SBN

Security Assumptions – Don’t Make an ASS of U and ME

EH-Net - Kron - Security AssumptionsHave you ever stopped to ask yourself if the things you are defending against are really your biggest security problems? I am going to challenge you to think about things a little differently, as I have been myself recently. Prepare yourself, as this may challenge some of your core security beliefs, things we have been taking as gospel since the early days of securing networks. We all know our time is precious and limited, so it is more important than ever to use what time we have wisely. That is exactly why I think we need to look deep into our beliefs and be willing to challenge ourselves on a profound, uncomfortable level. So, let’s make an attempt to be completely and utterly honest with ourselves about our security assumptions.

Do you require users to have long, complex passwords and expect them not to write them down? Do you use firewalls to cover up unpatched software, block access to vulnerable or unused services or to make up for poor configuration? What about Full Disk Encryption? Do you deploy that on every machine in your organization?

If you answered yes to any of these questions, you might be doing it wrong. Perhaps it’s time to review what you are doing, and why. Sometimes we do things because we have heard others do it, but we waste a lot of time and energy, plus create needless friction by just following the herd.

Passwords

Password hygiene has long been a thorn in the side of IT and security professionals. Getting   users to treat these “keys to the kingdom” with the proper care has always been a challenge, one where we continue to fail. That being said, let’s ask ourselves if the changes we have been trying to get users to embrace are actually (Read more...)

*** This is a Security Bloggers Network syndicated blog from The Ethical Hacker Network authored by Erich Kron. Read the original post at: http://feedproxy.google.com/~r/eh-net/~3/6OdogQCP9n8/