General discussion

Locked

The Six Dumbest Ideas in Computer Security

By jdclyde ·
This came in a security newsletter I recieve. I read it and some of the ideas I thought were pretty obvious to me, yet some others made me have to think about them for a while as they are counter the conventional "wisdome" about computer security.

"Marcus Ranum released any interesting editorial entitled "The Six Dumbest Ideas in Computer Security." He gives his views on common security misconceptions that seem to be perpetuated throughout corporate IT environments. You can read this and other editorials at:
http://www.ranum.com/security/computer_security/editorials/dumb/"

After reading this, what is your take? Are we just chasing our tails so vendors can continue to make a profit?

Is this approach something that you use, or could use?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

All of the status quo is dumb now..

by Praetorpal In reply to #4) Hacking is Cool

Pretty well all systems are dumb. A hack-proof system is by its own label/definition hack-proof. You can not convert an imperfect system into a hack-proof system by hacking it; you can only eliminate the bug of the day. That is one of the points of this article.

This article describes incredible data breaches in so-called secure networks, which demonstrates an incomplete understanding of what security is really supposed to be:

So You Think Your Data Is Secure?

http://www.computerworld.com/securitytopics/security/story/0,10801,103869,00.html

Collapse -

It still won't work for all networks

by randy In reply to The Six Dumbest Ideas in ...

I really liked the article and I agree with it as it applies to corporate networks. I work for an ISP and while we do use some of the techniques described in the article, we can't block everything and just allow the good. There are to many people that want the info that allows the bad. They don't care if they get virus'. Besides they bring their machines to me to clean every 3 to 6 months.

Collapse -

Pain Points

by Adminisaurusrex In reply to The Six Dumbest Ideas in ...

The company I work for just started tracking InfoSec pain points. We talked to about 250 Security end users and got vendor and product ratings, and some other good tools. The research is free, so contact me at 212-672-0013 or adamady@theinfopro.net

Collapse -

6 dumbest ideas...

by cburgess In reply to The Six Dumbest Ideas in ...

...are the authors.

Well, his concept of focusing on only allowing permitted apps to run is well put, but is not the total answer to security.

The reality is that no network is hacker proof...period. There are too many flaws in the apps, in the os, and in the CPU instruction sets.

Real elite hackers don't pay much attention to vulnerability notices...they already know about them. Elite hackers don't publish their exploits...only script kiddy n00bs go for that lame stuff.

How do you patch for a invalid CPU instruction that when passed through a CPU causes it to crash? The faulty code is in the silicon. No cpu as of yet has error code handling implemented. The cpu has a finite number of instructions in its set, and all other permutations are invalid and can cause the cpu to do some weird stuff.

Collapse -

Can't Enumerate Goodness Either ...

by mdpetrel In reply to The Six Dumbest Ideas in ...

There are hundreds of 'cool' or 'fun' apps that a family WILL install in a given year, AND that they will update / patch / and 'enhance' w/ dozens of add-ons. This is over a 1000. And since newer versions of these come out annually, we well over several tens of thousands of "good" apps, too. Effort wise, it is better for a family to pay $30 USD for up to date virus definitions...

A business may have less than a 1000 processes to keep track of; but that is not true of average families.

Collapse -

broken by design

by apotheon In reply to Can't Enumerate Goodness ...

That's a failure of the Windows application model. A simple interactive front end on iptables (there are several available) can be used for an adaptive system for designing just such an "enumerated goodness" security model (for instance).

Collapse -

To Block or Not?

by kellybriefworld In reply to The Six Dumbest Ideas in ...

I?m a consultant working with Palo Alto Networks; they have an excellent whitepaper on the subject of blocking social networking apps that you may have to worry about, ?To Block or Not. Is that the question?? here: http://bit.ly/d2NZRp. It has lots of insightful and useful information about identifying and controlling Enterprise 2.0 apps (Facebook, Twitter, Skype, etc.) Let me know what you think.
kelly@briefworld.com

Related Discussions

Related Forums