How in the world are you going to retype that password ????? cut&paste don't always work with passwords.... Much better to use a sentence, eg. from your favorite book. As long as it is long enough, you 're ok. Even more ok if you spoke swahili or Sioux or inuit. You don't have state secrets on your machine, do you ?
LOL - it's best to ALWAYS assume a backup is BAD until you've verified it, and it's always best to have more than one backup. That's a generic rule of thumb.
Bullshit. A backup should never overwrite a previous one.
Which is equivalent.
Don't trust the kids. Supervise them.
Why not?
And you'll see how easily they circumvent it. That's why personal supervision is unavoidable.
As it this would actually work...
Well, what about enforcing that policy?
But computing resources and bandwidth.
Shouldn't this be rule 0, 1 and 2?
I'd say: never.
It does.
What's that stupid question supposed to mean?
point is, that sometimes discover a system to be corrupt after some time, in which time you might have made (and overwritten) one or more backups. So you do not use only two CD/CDRW/tape, to make DAILY backups. But you knew that... Some people don't....
LOL, if that was the case then companies would have thousands of tapes in archive instead of just enough to recover 1 years worth of files and one yearly tape for 7 years before that.
Unfortunately, I have to agree with this one. I know how *I* was when I was younger. If they CAN do it, they will be tempted TO do it. But, I think you are both saying the same thing essentially.
Aside from the legal implications? You are opening up connections to MANY unknown computers and giving them access to write files onto your hard drive...
That would be why everybody has their own user ID. And none of the accounts has software install privilages.
you missed this one....
you haven't seen much of the ICT world then...
I have to spell everything ?
how so ?
You haven't been around much...
like the key to your front door: easy to break a window pane.
define work
penalty by death or grounding for a week ?
Backup three times in a row ? overkill maybe... esp. if u use the same CDRW/tape...
Get a life....
What legal implications? Oh, wait, not every country has a relatively sane legal system...
You give them access to read files from specific folders, nothing else. You may yourself download data from them to write them to a specific folder. So far, this isn't any security problem.
There is no such thing like "software install privileges". There's some software that installs fine without admin rights. There's so much software that runs without installation. Almost any installed software can be made run without installation.
A proper enforcement would be: No one can execute any program, this is enforced by the kernel and the shell. Like, under Unix, mounting a drive no-exec, or, under Windows, Software Restriction Policies.
You sure have to check against various allowed software serving as script interpreters. If you allow running perl.exe, you may still have a problem.
Too bad that I manage all my passwords via copy&paste. Especially in my local machine. I wonder why exactly copy&paste shouldn't work there...
You're imposing something like "oh, it's not so important, maybe you should leave away some security measures". This is blatantly dangerous. A proper attitude would be to always practice and use the same strong security mechanisms regardless of the situation - thus you'll never have to think about if it's actually worth it, but therefore you can't make any wrong decision towards weaker security.
Sorry, I assumed that with "FW" you referred to a host-based packet filter.
I have. Now give me reason.
The lock on your front door isn't supposed to resist a break-in. It's supposed to clearly and effectively signalize that you don't want anyone to enter your home without permission. And it doesn't exist because you care, but because your assurances cares and therefore demands it.
Reliably enforce your policy. And for sure it won't work. What about loading code and executing it in memory directly? Webbrowser do so with JavaScript, as most exploits to network client software do. When your virus scanner detects that a website with a certain exploit is written to the browser cache, it's already to late, because while writing it, the webbrowser already executes the code.
If you want a clear demonstrating, then simply surf to the EICAR test website and wonder how that browser can actually present the EICAR test string on your display if your virus scanner blocked storing the website to the cache.
Yes, that would be a good start. But it should be backed up by technical enforcement, f.e. Software Restriction Policies under Windows which give you a global no-exec on any program except those on a whitelist.
No, just stating it three times to clearify its importance. After all, these are the three rules of IT business:
bull limiting factors are, amongst others:
1: price, 2: effort to be invested 3: knowledge to be acquired 4: value of data 5: time = money To ignore these factors is blatantly stupid.
For the common scenarios non of these are any hard limits, and are alomost negligible. Paying attention to usually irrelevant factors is blatantly stupid.
As as example: passwords (creation, usage, management). Now tell me which of these factors is reasonably relevant.
silly man. spending your entire monthly income on securing your home MSN-pc.... silly man, not understanfding that there are no hard limits in life... Silly man, not understanding the concept of satisficing...
If only you could be introduced to the silly and wonderful life outside of Usenet....
Is there hope, we might wonder...
Thanks. I'll take a look at it.
Do not trust wireless connections.
Jimmy White ha escrito:
Okay, legal implications in nations that actually have copyright and theft laws that are enforced.
You are putting software onto your computer from an unknown source. How is that not a security problem?
No argument here.
OK, why should someone use P2P for copyright violations? Seems rather stupid. In my country, downloading from a not obviously illegitimate source is considered legal. As well as sharing within a very limit range of persons in a community. And sharing incomplete files isn't seen as an infringement. My P2P client enforces these rules.
And how can someone commit theft via P2P? Sounds like you're drunk.
Bullshit. The P2P software usually comes from a known source, and in fact all my P2P software is compiled from the source code.
Or what else do you mean? Installing the software downloaded via P2P? Well, of course, this would be generally a totally stupid idea. But, as described below, users should not be able to run arbitrary code at all.
And well, there are verifiable ways to distribute software via P2P, if it's the vendor of the software who does so.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.