Timeline for The Memes of Information Security
Current License: CC BY-SA 3.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 17, 2016 at 21:22 | comment | added | Iszi | @Everett The knowledge that logging is in place may dissuade some malevolent actors. But it also might just be something else for them to disable and/or clean up when they're done. And system administrators tend to have the ability to do just that. | |
| Nov 18, 2014 at 19:43 | comment | added | Everett | Thanks for pointing it out. I agree with the logs, I guess I just expect that if someone knows they are being watched (logged) they aren't gong to do something.... | |
| Nov 18, 2014 at 17:26 | comment | added | Iszi | In any case, these aren't laws of our own writing. Head over to TechNet and look up the original author if you'd like to see some changes. | |
| Nov 18, 2014 at 17:25 | comment | added | Iszi | @Everett Update to #5 is not a bad idea, though one could justify that in biometrics a matching [biometric of choice] is your "password" and if more than one person matches you then there's a problem with your password. Law #6 is still applicable as-is, though. Logs are only good for after-the-fact reporting. Even if your logs are 100% trustworthy, if your admin isn't then all your logs are doing is letting you know when he's pwned you - not (directly) keeping him from it. | |
| Nov 18, 2014 at 15:56 | comment | added | Everett | Further law #6 should be rewritten, A computer is only as secure as the LOGS are trustworthy. Explanation: if your administrator has the ability to circumvent the logs you violated separation of duties. | |
| Nov 18, 2014 at 15:54 | comment | added | Everett | Law number 5 of the 10 immutable laws of security is not worded correctly. Law #5: Weak authentication trumps strong security. Explanation: Passwords are not the only form of authentication. Poor implementation of authentication (weak passwords plus biometrics with a high false positive rate) exemplify what I am saying. We NEED to take the focus off a password only scheme for authentication. | |
| Sep 4, 2012 at 19:45 | history | answered | Iszi | CC BY-SA 3.0 |