Nzxpmdot Wzbdin Vo Cjhz
My house is very secure. Most windows have quadruple locks. The front door
is defended by a $250 solid brass deadbolt. The back door has a double-cylinder
armored lock, and my tough- tempered glass window wall has three intrusion deterrent
systems. Motion detectors at the front and back of the house keep an eye out
for trespassers and there are a host of other deterrents that I will not reveal
in this public forum. There is also a high-security lock between my house and
garage, but given the inconvenience of using it, I rarely lock it. (Who would
know it’s not locked? It looks locked.) When I’m out of town for
more than a few days I notify the local police, who keep a watch on the house.
I stop my telltale mail and newspapers and in the event I lose my keys while
traveling, two of my neighbors keep a backup key as I keep one for several other
neighbors.
Last year, very late heading off for a four-day trip, I pressed the remote
control of my ultra-high-tech rolling code garage door and as it started down
I sped away to the airport. Upon returning home I discovered that something
must have caused the garage door to reverse before closing. It had been wide-open
for over four days. Inside the garage, among other goodies were expensive bicycles,
a boat, and every known device for waging war on fall leaves. The door from
the garage into my house was, of course, not locked. Amazingly, not a thing
was missing or even moved. My neighbors said they thought I was working long
hours in my garage since it was open from very early in the morning until they
went to sleep.
Here are some lessons from this incident that apply equally to computer security.
- Do not confuse being lucky with good design or a big safety margin. NASA
saw seven cases of O-Ring erosion on Shuttle rockets, but none burned through
more than a third the distance necessary for catastrophe. NASA concluded that
they had a safety factor of three instead of realizing that since there should
have been no O-Ring erosion at all, they had just been incredibly lucky—until
Challenger when an O-Ring failure caused it to blow up. I could conclude that
leaving my garage door open is no problem and that I should never bother closing
it since nothing happened. And the unlocked door into my house, well, there’s
no reason to ever lock it either. Didn’t it work just as well unlocked?
Of course, I was just lucky. I need to find out why the garage door didn’t
close and fix the problem. I need to realize that if it ever stays open again,
the lock into my house is very important and always needs to be secured. I also
need to have a chat with my neighbors and the police, who were supposed to be
looking out for me and ignored a potential security breach for four days.
- No security feature will protect you if you don’t actually use it.
Using just some of your security features is often no better than using none.
My rolling code garage door opener never failed, but it d'esn’t offer
any protection when the door is left open. My quadruple window locks weren’t
much help when my garage door and the door into my house were unprotected.
Why pry open windows when you can walk through an unlocked door?
- The weakest link, not the strongest, determines how much security you have.
Attackers will find and exploit the weakest link in your security. My quadruple
locked windows are overkill. They are much more secure than any other part
of my defense against intrusion, but no one will ever try to break through
them. You need a uniform level of security appropriate for what is being protected.
A moat filled with alligators would provide greatly improved security, but
it would cost more than my house—the asset I’m trying to protect.
- If security isn’t easy to use, it isn’t likely to be used and
won’t provide much security. The lock between my house and garage is
a technological tour de force, but it is so complex to use that I never bother
using it.
- Security has many interdependencies. Keeping my neighbors’ keys in
my house is handy, but if someone gets into my house and finds the keys, my
neighbors’ security is compromised. The crooks will just unlock my neighbors’
front doors. Your security often depends on the security of others, as theirs
may depend on yours.
Places that contain security information for many people need the highest level
of trust and security. Leaving information with the police and post office is
fine, but an unscrupulous person in either place would know which houses are
vacant and therefore easier to attack.
Security d'esn’t work unless end users shoulder their share of the responsibility.
The best locks and security deterrents won’t deter anything if users don’t
use them. Carnegie Mellon’s new computer security CyLab will be doing
all the amazing things in the area of security that one would expect them to
do. But they will also be training 10 million “Cyberaware” citizens
worldwide in three years and educating 100,000 security professionals. It is
these millions of “Cyberaware” citizens that will be the most formidable
force for improved computer security. Are your users cyberaware?
As for the title of this article, it has been lightly encrypted but you should
find its solution very e z.
