The Six Dumbest Ideas in Computer Security

Written on September 19, 2005  |  by RP Mickler  |  Leave a Comment Leave a Comment  |  Bookmark and Share

This is great – a student passed this one to me.
http://www.ranum.com/security/computer_security/editorials/dumb/

From the author:

Let me introduce you to the six dumbest ideas in computer security. What are they? They’re the anti-good ideas. They’re the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible – which is another way of saying “trying to ignore reality.” Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don’t fully understand the situation, but other times it’s just a bunch of savvy entrepreneurs with a well-marketed piece of junk they’re selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them.

An excellent read (grin).

R

Rick G says:

Commented posted on: September 19, 2005

Related to item #5 in “The Six Dumbest Ideas in Computer Security” -

http://informationweek.com/story/showArticle.jhtml?articleID=170703348

“But user education may be talking to a brick wall because some workers slough off responsibility for even knowing about threats. “Workers in larger companies don’t worry about being educated, they just assume that IT handles everything,” said Hansmann. “Big company employees just don’t see security as their responsibility.” U.S. workers were the most confident in IT as a safety net. Nearly half of American employees surveyed, 48 percent, said they were more likely to open suspicious e-mail messages or click on Web links because they could rely on IT. In Japan, however, only 28 percent admitted in such risky moves. “