Physical and Network Security Merging?

MonMotha writes "CSO reports that physical and network security may be merging in an effort to eliminate redundant jobs, create a more secure security plan, and make security procedures more standardized across the company. This would seem to be a logical step forward as businesses become more and more dependent on their computers, and as the old adage goes, an attacker with physical access already has you owned."

Physical access doesn't always help

[jc42]

> ... as the old adage goes, an attacker with physical access already has you owned.

Oh, I dunno about that. We've already seen a number of reports about people who got their laptop back after a theft, apparently because it was running linux or *BSD. The thiefs couldn't get past the login screen, so they trashed it or left it lying somewhere, and whoever found it called the phone number on the sticker.

Granted, this might not stop your expert unix hacker. But most laptop thefts are by petty thiefs who are pretty much computer illiterate, as are the guys who fence them. With Windows or Macs, they can turn it on, try a few things to verify that it runs ok, and it's in the pipeline. With a unix-like system, they can't get in, they conclude that it's unusable, and they toss it.

Your typical laptop thief only gets a hundred bucks or so for the machine. It's not worth a great deal of effort to break through security to verify that you're not buying a fancy-looking brick. So login+password is plenty secure for the typical theft.

the end all and be all security folk?

somehow I doubt that there will ever be a day when physical security and network security are one. Sure there may be some that can do both very well, and those will usually be veterans with decades of experience under their belt. There will of course be ecclectic mixtures of both... however you will not be able to field both easily or affordibly. This does not mean that any network security from a macro level is not to be the core of knowledge for any security individual... this is just like security guards at places with high tech security systems now. The guards must know many things about the electronic surveilance, countermeasure, digital access, keying, etc to do their job. If we add another layer like actual network security, then it should be abstracted and ORGANIZED enough so that the guards do not have to grep and cat their way through files and systems just to check what the status is or even fix problems.

It is that issue there that will present the problem, and also the very thing that many 1337 do0dz will never understand.

That being said, I am glad that the ideas are merging... mainly because I think that it will clue many developers in for the need to provide consistent, standard, and robust interfaces instead of 'hacked for this and only this feature/platform/language/etc' I personally have crappy front end skill, but I understand its very vital nature. For every 1337 do0d that thinks it is not good to 'dumb down' anything, then they obviously do not understand that abstraction does not change or prevent any low level interfacing, but merely provides the means for working with other systems like GUI's. Of course it also means they are wanna be loosers who if they rubbed two neurons together would realize how stupid that kind of thinking is. They should be real programmers and throw away the keyboard, monitor, mouse... and go with a bank of binary dials for any computing. Retards... talk to me later after you have grown some pubes.... oh! look at me, I can code! Yay for you... I can drop most adults in a fight, you won't see my ass taking on Sadam by myself however. Idiots.

Security in various forms...

[Vrallis]

I doubt this is too likely to happen much. Security departments have a lot more to deal with than just securing locations from access. Our own computer department does, in fact, handle some of this (for our own areas, at least)--security keypads and our own alarm system.

I work for a large auto parts distributor, and our security department doesn't even deal much with access security. They deal with investigations for sticky-fingered employees for the most part. They also deal with the more complicated theft rings, which usually involve state authorities due to dirty city cops being involved.

This is WAY outside sysadmin territory, and I don't see them merging anytime soon.