dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
48
OZO
Premium Member
join:2003-01-17

OZO to StuartMW

Premium Member

to StuartMW

Re: Think layers of security is all that? Think again

said by StuartMW:

Well I think the problem with that article is that they missed/ignored the most important factor--the humans.

The assumption is that hardware/software, by itself, is sufficient to stop all exploits. It's not and never will be.

If users click on unsolicited links in email, visit unsafe sites, and so on the chances are malware will get through. That's why "social engineering" techniques are used so often--they work because people do stuff even when they know they shouldn't.

I agree. Human is the most important part of security. Computers are made to obey them, at the end... Thus, education, how to run them safely, is the key.
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer

Premium Member

said by OZO:

Human is the most important part of security. Computers are made to obey them, at the end... Thus, education, how to run them safely, is the key.

^^ This ^^
It is all about education, understanding the risks, and understanding how to mitigate those risks. Basic secure computing steps are at least 80%.
said by Snowy:

The thread title reminded me of this recent thread 'how to ensure PDF file viewing does not "call home"' where firewall rules were often mentioned as a cure/fix.

Firewall rules will often prevent a call home function but it's not guaranteed.
It's just a layer.

Exactly. It all depends upon the level of concern or paranoia and the risks involved.

That thread is not particularly a good example since it involved prevention of a PDF reader from reporting usage statistics. The effort to ensure that detail gets sent, independent of reader and irregardless of protective measures, is not worth the benefit of the data obtained. Basic firewall or sandbox methods are likely to be very effective in this case.

For those extremely paranoid or concerned a dedicated PC that never has any network connectivity is a given. For those trusting in the technology a simple VM may suffice but for the truly untrusting a dedicated standalone physical PC would be in order already and such a question would not even be asked.

The old adage that the most secure computer is one that can never be used continues to apply. If you treat every risk as the utmost highest priority you will (a) worry yourself to death and (b) spend a significant amount of time avoiding threats that don't realistically exist.

Using the referenced thread as an example: Even if I were still the most paranoid person such that I was overly concerned that a PDF I downloaded from the internet would "call home" to report every time I read it, that would not change the fact that my download of said PDF was already recorded and likely tracked. The time I would spend to copy that PDF to a portable device and then to a standalone PC would be potentially wasted effort.

Now, if this involved confidential document/information, or any type of PII (Personally Identifiable Information) the risk would be higher and said measures may be appropriate. The OP in that thread did not make this distinction so this is unknown.

Proper education on secure practices, understanding the risks involved, and taking appropriate action based on those risks is indeed the key. I know many people that refuse to do any commerce (even amazon) or banking online yet do not own a paper shredder and think nothing of throwing bills, statements, etc in the garbage intact. I have not disposed of one sheet of paper that had a name, address, or any other PII without shredding in almost two decades and have been regularly questioned about why. Education is truly the key.
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

MaynardKrebs

Premium Member

said by Shady Bimmer:

For those extremely paranoid or concerned a dedicated PC that never has any network connectivity is a given.

You forgot the 'Tempest' room that the computer is located in.
slajoh01
join:2005-04-23

slajoh01

Member

One of the security layers to keep in mind are monitoring and keeping audits inside your networks.

My most major concern are the users inside a network and not some hacker outside the network. The odds are much lower if someone outside of a network hacks in to your data. The real danger are the insider threats, and yes, I mean the users themself sitting behind the machine.

One of the things we can do, is a "scare tactic" that we gotta let them know were monitoring and keeping an eye on you whatever they do on a network. Hopefully that will send a clear message.