Linux-Sec.net
Security Mailing Lists
just starting, low volume
|
|
LSec Monthly Meeting
|
PreSorted 8100+ Security Related Sites
|
The Comments,Laws Stated Below credited to its "owner"
|
Security is NOT:
- Security is NOT installing a firewall ..
- Security is NOT a Product or Service .. ( by Schneier, Bruce )
- Security is Not a Product; It's a Process .. ( by Schneier, Bruce )
- A Security Audit is NOT "running a port scan and turning things off" ..
|
Security is:
- Security is "Can you still continue to work productively/safely, without compounding the security breach"
- Security is only as good as your "weakest link"
- Security is "risk management of your corporate resources(computers) and people"
- Security is "Can somebody physically walk out with your computers, disks, tapes, .. "
- Security is a Process, Methodology, Policies and People
- Security is 24x7x365 ... constantly ongoing .. never ending
- Security is "learn all you can as fast as you can, without negatively affecting the network, productivity and budget"
|
Food for Thought
- 80%-90% of any/all security issues are INTERNAL ( not the outside world )
- If you want to simulate a disk crash right now (unplug it NOW)...
- what data did you just lose ..
- how fast can you recover your entire system from the offline backups ..
- If the hacker/cracker penetrated your firewall ...
- what else can they do to your network/data ...
- what will they see on your network and other computers ...
- If your T1/T3 died ( dead router, dead csu/dsu, dead hubs ) ...
- how much loss of productivity (lost revenue) would you suffer for being offline ...
- do you have a secondary backup internet connection ...
- There always is someone out there that can get in ... if they wanted to ...
|