Part 3 in a 6-part series
by Mark
Robertson, Social Engineering Consultant and CTO
Remember this old adage? "If you make
something idiot-proof, along comes a better idiot." We chuckle. These accidents usually occur to the
'other guy.' Uh-oh! Ever lock your keys in the car? Locksmiths love that one.
Walk around a ladder to avoid bad luck? What do painters do? After spilling a
little salt, do you throw some over your shoulder?
I'll take Professor Plum in the library with a candlestick
We all have days when we want to tell someone, "Get a clue!" Sometimes, we're guilty of being the ones who need to get a clue. Going blank and doing things we normally wouldn't do happens to all of us. In this month's The Weakest Link, learn about the things we could do that we think
are fine, but aren't.
It's not a matter of intelligence as we can't know these things without education followed by reminders. People download music and games. No biggie, right? Eh, keep an open mind on this topic until you've read "The Clueless Savant."
Give us a clue on how we're doing by taking the short reader survey and as a reward, your name is entered in a drawing where you could win a PAIR of Garmin Rino 110 GPS. I think I'll take Colonel Mustard in the next game of Clue. He looks guilty.
Best, Meryl K. Evans Editor
To unsubscribe instantly or change your preferences, see links at the bottom …
Reader
Survey
Complete our 1-minute reader survey and you could win a PAIR of Garmin Rino 110 GPS.
I've enacted a
two-factor authentication scheme for a knowledge management system that provides
clients with access to many systems within our network. The application owner
claims forcing our clients to use tokens is keeping them from using the
application, so I've made some concessions by using SSL Client Side
Certificates. Now they say these are even a hassle and argue that their online
banking services don’t require two-factor authentication, so why do it for
document exchange?
What other techniques
are used to authenticate for easier Web site access with existing technology?
The promises of wireless devices in the enterprise are many.
However, it also seems that the security risks are huge .... wireless traffic is easily recorded; passive eavesdroppers can gather proprietary information, logins, passwords, intranet server addresses, and valid network and station addresses; intruders can steal Internet bandwidth, transmit spam, or use your network as a springboard to attack others. The list goes on and on ...
We would like to figure out a way to use WLAN and WWAN technology without compromising our security. Depending on who I talk with, the solution either seems simple (use existing security techniques and policies) or complex, start from scratch, or impossible to secure.
Do we 1) modify what we currently do, 2) implement a whole new security program, or 3) just outright ban using the WLAN and WWAN? If we don't ban them, how do we protect ourselves?
