in reply to Why do you have to worry about Brute Force Attacks?
Humph... let me just comment on this, this way. I live in a subdivision. My neighbors are all good folks who I would never expect to walk into my house and take things from me, but just the same I lock my front door when I leave the house for anything more than say 5 minutes.
Likewise I close and lock my windows.
I also have eight dogs in my house. Three of which I'm sure would do an intruder lots of harm if they were to be in the house with nefarious intent.
Never-the-less, if someone really wanted to break into my house and take things of mine none of this would truly deter them.
So... why bother? With all of this why not just leave the door unlocked, the windows open and unlocked and crate up the dogs?
(Please note: the dogs aren't in my home for the primary purpose of being a theft deterrent. It's just a perk of having dogs.)
You take reasonable precautions to safeguard your security and personal safety because it is a reasonable thing to do. In a sense, you are "raising the bar " to make nefarious actions on some ne'er-do-well's part less attractive to them. If they have to pick a lock to get in (or smash a window) and then face the wrath of my pack of dogs and if by some unfortunate series of bad luck on their part I happen to be home at the time my wrath then maybe it ain't worth it. I don't have objects of art worth tens of thousands of dollars and theives tend not to be interested in boosting the average homeowner's stuff with that kind of risk.
On the other hand, there is a such thing as going to far. One of my neighbors in this very quiet subdivision had a Rhottweiler that he told the whole neighborhood was a trained and vicious attack dog (it wasn't... in fact the dog wanted to come live with me.. but that's a story for another time), had security bars on windows, and a high tech state of the art alarm system with panic buttons around the kid's necks (!) that called in to a central monitoring station.
All that effort made the whole neighborhood wonder what in the world he was trying to protect. Someone in law enforcement that I know told me that a few folks in the law enforcement community wondered just what this guy was up to that he needed so much security.
So by being too conspicuous about security is apt to call unwanted attention to yourelf as well.
Having said all that, when analyzing what security measures you need to take for an application (or your home or whatever) you want to examine the following at the very least:
If you are protecting a club's events calendar you want to use just enough security to make sure that only folks authorized to view it and/or modify it can do so. For this type of application I'm not going to get crazy about doing intrusion detection, brute force attack detection/remediation or any of that fancy stuff.
Where would I use it?
How about in cases where the data I'm protecting involves large amounts (or even not so large) amounts of money such as in investment portfolio data. Cases where medical patient data must be protected against HIPAA violations.
Certainly where the data involves national security I would be looking to lock that down thoroughly.
So, your milage is going to vary...
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re^2: Why do you have to worry about Brute Force Attacks?
by shotgunefx (Parson) on Sep 27, 2006 at 00:46 UTC | |
by blue_cowdawg (Monsignor) on Sep 27, 2006 at 01:04 UTC |