Archive for 'Myths & misconceptions' Category
“But we’ve never had a problem”
Convincing decision makers to be proactive with information security is always a tough sell, but it’s really difficult with small to medium size businesses. Lately I’ve been hearing a lot of the old “but we’ve never had a security problem” myth as an excuse for inaction (hmm… maybe I should add it to the list). [...]
Read the rest of this entry...Security of virtualization
Over at Info World, Tom Yager has a few thoughts on the security of virtualization. I touched on the topic back in April in Can virtualization be trusted for security?. Among other things, he has an interesting idea that an attacker might take advantage of easier cloning and failover possible with virtual machines. I can [...]
Read the rest of this entry...Stupid security awards
Some fun news from Privacy International: They’ve revived their Stupid Security awards, last held in 2003 (winners here). Nominees for the 2006 awards are now open. The last time they did this all awards honored stupidity in physical and administrative security. Perhaps this year IT security will be represented… there are so many stellar examples [...]
Read the rest of this entry...Can virtualization be trusted for security?
Some of our clients have started using VMWare, Xen and MS Virtual Server to provide either a contained environment for accessing the Internet from the desktop, or to isolate Internet services such as web and e-mail servers from the rest of a physical server. The idea is that if the virtual machine gets infected with [...]
Read the rest of this entry...We’re secure because…
“…we installed anti-virus.†“…it’s behind a firewall.†“…we have an IDS.†“…we use a VPN.†“…we finally got PKI to work.†“…we installed a network intrusion prevention box.†“…we installed host intrusion prevention software.†“…it has Common Criteria certification.†“…the product is from [insert big company name]†“…the person who built it has a CISSP [...]
Read the rest of this entry...