Modernizing Authentication — What It Takes to Transform Secure Access
The thing is, though, paranoia is an unfounded fear of the unknown. Wetell ourselves that ours is not a paranoid fear of the unknown, but ahealthy respect for the known. Right?
Have we gone too far?
Well, let's explore that a bit.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i On the occasions that I've been accused of being paranoid because of thesecurity measures I've taken to protect my home office or mobile officeenvironment, it's generally been in regards to how I've configured adevice or security protocol.
Let's consider, for example, the fact that I set my 802.11g WLAN up touse the latest WPA security protocol. Further, I've set up an access listcontaining only the MAC addresses that I authorize to use my WLAN. Then,I set up my Linux-based DHCP service to only dish out IP numbers to a(separately maintained) list of MAC addresses. And I diligently log everyDHCP transaction on my (again, separate) Linux event log server.
Paranoid? I don't think so, but others tell me that it is.
Draconian? Perhaps. To be sure, it's a fair amount of extra work for me.
But, as I tell my friends who accuse me of paranoia, I've only takenthese measures in response to the myriad of papers, articles and booksthat provide details of just how unsecure most wireless LANs are. Let'sface it, if I were relying on WEP -- even in its 128 bit instantiation --to protect my business' assets over my WLAN, I would consider myselfnegligent.
And there we get to the heart of the matter: namely, my business' assets.
I use my WLAN to access my home/office network. My business files are onthat same LAN. I made the conscious decision to use all the technologyreadily available to protect those assets. After all, it is quiteliterally my livelihood that is at risk. Of course it's worth spendingthe extra time to really get every ounce of possible protection from allof my security devices.
But what about the more typical home and home office user? What about theuser setting up his cable modem and WLAN gear, which only gets used forWeb surfing, emails with friends, and such? Should she be as ''paranoid''as I am? For that matter, how about other PC and LAN configuration issuesthan just WLANs?
Clearly, there is a lot of room for an individual's judgment call here.After all, the direct risks to each end user can and do vary quiteradically. I'd still counsel people to consider other issues than justtheir own business assets. Your home PC is still a desirable target tomany miscreants in the world. Take, for example, recent trends indistributed spambots, spyware, phishing attacks, and such. They don'ttarget individual end users. They target all end users, which is just oneof the things that makes them so heinous.
So, even if you don't have your own business, banking information,retirement account information, or other vital assets at risk on your PC,I still believe a healthy respect for even the known attacks that we'veseen to date is a wise consideration in configuring your systems.
Go ahead and call me paranoid if you'd like. I've been called worse.But, when I'm setting up my latest gizmo, I spend a few extra minutes andactually read through the owner's manual to learn all of the capabilitiesof each new device. I find out what security capabilities it has, and Itake the time to enable them. In almost every case, they're not turned onby default, which, in my opinion, is a horrible mistake that all too manyproduct vendors make. Blindly plugging that new device in and hoping forthe best is, in my opinion, tantamount to putting a ''kick me'' sign onyour front door.
I should add that security is only one benefit of my approach.
In taking the time to study each device's capabilities before turning iton, I've also often discovered features and such that I was unaware ofbefore. I like to think it enables me to get the most out of each newgizmo that I add to my collection.
So, when the police knock on your door because your neighbor's kid hasbeen using your WLAN to download copyright-protected files from the net,we can talk about who was paranoid and who was just taking appropriatemeasures to protect his assets.
I wouldn't leave my WLAN unprotected any sooner than I'd leave my carunlocked while parked at the airport.