Cloud & Telecom Security

读到一则关于安全专家Bruce的采访，内容非常生动有趣，和大家分享一下其中精彩之处。

>复杂是安全最大的敌人，系统越是负责，就会变得越不安全。

Complexity is the worst enemy of security; as systems become more complex, they get less secure.

>另外，关于口令，Bruce也谈了自己独特的见解。复杂是最大的敌人同样适用。要使自己方便记住，将不是很重要的口令设置成一个。将一些其他的口令记在一些小纸条上，放在钱包里；使用口令管理程序Password Safe…

One, I choose the same password for all low-security applications. There are several Web sites where I pay for access, and I have the same password for all of them. Two, I write my passwords down. There’s this rampant myth that you shouldn’t write your passwords down. My advice is exactly the opposite. We already know how to secure small bits of paper. Write your passwords down on a small bit of paper, and put it with all of your other valuable small bits of paper: in your wallet. And three, I store my passwords in a program I designed called Password Safe.

下面是采访的原文… Read more…

This morning I read a good essay named “Security Myths and Passwords” by Prof. Eugene Spafford. Prof. Eugene told us his doubt on those best practices on password management policy, like “monthyly change”, based on the interesting origin of this “best practice”.

The defects and even failures in most of enterprise security defense systems can be root caused into problems in “security execution”, ie. the discrepancy between the policy and the real environment. The security manager just book those best practices into their “policy”, while not considering their staff, their skills, the data to protect, the threats to contain/mitigate…

[Tags]Security[/Tags]