Six dumbest ideas in the Computer Security Field

Source: Internet
Author: User
The link shown on Slashdot is very interesting:
Http://www.ranum.com/security/computer_security/editorials/dumb/

Briefly describe it in Chinese. For more information, see the original article.

The author believes that there are many common mistakes and opinions in the computer security field. The most serious six are:
1-default-many items are allowed by default in our system, suchProgram, Port, etc. Is it necessary?
2-enumeration of bad things-if we only need to care about what we really need, isn't it easier to list what we don't need? (Do we really need to engage in an "arms race" with hackers "?)
3-penetration and patching-many software vendors are looking for someone to test system security vulnerabilities and try to release patches to customers before hackers take advantage of them. Is this really a good solution? (The author's example is ie)
4-hackers are cool-many media have intentionally neglected to beautify some bad things and behaviors, such as hackers.
5-training/educating users-why do we need to educate users not to do this? Is it necessary? Many simple principles and usage habits are often unpredictable and blocked by users, unless you eliminate the possibility of such a choice from the source.
6-better than inaction-this is related to Chinese Taoism. When we are preparing to start installing and using a new software or tool, we 'd better stop and think about it first, observe.

The author also summarized some less serious incorrect ideas, such:

-We will not be attacked.
-If you patch all users at any time, everyone will be safe.
-We don't need a firewall because we have a good host security mechanism.
-We don't need a host security mechanism because we have a good firewall.
-We should first use it to solve the security problem later.
-We cannot prevent accidental problems.

The last point is funny. The author gives an example. If you think that the aviation industry treats your life in this way, will you still take a plane from a commercial airline?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.