could mess things up). That is about the closest I reckon you can come to near on full 'Deny Default'. Every thing that limited account can do is set by you and it's far harder to penetrate, just as he says..

Good read was that

NutJob

wonderful article. Haven’t read anything that incite full in a long time. Just makes sense.


Spot on. Dont agree with everything but hes on the right track.



As for outlook express most companies i work for :-)