Intel's Ronler Acres Plant

Silicon Forest
If the type is too small, Ctrl+ is your friend

Wednesday, September 16, 2009

Security

Security is one of the most overlooked facets of modern day computer systems. It gets a good deal of lip service, but little real attention. Oh, we hire analysts, and we have meetings, and we implement the latest encryption techniques and the latest protocols, and we make our users change their passwords to something no one can remember every five minutes, but none of that really addresses the issue.

The military uses guards. I don't think I could be a guard. I don't think I ever could have been a guard. Standing or sitting in one place for hours on end with nothing to do but watch the occasional person walk by. Perhaps you can train your mind to it, but I don't see how. I would need some serious motivation. I am pretty sure guards can easily be circumvented, a poor copy of a whatever card or piece of paper will let you in, a little slight of hand, a little distraction, and you could probably walk right by them.

A real security system would need to use a constantly changing set of passes. Any person with access would have a dozen or so: easily remembered words or numbers, finger prints, a key, a hand print, a photograph stored in a file. A selection of three or four would be required for each entrance, and it would be a different combination each time. I don't think a guard should be required to verify someone's identity from a photograph more than a certain number of times per hour. I imagine someone has tested people's abilities in this, and likewise, I suspect people's skill level varies tremendously.

My bank's web site has gotten more sophisticated. I suspect it times the keystrokes used for my ID and password, and if the timing is off, it queries me with other questions. Pretty good, I think.

1 comment:

Eunoia said...

3 options : something you....

have : e.g. a key/swipe card

are : fingerlengths/fingerprints/bloodvessels in the back of the eyes, typing-timong pattern

know : password/phrase , challenge/response algorithm, PIN/TAN

any other ideas?