posted on Jan, 21 2015 @ 03:29 PM
I'm in Cisco classes right now. The instructor had some funny questions for us yesterday. One of them was, "do you think security exists in this
world". The answer was only obvious to a chunk of us, which surprised me. Some of these people truly believed it was possible. We can put up layers of
deterrence, but no system is fully secure. It's an ideal never truly realized.
Another question was, "do you lock your car", I was surprised to be the only individual in the room who didn't raise their hand. My reasoning is
rather simple. If you are willing to flaunt the need for protection, you must be willing to attract the attention which is guaranteed to come from the
criminal mind's attraction to your need. The next question was, "which car is easier to get in, the locked car or the unlocked car". I think this is
besides the point, depending on the context of the situation. The real question should be, "what kind of criminal would go for the unlocked, junked up
ride over the rows of flashy, locked up ones?
Having said all of that, setting up layers of deterrence for your cyber goodies does make good sense to me. It's just not the same terrain as the real
world. If you don't have some protection, you're bound to get messed with. If you're lucky, it'll be a mere grey-hat who will scare you into making
your system more secure
, though you will probably not be that lucky.
I'm not sure why people are still using passwords. If we're talking access to servers, then they should have encrypted keys, accessed only through
encrypted tunnels. The issue then becomes where the keys are stored. If it's a big deal, don't keep them on your local machine, or at the very least
truecrypt your drive. I'd rather keep them on a couple of usb keys, the backup being in case the inevitable happens while still in use... the drive
fails. Keep a key on your person at all times, and another safely hidden. If absolutely necessary, get a safe or safety deposit box. If not a clever
hiding spot should be good enough. There's no need for passwords where a key can be used.
edit on 21-1-2015 by pl3bscheese because: (no reason