We have to use secure pin to access the servers - how secure do you want to do ;-) Passwords alone as simply not enough.
-----Original Message----- From: John Paul Ashenfelter [mailto:[EMAIL PROTECTED] Sent: 04 March 2005 12:17 To: CF-Talk Subject: Training users to be security-conscious [Re: Securing MS-SQL port 1433] On Tue, 1 Mar 2005 22:06:48 -0500, Dave Watts <[EMAIL PROTECTED]> wrote: > > How is this any different than the corporate education about > > opening attachments (bad) and phishing (bad)? Most people, > > I'd put forth, *do* know that the internet isn't all that > > safe and they should be running a firewall. WinXP SP2 finally > > has it builtin, for gosh sakes. > > While most people may know that they should be running a firewall, I doubt > very much that most of these people even know what a firewall is. And when > their system pops up a little message saying "do you want to allow traffic > from [socket 1] to [socket 2]", they'll click the OK button in many cases > even if they don't know the import of their actions. And again, your analogy > with corporate education about attachments just highlights the idiocy of our > industry - we find it more efficient to train untold thousands of people not > to double-click something, rather than design a safe system in the first > place! If we built cars, we'd tell people "don't drive downhill because the > brakes don't work", rather than just fixing the damn brakes. How idiotic is > that? On a related note, Kevin Mitnik (quite famous convicted hacker) spoke about security and (normal) employees recently (http://www.zdnet.com.au/news/security/0,2000061744,39183334,00.htm) -- his conclusion? Companies eager to tighten up their information security perimeters should focus not on technology but on teaching their employees how to say 'no' I'm pretty sure he's not eligible to sit for the CISSP (that whole ethics thing) but he does know a thing or two about penetrating security. So while it certainly is *annoying* that we have to train users not to open attachments containing Ann/Paris/Brittany pics, not to give their passwords out over the phone, and not to blithely use unencrypted wifi access points, and all the rest -- it's not foolish or stupid at all. -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197454 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
