Balancing Risk and Trust in a Complicated World

Working Dumb

The first of the people problems that compromise trust in a security system is easily the most important: People do stupid things even when they know they're stupid, and may have done the corresponding smart things for some time. They do stupid things even while understanding that working stupidly goes against their own interests. As Schiller said long ago, Against stupidity the gods themselves contend in vain.

Backing up your data is probably the best example. The necessity of backing up your computer files is an oft-repeated mantra that goes back to the dawn of computer time. And yet everybody (myself included) has lost data here and there because backups were seriously out of date or nonexistent.

Dumb passwords are another. Is your main (or only) password your dog's name? (And is your dog named 'Max?' Everybody else's dog is!) Is that password written on a sticky note and tacked to the side of your monitor?

Unlike computers (which follow our instructions precisely, even if we sometimes craft those instructions badly), people can choose not to do what they know needs to be done, and most of the computer security problems in small-systems (like those of a home network or a small office network) are of this type. In a sense, we trust our computer systems to make up for our own stupidity. Actually, it amazes me that our computers do as good a job as they do of protecting us from ourselves. That's a brittle sort of protection, however, in that when it fails, it fails badly-often spectacularly.

As Woody Allen recognized, 80% of success in life is just showing up. As I'll say elsewhere (and often) in this book, well over half of the trick of Wi-Fi security is just turning it on. Once you have WEP enabled, it provides reasonably strong protection, at least in part because so many other people have been stupid and left it off. The bad guys thus seek out the 'low-hanging fruit'-those countless networks with no protection at all-and pass your network by.

Lots of very smart people can teach you some very simple techniques for protecting your data and your network. None of that matters at all if you don't put that wisdom to use!

Ignorance Is Expensive

Of course, there is stupidity and then there is ignorance. In our drive for productivity, we sometimes short the requirement of telling people how to work smart and why. This is more of a problem in business networks-certainly when it's your own butt on the line, you have substantial incentive to be careful and follow security procedures on your home network. But if other people work for you, don't underestimate the importance of training. It takes time, and time is valuable, but the downside when training is omitted can be huge.

Some people think that security techniques are obvious. Possibly-to a person used to being wary, or a seasoned manager with years of looking after people and systems. Ordinary people, especially non-technical non-managers, tend to be trusting and not suspicious, especially about technology. This came to the forefront recently in the Wi-Fi industry, when junior staffers at large corporations were discovered to be buying newly-cheap Wi-Fi access points and plugging them into the corporate network inside their cubicles. They did this so that they could take their laptops and work in the lunchroom or even (egad) in the washroom. The guilty parties were not working stupidly, because they didn't understand the nature of Wi-Fi operations nor the inner workings of the corporate LAN. They didn't catch on to the ( nonobvious) truth that they were opening a door to the corporate network inside the company firewall, and making it available to any nutcase sitting in the company parking lot with a laptop.

I find it astonishing to hear from friends of mine in corporate America that many companies still don't have any policy on wireless networking, or heaven knows any program to teach staffers about the risks inherent in wireless networking. When it's so easy and cheap to poke holes in a corporate LAN, companies must teach their people why it shouldn't happen without planning and proper security technology. (WEP? What's WEP?)

Yup, ignorance is expensive, especially if (as in many large companies) you have something to lose thereby.



Jeff Duntemann's Drive-By Wi-Fi Guide
Jeff Duntemanns Drive-By Wi-Fi Guide
ISBN: 1932111743
EAN: 2147483647
Year: 2005
Pages: 181

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net