Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

(wil) Re: Security matters: keep thy doors closed!

by wil (Priest)
on Jun 14, 2002 at 17:07 UTC ( #174635=note: print w/replies, xml ) Need Help??

in reply to Security matters: keep thy doors closed!

You raise some very good and very important points here. But one very big security threat that keeps getting overlooked is - your users.

Either knowingly, or unwittingly, many of your system users are a very real threat to the security of the machine. From the most extreme simple things like; do they write down their passwords on a big postit note by their computer? Do they remember to log off at all? Do they tinker around and write their own CGI applications on your system without you knowing? And does this CGI program that you don't know about run Matt's Free Guestbook for everyone in Sales? Does the MD allow her 15 year old hacker son to play around on the laptop from home?

IBM are running a good ad campaign at the moment highlighting this fact. They say something along the lines of "You've turned off all your unused ports and services. You've got the best firewall going but are you protected from Rose in Accounts?"

Physical security is as paramount as virtual/connection security. Is your box locked under key? Do you have 24/7 surveillance on the box by cameras, anti-tamper devices? etc. Of course, how far you want to take this depends on how much you value your data.

I just think these are highly important points people should be more aware of, and I constantly strive to bring these points further up our security agenda in work.

Update: kudos to cjf for reminding me of the name of the woman in Accounts - Rose. :)

- wil
  • Comment on (wil) Re: Security matters: keep thy doors closed!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://174635]
[Corion]: ... and I still don't understand why ;)
[Corion]: This is because Filter::Simple does some string-trickery, replacing all string literals with "quoted packed numbers"
[Corion]: I fear this might be a bug in the RE engine, but if it is a bug, even fixing won't help me because I need Filter::Simple for Filter::signatures , which provides signatures as a backwards compatibility feature for Perl <5.22 - and these ...
[Corion]: ... won't get a fix anyway ;) My plan B is to encode the string placeholders avoiding \r and \n
Discipulus spent his sathurday repairing a fontain in agarden to save red fishes inside it..

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (12)
As of 2017-01-23 08:06 GMT
Find Nodes?
    Voting Booth?
    Do you watch meteor showers?

    Results (191 votes). Check out past polls.