Open Menu Close Menu

Nzxpmdot Wzbdin Vo Cjhz

My house is very secure. Most windows have quadruple locks. The front door is defended by a $250 solid brass deadbolt. The back door has a double-cylinder armored lock, and my tough- tempered glass window wall has three intrusion deterrent systems. Motion detectors at the front and back of the house keep an eye out for trespassers and there are a host of other deterrents that I will not reveal in this public forum. There is also a high-security lock between my house and garage, but given the inconvenience of using it, I rarely lock it. (Who would know it’s not locked? It looks locked.) When I’m out of town for more than a few days I notify the local police, who keep a watch on the house. I stop my telltale mail and newspapers and in the event I lose my keys while traveling, two of my neighbors keep a backup key as I keep one for several other neighbors.

Last year, very late heading off for a four-day trip, I pressed the remote control of my ultra-high-tech rolling code garage door and as it started down I sped away to the airport. Upon returning home I discovered that something must have caused the garage door to reverse before closing. It had been wide-open for over four days. Inside the garage, among other goodies were expensive bicycles, a boat, and every known device for waging war on fall leaves. The door from the garage into my house was, of course, not locked. Amazingly, not a thing was missing or even moved. My neighbors said they thought I was working long hours in my garage since it was open from very early in the morning until they went to sleep.

Here are some lessons from this incident that apply equally to computer security.

  • Do not confuse being lucky with good design or a big safety margin. NASA saw seven cases of O-Ring erosion on Shuttle rockets, but none burned through more than a third the distance necessary for catastrophe. NASA concluded that they had a safety factor of three instead of realizing that since there should have been no O-Ring erosion at all, they had just been incredibly lucky—until Challenger when an O-Ring failure caused it to blow up. I could conclude that leaving my garage door open is no problem and that I should never bother closing it since nothing happened. And the unlocked door into my house, well, there’s no reason to ever lock it either. Didn’t it work just as well unlocked?

Of course, I was just lucky. I need to find out why the garage door didn’t close and fix the problem. I need to realize that if it ever stays open again, the lock into my house is very important and always needs to be secured. I also need to have a chat with my neighbors and the police, who were supposed to be looking out for me and ignored a potential security breach for four days.

  • No security feature will protect you if you don’t actually use it. Using just some of your security features is often no better than using none. My rolling code garage door opener never failed, but it d'esn’t offer any protection when the door is left open. My quadruple window locks weren’t much help when my garage door and the door into my house were unprotected. Why pry open windows when you can walk through an unlocked door?
  • The weakest link, not the strongest, determines how much security you have. Attackers will find and exploit the weakest link in your security. My quadruple locked windows are overkill. They are much more secure than any other part of my defense against intrusion, but no one will ever try to break through them. You need a uniform level of security appropriate for what is being protected. A moat filled with alligators would provide greatly improved security, but it would cost more than my house—the asset I’m trying to protect.
  • If security isn’t easy to use, it isn’t likely to be used and won’t provide much security. The lock between my house and garage is a technological tour de force, but it is so complex to use that I never bother using it.
  • Security has many interdependencies. Keeping my neighbors’ keys in my house is handy, but if someone gets into my house and finds the keys, my neighbors’ security is compromised. The crooks will just unlock my neighbors’ front doors. Your security often depends on the security of others, as theirs may depend on yours.

Places that contain security information for many people need the highest level of trust and security. Leaving information with the police and post office is fine, but an unscrupulous person in either place would know which houses are vacant and therefore easier to attack.

Security d'esn’t work unless end users shoulder their share of the responsibility. The best locks and security deterrents won’t deter anything if users don’t use them. Carnegie Mellon’s new computer security CyLab will be doing all the amazing things in the area of security that one would expect them to do. But they will also be training 10 million “Cyberaware” citizens worldwide in three years and educating 100,000 security professionals. It is these millions of “Cyberaware” citizens that will be the most formidable force for improved computer security. Are your users cyberaware?

As for the title of this article, it has been lightly encrypted but you should find its solution very e z.

comments powered by Disqus