|
Posted by Al Dunbar on April 22, 2007, 12:56 pm
Please log in for more thread options
Ultimate security is a holy grail that will remain forever elusive. In the
real world security fits into a balance amongst various factors, including
risk and the actual cost of having security breached.
/Al
> But I think that, when someone believes that there is a 100% secure
> solution, the hackers will have there day ...
>
> First, we had virusses.
> We solved it (not 100%) by making ant-virus software.
> But the real solution agains virusses is:
> -closing all ports (against worm virusses)
> -not use email (against email virusses)
> -prevent users to download anything from the internet (could be a virus)
> ....
> But the 100% solution is not an option, so the cat and mouse game between
> virus makers and anti-virus makers began.
> The same happened to spy and adware.
>
> Next, we had buffer overruns, where hackers could execute code in data
> segments. To solve this problem for a 100%, everyone should replace all
> hardware for new ones that support hardware dep (the software version may
> have bugs in it).
>
> Next, we got SQL Injections. So, all buggy websites should have been
> rebuild (not done; I regulary see websites that are stil vunrable)
>
> The problem is that people make software. And because people make
> misstakes, the software is full of errors. Because of these errors there
> are openings for misuse of the software, local or remote.
>
> You cannot solve this problem by making software, because this software
> will have it own mistakes in it.
>
> To give an analogue, look at the story of the enigma. The Germans had an
> unbreakable code - which eventually was broken by the english.
> Like there is no unbreakable code, there is no secure system.
>
> The only thing that we can do is make it so hard to hack a system, that no
> one bothers to try it anymore. But there will always be hackers that only
> see this as a challenge, and break in anyway.
>
> By the way, nice link. I don't know how to secure this .....
>
> S. Pidgorny <MVP> wrote:
>> G'day:
>>
>>> The only truly secure system is one that is powered off, cast in a block
>>> of concrete and sealed in a lead-lined room with armed guards - and even
>>> then I have my doubts.
>>> -Eugene H. Spafford, director of the Purdue Center for Education and
>>> Research in Information Assurance and Security.
>>
>> Yes, powered off is clearly not enough any more: Quantum computer works
>> best switched off
>> (http://www.newscientisttech.com/article/mg18925405.700.html). The rest
>> is good old physical security - how many times it din't work?
>>
>>> Every computer with outside connections is a security risk.
>>> As long as anyone can log on, it is possible to hack it.
>>
>> I'll give you my smart card - hack away. Seriously, the notion of
>> "everything is nsecure" works best for security philosophers (likes of
>> Bruce Schneier) and not so much for the hackers.
>>
| 
XML Sitemap