INTL 3:770/1 3:770/3
REPLYADDR 68g.1499@etr6.net
REPLYTO 3:770/3.0 UUCP
MSGID: b05d308e
REPLY: 47dd7308
PID: SoupGate-Win32 v1.05
On 1/30/24 6:37 AM, The Natural Philosopher wrote:
> On 30/01/2024 06:03, 68g.1499 wrote:
>> The continuing most-dangerous thing out there is not "hacking" but
>> "human factors" -
>
> My chief engineer went to do a security audit and install a corporate
> firewall, and then test it.
>
> His security report included:
>
> - "The widespread use of dial in modems connecting to users DDI ports to
> enable them to operate their windows desktop computers from home
> represents a far greater security risk than that offered by the internet
> connection....
>
> - "The list of root passwords pinned up behind the receptionist desk as
> well as the directory of usernames and DDI extensions is also sub
> optimal...
>
>
> I rest your case....
Heh, heh ... :-)
Though dial-up modems are kinda yesterdecade (did find a new
one still it its wrapped box under a desk when I cleaned out
my office recently though)
A very REAL prob, which persists, is that more than one
person often has to know connection usernames/passwords/
ports/etc no matter the methods. Multiple users may need
to access each others data when "Mr. X" goes on vacation.
You also cannot have just ONE super-duper 'vault' for said
docs because redundancy is safety.
Redundancy is also vulnerability - it's a
trade-off. You have to keep that "list on the wall" in
more than one location - and you'll NEVER be sure some
functionary didn't copy it into a Word doc in their
Documents folder (the first thing intruders go at) for
convenience.
No malice is required, simply normal human,
inevitable, laziness. Could NOT do manual log-in to use
network shares or 2FA or anything else nastily inconvenient
at my old job - the staff wouldn't put up with it. Had
to be fairly easy, automatic. Human nature and the truth of
the cyberverse are often at odds - and the whiners win.
Best I could do was to allow no "home-worker" RDT type
connections. Be there or be square. No 'active directory'
or any other Win single-point auto-"update"-ware either.
Many who did that stuff suffered horribly ; my "primitive"
approach was closer to indestructible - evilware had
few paths.
The new IT people, they really go for all that M$
convenience stuff - cloud networking, systemwide
updates, remote-workers, no linux/unix master
boxes, 3rd-party 'security monitoring', Online 365,
PROMISED secure cloud storage/backups, all that
"great" stuff. Probably not a single on-site backup.
I used to pre-encrypt anything sent to cloud backup.
They won't - they'll trust M$ or whomever.
Given the increasingly nasty world situation, I figure
six months before NK or some Romanian ransomware kiddies
blast it all to oblivion. Oh well, I'm out, getting my
pension ... whatever will be will be. Nobody seems to
learn anything ..........
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
SEEN-BY: 1/19 15/0 16/0 19/37 80/1 90/1 105/81 106/201 123/130 128/260
SEEN-BY: 129/305 135/225 142/104 153/757 7715 203/0 218/700 840 220/70
SEEN-BY: 221/1 6 242 360 226/17 30 100 227/114 229/110 112 113 200
SEEN-BY: 229/206 307 317 400 426 428 470 550 616 664 700 230/0 240/5832
SEEN-BY: 266/512 267/800 280/5003 282/1038 291/111 292/854 301/1 310/31
SEEN-BY: 320/119 219 319 2119 322/757 325/304 335/364 341/66 342/200
SEEN-BY: 396/45 423/81 460/58 633/280 712/848 770/1 3 100 330 340
SEEN-BY: 772/210 220 230 5020/400 5053/58 5058/104 5075/35
PATH: 770/3 1 218/840 221/6 1 320/219 229/426
|
