Tuesday, March 11, 2014

Part IV: Miscellaneous Security Tips

<- Previous Post | Main Post | Book review | Next Post ->

The Irony of High Security

Is having sophisticated equipment to secure the company a good thing? Maybe. Maybe not. If you think about it, serial killers cannot resist the urge to kill someone. Hacker cannot resist to hack into highly secured place. The higher the security, the more exciting and challenging it is. If hackers were bees, your highly secured system would smell like honey to hackers.

Using Credit Cards

     In the US, you are liable only to the first $50 if someone stole your credit card and use it at their leisure. But a lot of people still don’t fell comfortable using their credit cards online. On the other hand, they feel safer when using credit card offline. They give credit cards to waiters or waitresses when they pay the bill, and do not feel whether the waiters/waitresses would write down their credit card number for their own use.

Bank Daily Security Codes

     Banks in the U.S. have security codes. The code changes daily to improve security. Only the internal employees know the codes for a particular day. When someone calls in and ask for internal information, the callee would challenge the caller for the code. This is a very good security, indeed. However, if not properly protected, this code can give a false sense of security, because the callee would be less suspicious about the caller who knows the code.

Candy Security

This refers to security that is strong on the outside but soft at the inside. It is a common bad practice. People tend to focus on perimeter (e.g., installing firewall), but do not pay enough attention at the inside. Once gets through the perimeter, an attacker can do whatever (s)he wants. Also, beating perimeter security is not all that hard. In the end, it’s the human who uses the system, and human is usually weak against social engineering.

Speak Easy Security

     It is to set up a secret storage location known among certain people. When arriving at the secret storage, the member just need to say a secret word to open the vault. This is very similar to ‘Security through Obscurity’, where only a few people know about the protocol. The problem is social engineers are very adept in duping members into revealing location and opening the vault.          Again, the sensitivity of information depends on the context. Data should be classified based on context. Under a particular context, one person may ‘need to know’ one piece of information, but may not ‘need to know’ another piece of information. Make a list of ‘need-to-know’, and associate them with people and context. Make the list of 

Source: The Art of Deception: Controlling the Human Element of Security

Book or Audiobooks?

          Personally, I prefer audiobooks. It's fun, and I can listen when I'm doing something else. It also makes other activities (e.g., jogging) a lot more fun. For more detail about audiobooks, please read [this post].   
          There is one more reason that may encourage you to go for the audiobook version. You can get it now for FREE. Audible offers you a free trial for 14 days. Even if you get the book and cancel the subscription right away (so that you don't have to pay), you can keep the book. And, don't worry if you lost the audiobook file. Just log into audible.com. You can keep downloading the over and over again.
    About the summary: It takes time to finish up a book. And, when you do, sometimes, you want to review what you learn from the book. If you do not make  notes as you read, you might have to go through the book once again. This can be time-consuming when you are dealing with a book. But you can still flip through the book and locate what you are looking for.

However, when the material is an audiobook, it is extremely hard to locate a specific part of content. Most likely you will have to listen to the entire audiobook once again.

This book summary will help solve the pain of having to go through the book all over again.

I am leaving out the details of the books. Most books have interesting examples and case studies, not included here. Reading the original book would be much more entertaining and enlightening. If you like the summary, you may want to get the original from the source below.

No comments:

Post a Comment