|
Of course you're right. Security measures (on houses, cars, computer systems...) only make breaking in inconvenient. If someone wants to badly enough and has the time and resources it will happen eventually. > -----Original Message----- > From: email@james-w-kilgore.com [mailto:email@james-w-kilgore.com] > Sent: Friday, September 24, 1999 1:36 AM > To: MIDRANGE-L@midrange.com > Subject: Re: Rewarding challenge AS/400... > > > > > Joel Fritz wrote: > > > > I dunno--people sometimes do funny things when they dislike > each other. > > > OK, I've watched this thread long enough, SOAPBOX(*on) > > If you lock the door, they come in through the Window (pun > intended <g>) > > IMO, 95% of the users are there to get their job done and > couldn't give > a squat about technology. It's the tool handed to them and they > acquiesce to it's use. Half of them don't even have a PC at home. > Depending on the pecking order, it drops from there. > > I once heard that locks keep honest people honest. If a thief want's > in, they'll get in. Period. Most you'll catch, the rest will let you > know where you've left access. > > Are users sloppy about security? You bet. Why? They're honest and > naturally expect that from their coworkers. > > Security, or should I say cynicism / suspicion, is not in their job > description. This human trait is the weak link in any security plan. > > We could all run our systems at level 40/50 and still have > breaches that > are beyond any contrived technology. > > What one is asked to do is to take "reasonable measures" to "insure" > security. The debate starts once a breach occurs or an audit > questions > if what is in place is "reasonable". > > Way back when (the Earth's crust was still cooling) there was a study > done on security breaches. The target was insurance > companies. Now the > companies were diligent with requiring expirations of passwords and > their computer generated a series of non repeating, non redundent, > random letters/numbers. Noone could guess them. > > The passwords were so hard to remember that the users wrote > them down on > a Post-it and slapped it on the face of their CRT. > > To break into their system required a pair of binoclars from > across the > street. Read all the passwords you want. Sniffing packets is for > technogeeks that can't see the forest for the trees. =;-p > > Make your plans, dot your I's, cross you T's, cover your > b***. Breaches > happen. Period. > > P.S. I'll bet that the janitorial company that cleans your > building can > get all the passwords they want. > +--- > | This is the Midrange System Mailing List! > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > | To unsubscribe from this list send email to > MIDRANGE-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: > david@midrange.com > +--- > +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.