WE LIVE IN A funny world. If I go out and buy a handgun, or want to drive an automobile, the government puts up a number of regulatory hurdles. But the toughest part of buying a computer and an operating system is remembering which credit card is paid down. Now, some might point out that a firearm is a weapon, and an automobile can certainly be a weapon in the wrong hands, as I saw over Memorial Day weekend when an uninsured driver's car jumped the curb and took out the front window of my neighborhood sushi joint.
(Mmmm ... drive-thru sushi ...)
But a computer also can be a weapon in the wrong hands, and can be just as dangerous to its user as to others. Given that software vendors don't seem willing to include trigger locks -- er, to configure their programs' default security settings to be as hardened as possible -- I'm starting to wonder if it isn't time to require licenses for computer users.
This suggestion is no crazier than our current driver's licensing laws might appear to someone from 1915. In that year, my grandfather received a Chevrolet as a fourteenth birthday present from his dad, a Boston banker who "bought it to see if it could compete with that fellow Ford's car." Even after World War II, it was common for a farmer's children (and that definition was loosely applied, as my mother will confirm) to be given driver's licenses at that age.
Just as our attitudes toward licensing drivers -- to say nothing of firearm ownership -- have evolved, so too must our laws regarding computer ownership and use. Requiring prospective computer users to show they know how to use a computer safely and responsibly isn't as far-fetched as it sounds, when you consider the damage unwitting users could potentially cause by operating unsecured systems, presenting toeholds for cyberterrorists. I like the idea of confiscating computers that become compromised, just as cars of uninsured drivers are confiscated.
Oh, there's one small reason why this is a bad idea: It just goes against everything I stand for regarding personal freedoms and rights of individuals. The alternative, licensing software vendors, also gets interesting from a free speech perspective. Are they publishers or simply manufacturers? "Prior restraint" is a phrase I never like to hear used casually.
So we're back to our first idea. It's time to require trigger locks on software. Put in context, that means that programs should install themselves in the most secure configuration possible. This should include doing away with default user names and blank passwords, but that's just scratching the surface. I bet you have a few ideas along these lines and would gladly send them along.
While I'm trolling for feedback, here's another question for the audience. (I'm sure vendor reps will nod their heads and make soothing noises about commitments to security.) Frankly, I don't see too many products that have proper security right from the start. Do you?
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect businesscritical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »