NYCPHP Meetup

[Michael]

>This is a key point regarding security in general - it's unwise to focus
>all of your attention in any one area, thereby assuming that this is the
>one opening that a potential attacker will use. It's similar to how people
>have a false sense of security when something is encrypted - often
>decryption isn't necessary for a successful attack (presentation of the
>original encrypted data may be all that's required).
>
This is exactly why I force users on my secure Intranets to access my 
servers using Knoppix discs, have strong passwords, use encryption, etc. 
I keep telling them that it does no good to secure the servers and make 
users change passwords every other week when half of their computers are 
infected with spy software hat can capture keystrokes and other 
important information. Likewise there is no point in securing the client 
machines if everything is sent unencrpyted over their home wirelesss 
network. Or just walk in, say your a server tech, and walk out with the 
server. It's really quite easy to hack just about anybody because it's 
seldom that all aspects of security are really considered.

-- 
Michael <mogmios at mlug.missouri.edu>
http://kavlon.org