x
Mobile security

SlideshowNetwork Security: It's Complicated

Don't mess with Hakan Kvarnstrom -- he's head of security...
Don't mess with Håkan Kvarnström -- he's head of security...

Joe Stanganelli 5/10/2014 | 7:13:46 AM
Social Engineering And this doesn't even begin to touch on the risks of social engineering -- which can sometimes become all the more ever-present in a highly complex environment.  (It's so much easier to just do what someone is telling or asking you to do, isn't it?)
pcharles09 4/30/2014 | 5:39:21 PM
Re: It's all there in this one quote Hmmm. If that's your answer, then what's your definition of secure? All those can be "broken" easily.
briandnewby 4/30/2014 | 2:15:42 PM
Re: It's all there in this one quote It is fair at times to ask how things could be worse WITHOUT security.  I do think that many organizations (such as homes associations that require authentication to see a newsletter) provide bottom feeding opportunities to collect user info that can be used in bad ways on bigger sites. 

Less security in some cases might make us more secure overall.
brookseven 4/29/2014 | 1:33:17 PM
Re: It's all there in this one quote Actually, to be completely frank...there is no possibility of perfect security.

I have posted here in the past the story of the Penetration Test done at the DoD by dropping Flash Drives in a parking lot.  People picked up and plugged in about 60% of the drives.  They were innocuous but connected back to report in.  Poof...all network security is bypassed.

So - problem 1 is stupid employees.

Next up is the problem of bribes/payoffs.  If somebody really wants some information, do you think one of your IT technicians might not take $1M for access?  This is why the electronic CALEA standard came about.  The mob was threatening and bribing CO Technicians when wiretaps were enabled.  

So - problem 2 is dishonest employees.

The thing is that you need to think about security, risk and inconvenience all at the same time.  We had custom ASIC files stolen.  Our initial solution was to take all the machines in the ASIC design team off-line.  We had people go through our garbage.  Shred everything...and I do mean everything.

We have been working on physical security for 1,000s of years.  And yet people still rob banks.  Your job in network security is to increase the cost and risk of a breach - knowning that they are impossible to completely stop.

So, write any buzzwords you want...it only means something if the information is not worth as much as the cost to extract it.

seven

 
pdonegan67 4/29/2014 | 3:26:05 AM
Re: It's all there in this one quote TDM. ATM. SMS. GPRS. WAP.
pcharles09 4/28/2014 | 9:57:26 PM
Re: It's all there in this one quote That sounds like something written by a security analyst. What's both secure & simple?
Joe Stanganelli 4/28/2014 | 6:20:39 PM
Irony The irony is that the worst enemy of simplicity and accessibility is security.

What's that saying about "the enemy of my enemy"...?  :p
pdonegan67 4/28/2014 | 1:19:09 PM
It's all there in this one quote It's all there in this one quote: "Complexity is security's worst enemy and that is what security people are struggling with."
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE