Michael Schmidt
On 22 Aug 2000, Martin Peikert wrote:
You only have to find the right words - that's the challenge - that they can understand you.
The real challenge is to find somebody who is interested... In their opinions its their boss who is responsible for security, and
Maybe true. But security isn't top-down, everyone in a company is a part of it. That is what not only secretaries but also managers have to _understand_ and then there you can find an interested audience... A friend told me his theory why NT systems are configured as they are, really unsecure: Most managers have a Computer running 95/98 at home. They think: NT is Windows, too - why should I pay for a system specialist when I _can_ configure Windows? It cannot be true that that is much more complicated... So the first step to security is: Make them interested in security! All of them!
downtimes created by crashes or intrusions are paid cigarette breaks.
If a server crashes, another has to do that job, too. In case of an intrusion - well, it would be better to think about an intrusion and an emergency plan _before_ anything happens. Then the downtime will become scarce to smoke a cigarette... ;-)
-I know these are prejudices, but sometimes right.
Yes, but there has to be an education to security or we will never have anything like that. We will have weak passwords - if any at all, misconfigured systems & servers and so on... Bye Martin -- martin.peikert@innominate.de system engineer innominate AG clustering & security networking people tel: +49.30.308806-0 fax: -77 http://innominate.de