Re: Google gets nuts -
09-02-2004
Hi,
sercirity is not done in soft or hardware (which is just unflexible software). security is a question of concept, they simply don't want to make it the save way.
i worked for some sw companies, they all got pissed when i told them that buying some hardware would just make other people rich, but instead they would have to stop doing silly stuff: M$ internet software [allow me to i'm in within 14 days]; unrestricted phone access (every laptop has a modem); fully filtered and analysed http proxy only suitable for google (http tunnels are avail under GPL), a dictionary and other non-script inforation pages; no storage outside the personal liable IT admin's controll (no cdr/floppy, no lap top's); all remote work done using terminal services;...
and at position 50+ you will find things like better use DES3 instead of DES, since hacking DES is far more trouble some that building a trojan with a win32 kit, make it encrypted and compressed. put up a website some developer will have intresst in (does he like ducati, moutainbiking ar aleik); lead him there with spam or postings on his favourite board and GOTTCHA
i think you now can imagine how easy it is to do bad things, and having a second firewall is useless, it won't filter http on per request base, and wont stop your employees to fall in love with cheap social engeneering i can buy for less than a security concept...
cheers
|