The motivation for security

Winter Soldier · Mar 24, 2017

We often discuss how the attacks are sophisticated, since the malware is advanced and how much it is easy or difficult to organize defenses more or less stratified.

But I would like to consider another perspective in this post

The defence exists if there is the need for security relating to personal data and, unfortunately, of interest to others.
The defense then must be organized by thinking about how we know our enemy, and especially his motivation.
Because the state of the threat today allows anyone, with a strong motivation, to take advantage of a real industry of cybercrime, which provides services and tools for the less skilled people to carry out attacks.

Fortunately, the defense is from the culture and from the information combined with a little bit of healthy paranoia. That is, from the knowledge of the enemy.

Just a thought

frogboy · Mar 24, 2017

Plenty of healthy paranoia here to go around for a few of us.

Handsome Recluse · Mar 24, 2017

Paranoia is an emotion nonetheless. You need to be calm and know and implement what you're doing based on your calculated threat model and any potential changes in the future. This is gonna be better than relying on some cheese tactic of an emotion.

BugCode · Mar 24, 2017

Yeah, my post are pretty much often "like child understanding mode". I quoted this my one of favorited movie "My momma always said, "Life was like a box of chocolates. You never know what you're gonna get." <= & that's make it interesting! So, it's like that altrought "know your enemy" is good sentence, but thruth is far beyond

Thanks WS for starting interesting topic

Winter Soldier · Mar 24, 2017

TerrakionSmash said:
Paranoia is an emotion nonetheless. You need to be calm and know and implement what you're doing based on your calculated threat model and any potential changes in the future. This is gonna be better than relying on some cheese tactic of an emotion.

A bit of paranoia is how to take awareness of the problem and begin to understand the functioning of the tools that we use on a daily basis. Unfortunately, even on a secure machine, an inexperienced user could create damage.
Unlike what many believe, the "security process" is not a simple product to buy and install, but includes both, material factor and human factor, which notoriously is the weak link of the security chain. The security then has be understood as a process where no solution is final and that has to be managed continuously, in which there are only different levels, proportionate to the importance of the good things to be preserved.

Handsome Recluse · Mar 24, 2017

Winter Soldier said:
A bit of paranoia is how to take awareness of the problem and begin to understand the functioning of the tools that we use on a daily basis. Unfortunately, even on a secure machine, an inexperienced user could create damage.
Unlike what many believe, the "security process" is not a simple product to buy and install, but includes both, material factor and human factor, which notoriously is the weak link of the security chain. The security then has be understood as a process where no solution is final and that has to be managed continuously, in which there are only different levels, proportionate to the importance of the good things to be preserved.

Paradoxically, maybe, management also incurs cost.
Difference in importance relating to difference in security sounds like principle of least privilege to me. Doesn't Principle of Least Privilege also include things other than the system like data, etc.

Deleted member 178 · Mar 24, 2017

Do you know the story of Umbra The Wise? no? shame on you ! so for your personal enlightenment , there is the short version:

Once upon a time , the great Umbra had enough money to buy a PC !!! then he , like any noobs , used is 56k connection to discover the mysterious realm called "Internet" and because Umbra was always touched by the Dark Side , he wandered to the dark corner of the web...especially some hackers forums (mostly a place populated by some advanced script kiddies), then after a while he became friend with some of them. Unfortunately, Umbra The Wise , known at that time under a different and now long forgotten nickname, discussed about the great Subseven, Back Orifice (love the name

) and other Poison-Ivy and how to spread them to innocent users...with time some were willing to teach Umbra the art of hacking , but Umbra didn't had the time nor the Will to learn how to code and study attacks procedure, he spent most of his time to challenge real life people on Street Fighter or King od Fighters. However, he decided to challenge his friends to "hack" him then start to learn about defense methods instead of attack. Because Umbra the Wise , knew how his "hacker" friends thinks, he could defeat all their attempts...From that time, Umbra the wise, allow only the worthy to learn his secrets ...

Be a bit paranoid and mostly "know your enemy" !!! (awesome song from Rage against the machine) are the keys.

frogboy · Mar 24, 2017

Umbra said:
Do you know the story of Umbra The Wise? no? shame on you ! so for your personal enlightenment , there is the short version:

Once upon a time , the great Umbra had enough money to buy a PC !!! then he , like any noobs , used is 56k connection to discover the mysterious realm called "Internet" and because Umbra was always touched by the Dark Side , he wandered to the dark corner of the web...especially some hackers forums (mostly a place populated by some advanced script kiddies), then after a while he became friend with some of them. Unfortunately, Umbra The Wise , known at that time under a different and now long forgotten nickname, discussed about the great Subseven, Back Orifice (love the name ) and other Poison-Ivy and how to spread them to innocent users...with time some were willing to teach Umbra the art of hacking , but Umbra didn't had the time nor the Will to learn how to code and study attacks procedure, he spent most of his time to challenge real life people on Street Fighter or King od Fighters. However, he decided to challenge his friends to "hack" him then start to learn about defense methods instead of attack. Because Umbra the Wise , knew how his "hacker" friends thinks, he could defeat all their attempts...From that time, Umbra the wise, allow only the worthy to learn his secrets ...

Be a bit paranoid and mostly "know your enemy" !!! (awesome song from Rage against the machine) are the keys.

And this I will wager is a true story i reckon.

Deleted member 178 · Mar 24, 2017

frogboy said:
And this I will wager is a true stIry i reckon.

Yes it is. If i knew i would take the attacker road, i could get lot of money these days ^^

509322 · Mar 24, 2017

Paranoid users are mostly those that have doubts because they don't understand. Their thinking typically manifests as something like this: "I will take a T-99 main battle tank to a knife fight."

Deleted member 178 · Mar 24, 2017

Lockdown said:
Paranoid users are mostly those that have doubts because they don't understand. Their thinking typically manifests as something like this: "I will take a T-99 main battle tank to a knife fight."

And wear a kevlar vest to avoid mosquitoes' bites

509322 · Mar 24, 2017

Umbra said:
And wear a kevlar vest to avoid mosquitoes' bites

Put sun tan lotion on at night.

And worry it will snow 8 meters in the Sahara desert.

larry goes to church · Mar 24, 2017

I think this stops alot of script kiddies first and foremost.

If you're going to attack something you opsec must be PERFECT no if and or buts about that.
Paranoia is pretty much the first stepping top to good opsec.

509322 · Mar 24, 2017

larry goes to church said:
Paranoia is pretty much the first stepping top to good opsec.

The type of paranoia we were referring to is utterly worthless to IT security.

Paranoia and careful, measured solid security are two completely different things.

Solarquest · Mar 24, 2017

Umbra said:
Do you know the story of Umbra The Wise? no? shame on you ! so for your personal enlightenment , there is the short version:

Once upon a time , the great Umbra had enough money to buy a PC !!! then he , like any noobs , used is 56k connection to discover the mysterious realm called "Internet" and because Umbra was always touched by the Dark Side , he wandered to the dark corner of the web...especially some hackers forums (mostly a place populated by some advanced script kiddies), then after a while he became friend with some of them. Unfortunately, Umbra The Wise , known at that time under a different and now long forgotten nickname, discussed about the great Subseven, Back Orifice (love the name ) and other Poison-Ivy and how to spread them to innocent users...with time some were willing to teach Umbra the art of hacking , but Umbra didn't had the time nor the Will to learn how to code and study attacks procedure, he spent most of his time to challenge real life people on Street Fighter or King od Fighters. However, he decided to challenge his friends to "hack" him then start to learn about defense methods instead of attack. Because Umbra the Wise , knew how his "hacker" friends thinks, he could defeat all their attempts...From that time, Umbra the wise, allow only the worthy to learn his secrets ...

Be a bit paranoid and mostly "know your enemy" !!! (awesome song from Rage against the machine) are the keys.

Nice story, I like it!

Search

The motivation for security

Winter Soldier

Level 25

frogboy

In memoriam 1961-2018

Handsome Recluse

Level 23

BugCode

Level 10

Winter Soldier

Level 25

Handsome Recluse

Level 23

Deleted member 178

frogboy

In memoriam 1961-2018

Deleted member 178

509322

Deleted member 178

509322

larry goes to church

Level 3

509322

Solarquest

Moderator

Similar threads