Re: Good passwords and security priorities

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 04/29/05 

Date: Thu, 28 Apr 2005 18:43:53 -0500

In article <zIUbe.2500$iZ1.347@trnddc03>, sinister wrote:

>At my workplace, there's very little risk of someone unauthorized coming by,
>looking at the stickynote, and then later breaking in.

No janitors? No visitors? No disgruntled employees?

>By "little risk", I mean as compared to getting broken into by someone God
>knows where in cyberspace. The stickynote doesn't help the latter break in,
>as they're coming from somewhere physically remote.

The standard comment is that "Physical access beats five aces" is true.
Even if someone can't find the sticky note, in the overwhelming majority of
cases, it only takes a minute or to to boot the system single-user, or
simply yank the hard drive for inspection in another system. I TOTALLY
agree with Lynn Wheeler regarding the studies indicating over three
quarters of break-ins involving insiders. Heck, I've even arranged the
physical placement of the computers I use in my office so that shoulder
surfing is extremely difficult.

However, there shouldn't be that kind of access from "outside". A bit of
that is user training (don't go to that pr0n site, don't download unknown
software), a bit is that most malware is targeting windoze, and another
bit is that the user has some difficulties in installing malware, often
due to permissions or lack of tools. But all in all, there should be the
intelligently configured firewall between your internal hosts and the big
bad Internet.

        Old guy