greg hughes - dot net - Security Myths - Don't fall for the tricks and traps

Tuesday, 15 March 2005

Security Myths - Don't fall for the tricks and traps

There's a excerpt from a yet-to-be released book by Jesper Johansson and Steve Riley available to read online. The article, entitled "Security Myths," it takes a look at some of the security shortcomings typical to use of security guides and reliance upon following a predefined set of steps without looking at the whole picture. It's a great lesson in how to look at things, rather than how to follow prescriptive

Warning
This section is somewhat (OK, very) cynical. Take it with a grain of salt and laugh at some of the examples we give. Do not lose sight, however, of the message we are trying to get across: These are myths. If you are careful to avoid falling into the trap of believing them, you will be able to focus your efforts on the things that make a real difference instead of being lured like so many others into staring at a single tree and failing to see the security forest.

So what are the myths? Well, for the details go read the article, but at a high level...

Myth 1: Security Guides Make Your System Secure
Myth 2: If We Hide It the Bad Guys Won’t Find It
Myth 3: The More Tweaks the Better
Myth 4: Tweaks Are Necessary

Add/Read: Comments [0]

IT Security | Tech

Tuesday, 15 March 2005 17:54:10 (Pacific Standard Time, UTC-08:00)

Trackback

Referred by:
http://search.daum.net/ [Referral]
http://www.stumbleupon.com/su/ [Referral]

Comments are closed.

"Computers used to take up entire buildings, now they just take up our entire lives."

- Unknown

"So how do you know what is the right path to choose to get the result that you desire? And the honest answer is this... You won't. And accepting that greatly eases the anxiety of your life experience."

- Jon Stewart

Syndication [XML] and .net Alerts

For lazy, highly-technical or enlightened people, get this site's content without the use of a web browser. I use FeedDemon for this, but you can choose your own.

Subscribe - click the icon for my feed

... or sign up for Microsoft Alerts to receive updates through your MSN Messenger, e-mail, or mobile device. Click the orange button thingie to sign up with your Passport account:

Contact

Drop me an email:

Send mail to the author(s)

Phone: 503-766-2258
Add me to MSN Messenger

Monthly Archive

November, 2011 (1)

October, 2011 (7)

April, 2011 (1)

January, 2011 (2)

December, 2010 (3)

November, 2010 (2)

October, 2010 (1)

September, 2010 (1)

June, 2010 (13)

April, 2010 (10)

February, 2010 (1)

January, 2010 (2)

December, 2009 (1)

November, 2009 (2)

September, 2009 (2)

August, 2009 (1)

April, 2009 (3)

March, 2009 (5)

February, 2009 (1)

January, 2009 (10)

December, 2008 (7)

November, 2008 (7)

October, 2008 (18)

September, 2008 (18)

August, 2008 (18)

July, 2008 (35)

June, 2008 (16)

April, 2008 (16)

March, 2008 (22)

February, 2008 (32)

January, 2008 (9)

December, 2007 (6)

November, 2007 (4)

October, 2007 (19)

September, 2007 (36)

August, 2007 (19)

July, 2007 (17)

June, 2007 (16)

April, 2007 (11)

March, 2007 (5)

February, 2007 (14)

January, 2007 (16)

December, 2006 (16)

November, 2006 (4)

October, 2006 (23)

September, 2006 (14)

August, 2006 (21)

July, 2006 (34)

June, 2006 (25)

April, 2006 (20)

March, 2006 (17)

February, 2006 (34)

January, 2006 (30)

December, 2005 (23)

November, 2005 (39)

October, 2005 (30)

September, 2005 (49)

August, 2005 (31)

July, 2005 (21)

June, 2005 (35)

April, 2005 (54)

March, 2005 (60)

February, 2005 (27)

January, 2005 (59)

December, 2004 (70)

November, 2004 (58)

October, 2004 (55)

September, 2004 (64)

August, 2004 (53)

July, 2004 (65)

June, 2004 (50)

April, 2004 (26)

March, 2004 (20)

February, 2004 (26)

January, 2004 (28)

December, 2003 (12)

October, 2003 (8)

September, 2003 (11)

August, 2003 (1)

On this page

Search and Translate this Site

Blog Posting Categories

Navigation Links

About Greg Hughes

Archive of all entries

NWFusion Compendium [of tech info]

news.com RSS feeds

Blogroll

Scott Adams' Dilbert Blog

Scott Adams is the creator of Dilbert, and his blog is an incredibly smart, clever and often funny (sometimes very serious) look at the world. Everyone should read this blog.

Alex is a former coworker who blogs about a variety of IT-related topics.

Brent is a cool dude and a great QA guy that I used to work with. His blog is, appropriately, focused on QA and testing technology.

Chris was formerly my boss at work and is an avid board gamer and photographer. He always has some new info about top-notch board games you may have never heard of, so if you're into them, you should check out this blog.

Lockergnome by trade, Chris is always up to something new. If you are not familiar with the Lockergnome newsletters, be sure to check them out, too.

Matthew Lapworth

Matt's a software developer and friend. He seems to enjoy extreme sports. That's fine as long as he doesn't, like, die or something.

Milind writes about all sorts of interesting stuff. We worked toegther for eight years, and he worked at our employer longer than I, which pretty much makes him old as dirt in company time. :)

MSFT Security Bulletins [RSS]

RSS feed for all Microsoft security bulletins provides an always-up-to-date list of updates along with complete descriptions of each.

Rory Blyth is one of the funniest and most thought-provoking bloggers I read. And I blame him for everything. Literally.

Scott Hanselman

Scott's computerzen blog is a popular spot for all things .NET and innovative. I used to work with him, but then he went off to Microsoft. He's one of the smartest guys I know, and arguably the best technical presenter around.

Sign In

Who Links Here

Total Posts: 1889
This Year: 0
This Month: 0
This Week: 0
Comments: 3450