On Sat, 21 Sep 2002, Sean Donelan wrote: ...
Are network operators really that clueless about security, or perhaps we need to step back and re-think. What are we really trying to protect?
This is often something that gets forgotten.. people are so hyped up about network security they can easily end up with ultra secure systems that really arent worth it for the data thats there..
Banks are mostly concerned about people defrauding the bank, not the bank's customers. Banks rarely check the signature on a check. Is security just perception?
This is a case of your only as good as the weakest link.. I point this sort of abstract thing out too. My usual examples are the office computers which tend to be laptops kept overnight in empty unlocked rooms with no password on them; people spend so much time getting secure VPNs and secure email setup they forget if someone really wanted the data they'd just walk right in and remove the hardware. Doesnt mean we shouldnt maintain a high level of security and be vigilent, but it does mean we should make sure we cover all angles. I like your cheque example, again I pick on credit cards.. the banks get so paranoid on internet shopping and yet its very common for fraud to occur because of who sees your card when you're out shopping at the local store... Think big picture! Steve