The final chapter of the book dealt with physical security.
This was the area with which I was least familiar. I'd never heard of anti-climb paint, for example, and some of the fencing technologies mentioned in the book are going to prompt some google searches after I'm done composing this blog post.
Frankly, I thought a lot of the stuff described in the chapter was extremely cool. As someone who writes a little fiction and also plays TTRPGs, some of the material in this chapter will likely find it's way into my hobbies.
Interestingly, I've never seen a security policy for my employer, even though I've worked for them for over a decade. I wonder if there's one out there I can get my hands on.
Sunday, May 4, 2014
Sunday, April 27, 2014
Chapter 5
Chapter 5 focused on the world of wireless and/or mobile devices and the threats particular to them.
There was a lot of good, solid, easy-to-follow advice in this chapter, particularly where configuring wifi security is concerned. It jogged my memory to turn off a few unused features on my home router and that one of these days I really should set up full-disk encryption on my laptop.
It also reminded me just why I prefer a desktop PC and physical cables to wireless devices so much. In addition to the more comfortable keyboard, greater connection speed, and vastly greater screen real estate that a desktop PC with a wired connection offers, wires are quite a bit more secure than radio waves, and they're much less susceptible to interference.
Furthermore, it made me feel vindicated in my general non-use of my smartphone for anything particularly critical. I may use it to check my email, but banking can wait until I'm at home.
There was a lot of good, solid, easy-to-follow advice in this chapter, particularly where configuring wifi security is concerned. It jogged my memory to turn off a few unused features on my home router and that one of these days I really should set up full-disk encryption on my laptop.
It also reminded me just why I prefer a desktop PC and physical cables to wireless devices so much. In addition to the more comfortable keyboard, greater connection speed, and vastly greater screen real estate that a desktop PC with a wired connection offers, wires are quite a bit more secure than radio waves, and they're much less susceptible to interference.
Furthermore, it made me feel vindicated in my general non-use of my smartphone for anything particularly critical. I may use it to check my email, but banking can wait until I'm at home.
Saturday, April 19, 2014
Chapter 4
Chapter 4 covered the basic operation of the internet and also spent some time discussing the specific ways HTML, email, scripting, and cookies work.
The chapter then went into some detail about how any one of these things, used improperly, can be an attack vector. This is important to remember, in my opinion, because there's not much out there that is truly innocuous any more. Just about every type of file, code, and method of communication can be subverted somehow.
The chapter also went into some detail about the basic workings of cryptography, which reminds me that the next time I rebuild my system, I want to try doing full-disk encryption on my system drive.
The chapter then went into some detail about how any one of these things, used improperly, can be an attack vector. This is important to remember, in my opinion, because there's not much out there that is truly innocuous any more. Just about every type of file, code, and method of communication can be subverted somehow.
The chapter also went into some detail about the basic workings of cryptography, which reminds me that the next time I rebuild my system, I want to try doing full-disk encryption on my system drive.
Sunday, April 13, 2014
Chapter 3
Chapter 3 covered some of the various "impersonal" attacks on computers that are most common, and spent some time distinguishing between the various types of malware. It also went into some detail on how best to deal with these attacks. One newer form of malware I wish they'd touched on in the textbook is ExtortionWare (such as CryptoLocker) because that's the way I think a lot of the newer malware is going. The textbook authors do deserve credit for one of the best and most succinct summaries of the difference between a virus and a worm I've seen in a while.
It's interesting to note that while the threats continue to evolve and change, a lot of the conventional wisdom (install AV software, back up your data, and have a firewall) is more or less "evergreen."
My one other gripe (besides the reminder that I need to back up more frequently) is that they didn't give a lot of time to warning about the dangers of risky browsing, malicious ad scripts, and so forth, but I suspect that may be coming in a later chapter.
It's interesting to note that while the threats continue to evolve and change, a lot of the conventional wisdom (install AV software, back up your data, and have a firewall) is more or less "evergreen."
My one other gripe (besides the reminder that I need to back up more frequently) is that they didn't give a lot of time to warning about the dangers of risky browsing, malicious ad scripts, and so forth, but I suspect that may be coming in a later chapter.
Sunday, April 6, 2014
Chapter 2
Chapter 2 focused on the weaknesses of human being where security is concerned. The chapter discussed authentication, social engineering, and identity theft.
I was heartened to see the chapter recommending the use of a password management tool. As I've mentioned before, I've been using LastPass for years, and I love it. It's one of my favorite security tools of all time, because it's one of the rare instances where (once I've entered my LONG password) security and convenience both increase at the same time.
The material on social networking is also a good reminder, though I think the best result there might be "either don't lie, or tell the same lie to everybody." Much like what the Miranda warning says about speech, anything you post on the internet can and will be used against you.
As a side note, I'm very pleased with the readability of the textbook so far; it's both less dry and both less ridiculous/stilted in its "real world scenarios" than most textbooks I've read.
I was heartened to see the chapter recommending the use of a password management tool. As I've mentioned before, I've been using LastPass for years, and I love it. It's one of my favorite security tools of all time, because it's one of the rare instances where (once I've entered my LONG password) security and convenience both increase at the same time.
The material on social networking is also a good reminder, though I think the best result there might be "either don't lie, or tell the same lie to everybody." Much like what the Miranda warning says about speech, anything you post on the internet can and will be used against you.
As a side note, I'm very pleased with the readability of the textbook so far; it's both less dry and both less ridiculous/stilted in its "real world scenarios" than most textbooks I've read.
Sunday, March 23, 2014
Chapter 1
I have to admit that Chapter 1 didn't hold a lot of new information for me; after years of listening to Security Now and a couple of other security classes at MCC, this was more of a review or a refresher than anything new. That said; I think it was actually a very nicely-organized and well thought-out refresher, and I think the chapter touched on a couple of topics that deserve to be touched one, such as the tension between security and convenience, and the different types of attackers out there. (Anonymous, Al Qaeda, and the guys who wrote Cryptolocker are all RADICALLY different in their approaches and goals; it's good to see that called out.) Since I don't think most, if any of what we turn in for our assignments has much visibility to the rest of the class, here are some favorite security things of mine:
Some XKCD comics on passwords:
http://xkcd.com/936/
https://xkcd.com/792/
http://xkcd.com/1286/
My favorite security podcast:
https://www.grc.com/securitynow.htm
And some other miscellaneous stuff:
Securing a wireless router (PC Mag article)
Shields Up!
Password Haystacks
LastPass
NoScript
Looking forward to the rest of the class!
-Peter Martin (or Timespike on the net)
Some XKCD comics on passwords:
http://xkcd.com/936/
https://xkcd.com/792/
http://xkcd.com/1286/
My favorite security podcast:
https://www.grc.com/securitynow.htm
And some other miscellaneous stuff:
Securing a wireless router (PC Mag article)
Shields Up!
Password Haystacks
LastPass
NoScript
Looking forward to the rest of the class!
-Peter Martin (or Timespike on the net)
Subscribe to:
Comments (Atom)