Security Basics mailing list archives
RE: Why Security testing is required
From: "Ryan Cornelsen" <ryancor () microsoft com>
Date: Thu, 26 Feb 2004 16:15:30 -0800
By that same token, many people have a false understanding of what "security" really means. Security, whether it be physical, electronic, or otherwise, only buys the user time. Take a home safe for example. You can buy the best safe on the market but given enough time and the right tools anybody can break into it. The same goes for electronic security on computers. That being said, the time that a good security system buys you can often be the determining factor between a thief hacking your system or giving up and moving on to a lesser protected target. The only question that remains is: "How much time do you need?" The other thing people tend to overlook when it comes to securing a computer is the physical security. All the firewalls in the world won't do you any good if somebody walks into your lab and takes the computer itself or hooks up another computer directly to hack into it. It's much easier to hack a security system when physical access is gained to the computer. To give my own .02 cents on the original question, security testing is important because you need to be proactive in finding new ways to hack a system. If you don't find the security flaw and plug it then someone else will exploit it. No matter how good you are, you will always miss *something* when designing software, the only question is what and how severe of a problem it is. Ryan Cornelsen -----Original Message----- From: Navaneetharangan [mailto:navaneeth () innsolutions com] Sent: Wednesday, February 25, 2004 8:35 PM To: security-basics () securityfocus com Subject: RE: Why Security testing is required Hi all, A couple of days after reading this post, I came across a very interesting definition for Security. The speaker actually said, "Security doesn't lie in keeping your money in a fireproof safe, locking it and hiding the key in a far away island, but lies in making a few such safes, locking them and asking a thief to try and break it." This means that no security measure is complete without testing it thoroughly. Regards C.Navaneetharangan CISA -----Original Message----- On Thursday 19 February 2004 05:07 pm, Matt Lyon wrote:
Hi List,As a non technical person I want to know why security testing is
required
when all security systems like Firewall, IDS and content management
are in
place. This is a very basic question but I want to know answers from
different
users point of view like:-
good ?, ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Why Security testing is required, (continued)
- Re: Why Security testing is required steve (Feb 24)
- most that can happan (was Re: Why Security testing is required Meritt James (Feb 25)
- RE: Why Security testing is required David Gillett (Feb 24)
- Re: Why Security testing is required Byron Sonne (Feb 24)
- Re: Why Security testing is required captgoodnight (Feb 24)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- Re: Why Security testing is required Meritt James (Feb 26)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- RE: Why Security testing is required Raoul Armfield (Feb 24)
- RE: Why Security testing is required Steve (Feb 24)
- Re: Why Security testing is required Fralick, Alan (Feb 25)
- RE: Why Security testing is required Ryan Cornelsen (Feb 27)