Cargo Cult Security

René Pfeiffer/ August 21, 2011/ High Entropy, Stories

Here is a fictional story for you that bear no resemble to any living, dead or undead persons whatsoever. Imagine someone who is interested in establishing and maintaining a „medium“ to „high“ level of security for his or her business data. This person is a power user and uses harddisk encryption, an encrypted file server, access to internal data by VPN and GPG/PGP for communication. So far so good. Now for the bad news: untrusted devices without security software may also access internal resources and shiny new workstations run without anti-virus protection or firewalls. Questions about potential risks are ignored, suggestions to periodically check the security measures vanish into the big e-mail void, too. What is wrong with this picture? Well, given that all of this is purely fictional, some one you might recognise

Read More