Survey Monkey Survey

Maxticate

I wouldn't normally ask but a friend of mine is desperate for data in order to write up his masters in network security. If you have a spare 5 minutes could you please consider filling in this online survey for him.

http://www.surveymonkey.com/s/N3NH38Z

It doesn't take too long but is pretty dry stuff I'm afraid.

On the upside if you have any network security questions that need answering then I'll forward those on to him.

Cheers
Max

Agent57

Done

jonginge

I thought this would be about why so many forum names contain the word monkey...

lost_in_thought

Done done it.

My current employer has no security whatsoever.

essex-commuter

Agent57 wrote:

Done

+1

Monkeypump

JonGinge wrote:

I thought this would be about why so many forum names contain the word monkey...

Good question....

hisoka

Done too

davis

I believe that will lead to a fairly flawed analysis.

I don't think much security can come from e.g. some instructor-led training. I believe more useful security comes from paranoid people actively thinking about things. Whenever I pass e.g. a locked door or (my favourite) a clamped car I end up thinking about ways to defeat the security.
I do the same with computer/network security, which does form a fair part of my job.

I don't put much value in the idea of sending people to a seminar where some person stands up the front and says "Use secure passwords, don't write them down, don't open random stuff from unknown sources", because the people that think about this stuff have already thought of it, and those that don't probably aren't actually paying attention.
I'm doing some of this training a disservice, I know, and *some* of the training can be very useful, but I genuinely believe it'd be more useful to try teaching paranoia -- maybe you should try working out how to steal from the person sat next to you, or breaking into next door, or their network, then apply that thinking to your own stuff.
The reason you think about attacking someone else first is it's hard to spot flaws in your own security.

[Edit]: Done it, by the way, but I believe my results give a false impression of the consideration of security.

Maxticate

Thank you to all the wonderful people who have filled out the survey.

I will point my friend to the thread and pass on your appraisal of the questionnaire Davis, he can use it in his reflective learning

From my point of view I think what you have said is very interesting. From the little I've heard on the subject I can see why learning about what is possible could induce paranoia. The only problem I can see is that trying to figure out how to electronically break into other peoples computers and then applying similar techniques to assess your own computer security will require knowledge beyond the range of most people.

If this is the case is it not better to have someone aware of what can be done and how to foil it? Then in a lecture type setting they can give examples to induce paranoia and then provide information on protective techniques.

lost_in_thought

At my last company, they talked about getting someone in to try and break in to our office during working hours, then into our workstations. The head of IT reckoned it would take them about 10 minutes to access any one of the workstations, and then all the confidential data with it, and people would hold the doors to let them in past the six (I know) fob points.

Alas they never did so. Would have been cool, and reinforced the 'change your password, use something difficult to guess' message as well as the 'don't hold doors for strangers' one.

Most people's pwd was 'child'sname01' which they'd change to child'sname02, child'sname03 and so on.

davis

I was thinking of physical security too. Take a look at your next door neighbour's house and try working out how you'd break in -- actively visualize yourself doing this.
The easiest parallel in computer security is passwords: e.g. I know your dog's name, and your house name... that could be a reasonable guess at someone's password.

Anyway, paranoia's a good thing.

davis

lost_in_thought wrote:

At my last company, they talked about getting someone in to try and break in to our office during working hours, then into our workstations. The head of IT reckoned it would take them about 10 minutes to access any one of the workstations, and then all the confidential data with it, and people would hold the doors to let them in past the six (I know) fob points.

Alas they never did so. Would have been cool, and reinforced the 'change your password, use something difficult to guess' message as well as the 'don't hold doors for strangers' one.

Most people's pwd was 'child'sname01' which they'd change to child'sname02, child'sname03 and so on.

Oh.. they're fun. Alas, they're expensive. The last time I was involved with one it was on the order of 10 grand for a single computer system test (I think; I sure as hell didn't pay it).

It passed, by the way... :-)

lost_in_thought

davis wrote:

lost_in_thought wrote:

At my last company, they talked about getting someone in to try and break in to our office during working hours, then into our workstations. The head of IT reckoned it would take them about 10 minutes to access any one of the workstations, and then all the confidential data with it, and people would hold the doors to let them in past the six (I know) fob points.

Alas they never did so. Would have been cool, and reinforced the 'change your password, use something difficult to guess' message as well as the 'don't hold doors for strangers' one.

Most people's pwd was 'child'sname01' which they'd change to child'sname02, child'sname03 and so on.

Oh.. they're fun. Alas, they're expensive. The last time I was involved with one it was on the order of 10 grand for a single computer system test (I think; I sure as hell didn't pay it).

It passed, by the way... :-)

Ahhhhh but it was a hedge fund, at the height of the 'silly money' phase! Then ohhhh the recession...

Yeah, I'm always thinking about how to break in to houses, and adjusting my own security accordingly.

I've broken into my house in Ealing several times when I've locked myself out, fortunately I tend to open windows when I'm home. I always shut them when I leave though.

dhope

Done

Maxticate

I broke into a mates flat where i was staying once after he'd gone away for the weekend. Not 5 minutes after he left I locked myself out dressed in just my running gear.

I broke through the internal plasterboarding of a utility cupboard, into his hallway stairwell. I then had the rest of the weekend to practice my drywalling and fine plastering

Good job the hallway was simply painted matt white and wasn't wallpapered. Took about 5 minutes to get in, much much longer to repair!

SimonAH

Done

antfly

I`m not doing it. My life is dull enough already.