[Dshield] Being a good Internet citizen - best practices?

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Mon Feb 6 17:01:58 GMT 2006


On Sat, 04 Feb 2006 16:06:08 PST, David Vincent said:
>
> I recommend against using bank safety deposit boxes for magnetic media 
> since the boxes themselves can have magnetic fields which wipe out the 
> data you are trying to protect.  Proper investigation of your offsite 
> storage location will help and is always a good idea.  Also, what 
> happens when your disk array fails and it is a bank holiday?  Can you 
> get your backups in a timely manner?

If the backups are stored at an employee's house, it's even *more* likely
to meet a bad end - the bank box may have a residual magnetic field, but
the chances of media at a place of residence meeting up with a fridge magnet
are much higher.  Guy takes media, goes to grocery store on way home, gets home
and puts everything on kitchen counter while groceries are put away, and the
4 year old drops something in the box while parental is putting away the ice
cream (anybody who doesn't see that as a credible threat model never had kids ;)

And what if you have a failure and the employee is at Disneyworld that week?

I didn't say it was perfect - I said it was "better than an employee taking
them home".

> See http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html  You're 
> talking about Linux/Firefox, on Windows if you really want to use the 
> most secure browser you need to switch to Opera.

The point wasn't that it was "more secure" - the point was that if you have
a monoculture, if anything happens you lose 100%.  If you run 2 different
packages, you're likely to have 50% survival rate.  There's a case to be
made for *not* running the absolutely most secure stuff on 100% of your boxes....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060206/a63d65f5/attachment.bin


More information about the list mailing list