Slashdot Mirror

← Back to Stories (view on slashdot.org)

Physical and Network Security Merging?

Posted by michael on from the etherkiller dept.

MonMotha writes "CSO reports that physical and network security may be merging in an effort to eliminate redundant jobs, create a more secure security plan, and make security procedures more standardized across the company. This would seem to be a logical step forward as businesses become more and more dependent on their computers, and as the old adage goes, an attacker with physical access already has you owned."

2 of 132 comments (clear)

  1. Physical access doesn't always help by jc42 · · Score: 3, Interesting

    > ... as the old adage goes, an attacker with physical access already has you owned.

    Oh, I dunno about that. We've already seen a number of reports about people who got their laptop back after a theft, apparently because it was running linux or *BSD. The thiefs couldn't get past the login screen, so they trashed it or left it lying somewhere, and whoever found it called the phone number on the sticker.

    Granted, this might not stop your expert unix hacker. But most laptop thefts are by petty thiefs who are pretty much computer illiterate, as are the guys who fence them. With Windows or Macs, they can turn it on, try a few things to verify that it runs ok, and it's in the pipeline. With a unix-like system, they can't get in, they conclude that it's unusable, and they toss it.

    Your typical laptop thief only gets a hundred bucks or so for the machine. It's not worth a great deal of effort to break through security to verify that you're not buying a fancy-looking brick. So login+password is plenty secure for the typical theft.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  2. Security in various forms... by Vrallis · · Score: 3, Interesting

    I doubt this is too likely to happen much. Security departments have a lot more to deal with than just securing locations from access. Our own computer department does, in fact, handle some of this (for our own areas, at least)--security keypads and our own alarm system.

    I work for a large auto parts distributor, and our security department doesn't even deal much with access security. They deal with investigations for sticky-fingered employees for the most part. They also deal with the more complicated theft rings, which usually involve state authorities due to dirty city cops being involved.

    This is WAY outside sysadmin territory, and I don't see them merging anytime soon.