Saturday, October 22, 2011

Security Fascists


I know that security has become a caveat for everyone in the computing industry, but there is a point when the ridiculous nature of uber security becomes intrusive and threatening. In the past unprepared banking and investment firms were hit hard by curious hackers and more malevolent criminals intent on stealing identities and funds. The industry's response has been to enlist the services of many of these very same hackers and to give them the keys to the security kingdom. Since they were successful in breaking into networks and protected servers, the CEOs reason, why not let them harden the protective layers to make future hacking improbable, if not impossible? What seems like convoluted logic has led to the most stringent of security practices being exacted on the masses, although the first line of unfortunate victims is usually the network administrators charged with protecting their firms through their own best security practices. Usually, these new security requisites can be logical and understandable. Such good security practices as locking the server room to keep workers' paws off the servers makes good sense. Increasing the length and complexity of passwords is also a common requirement, much to the chagrin of office workers who want to keep it simple like "password" or "fido." Having passwords change frequently seems like another good idea on face value, but in reality having secretaries and mid-level managers create their own passwords is a nightmare (usually they don't reach complexity or length on the first or even second attempts). Having the network administrator charged with keeping the ever-changing password list is also not very feasible, considering everything else he has to keep straight. If all of this isn't enough to drive a sane person crazy, then the new security practices checklist arrives in the mail and is sent from the CEO to the network administrator. Sometimes 20 or more pages, the security inquiries are in fact a questionnaire that determines the level of security enforced at the site. There's only one problem: one size fits all. According to these security fascists, who are intractable when it comes to asking for dispensation or special allowances, a security threat at a small firm carries with it the same weight as one at a major banking firm. Thus, everyone who has to answer their inquiries is put to the test as to how much they can put up with until they turn to these specialists and yell uncle. Recently, a firm hired to maintain levels of compliance for credit cards insisted they be "whitelisted" for the firewall and security device located at a client's office. This was because they were having trouble doing scans on the traffic being passed at the site and they wanted to investigate the traffic more deeply. In other words the device was working too well to keep them - and by extension others - from entering or possibly hacking the site. Other new requirements for VPNs (virtual private networks used for offices to pass traffic to remote sites or for telecomputing from home) include adding special characters (like $,#and @) to passwords between routers that already have extremely high levels of encryption. It is overkill on top of overkill and there seems no end in sight for this madness. Sure, I'm for good security practices. I believe in them. It's just these new restrictions are not breeding any confidence in me that the networks I am responsible for are truly more secure. They're just more complex and more difficult to maintain for the same remuneration. If only I could charge the so-called security experts for my additional time and effort and the costs to the networks to implement their demands.

Sunday, October 16, 2011

Food, glorious food


We all remember the classic scene at the beginning of the Academy Award-winning musical "Oliver!" by Lionel Bart. The film based on Charles Dickens' "Oliver Twist" depicts the children in the orphanage having been carefully fed a regimen of gruel - basically watered down oatmeal - and kept away from a diet which involved meat of any sort. This is to demoralize them and keep their spirits down. It is young Oliver Twist who implores Mr. Bumble for "more" and the tale goes off from there. In many countries the ability to ask for more doesn't even exist. Hundreds of children and adults in East Africa are experiencing hunger on a level few of us can fathom. Yet, here in America we take for granted the fact that food is in abundance and for the most part safely distributed from farm to market to table in an efficient system that assures quality and quantity of products. To be sure there are hungry people in the United States and many of them right under our veritable noses. But here we lack from the politics of food, where food is used as a weapon to keep the downtrodden in check and to prevent any possibility of a backlash against the powers that be. It's much like that in Somalia. The difference is that we have savage, bloodthirsty warlords there who withhold food intended to alleviate suffering because they intend to starve out their enemies. Not one of them is as innoxious a fellow as Mr. Bumble, I am afraid to point out. Nevertheless, we should consider that food is a necessary part of all of our lives. The sooner we remove its inaccessibility from those who need it, the better the human condition will be. Proper food and diets mean less disease and better general health. Think about that today - Blog Action Day - as we reach for the chips and dip, hot dogs or burgers just before we enjoy our regimen of football.