Comment Re:Cables are securer? (Score 1) 81
> You want real security?
> Think biometrics.
Not even close. Biometrics are horrible for data security. In fact biometrics are horrible for almost all security situations. Consider the attack you put forth (walk in company, place box, plug in, collect later). Biometrics won't stop you from walking in, although it will make it marginally more difficult, you will still have to wait for someone to open a door, and then you follow them in. Placing the box will not be any more difficult, it is your box, the only protection is what you want on it. Plugging the box in will be no more difficult, a wall plug is just a wall plug. Collecting later will be marginally more difficult because you have to gain access again. Biometrics will not cause problems with the data you retrieve since biometrics cannot (yet) be used for encryption. Biometrics fails the very attack you put forth. Biometrics fails.
> Think Faraday Cage.
Simply infeasible. The closest you would get is the NSA building, and it leaks trace amounts through the windows. At the time of it's construction the window leakage was considered below useful threshholds, now I have strong suspicions that it is possible to detect and decode the emissions. The only saving grace you have is the proliferation of computers this pollutes the leaked streams making them significantly more difficult to decode.
On the original topic. The solution I've had in place for about a year is to run everything in house over IPSec. There is a wireless connection, but unless you can log into the VPN you won't get any further. Turns out to be pretty easy to setup, and while I have had the wireless "hacked" they didn't get any further. Of course this is a bit heavy handed for a major installation, but as a cryptographer I am working on a tear out and replace protocol without all the extra cr*p that 802.11 keeps trying to put into WEP, instead I'm basing it more on a secured IP network.
> Think biometrics.
Not even close. Biometrics are horrible for data security. In fact biometrics are horrible for almost all security situations. Consider the attack you put forth (walk in company, place box, plug in, collect later). Biometrics won't stop you from walking in, although it will make it marginally more difficult, you will still have to wait for someone to open a door, and then you follow them in. Placing the box will not be any more difficult, it is your box, the only protection is what you want on it. Plugging the box in will be no more difficult, a wall plug is just a wall plug. Collecting later will be marginally more difficult because you have to gain access again. Biometrics will not cause problems with the data you retrieve since biometrics cannot (yet) be used for encryption. Biometrics fails the very attack you put forth. Biometrics fails.
> Think Faraday Cage.
Simply infeasible. The closest you would get is the NSA building, and it leaks trace amounts through the windows. At the time of it's construction the window leakage was considered below useful threshholds, now I have strong suspicions that it is possible to detect and decode the emissions. The only saving grace you have is the proliferation of computers this pollutes the leaked streams making them significantly more difficult to decode.
On the original topic. The solution I've had in place for about a year is to run everything in house over IPSec. There is a wireless connection, but unless you can log into the VPN you won't get any further. Turns out to be pretty easy to setup, and while I have had the wireless "hacked" they didn't get any further. Of course this is a bit heavy handed for a major installation, but as a cryptographer I am working on a tear out and replace protocol without all the extra cr*p that 802.11 keeps trying to put into WEP, instead I'm basing it more on a secured IP network.
