What is Security?

Learn about Computer Security General Security Questions and Comments
#1

Please Go Easy On Me; I’m being philosophical right now lol

Good Evening

Time: 3:36AM (Pacific Time)

Question: What is Security? ([at])[at])(Computer Related)

My Answer: Security Does Not Exist On Computers

Qoute “Virtually We Have No Security; We Only Have a User and Password”
Security as my definition would be a state of

My Reason; I have taken time off of these forums and boy did i learn a lot from these forums. I thank Melih for allowing me to be a Moderator. Now I’m Eager to Find More Information and Apply What I know to my life and grow from trial and errors. When it comes down to it someone asked me today “what Security do you have on your computer?”*** I actually paused and had blonde moment where everything went blank but this must been a Albert Einstein Blonde Moment. I went home sat down in front of my laptop and router with cables running back and fourth (hehe I’m learning about the OSI levels and IP Subnetting how lucky am I :slight_smile: )… When it dawned on me … We seriously have no security whats so ever…

Please wait before saying oh theres AV/AM/AS/CAVS/FW/Defense+/NAT Filter/MAC Filter/Token Filtering/CB/CSC/SAS/MBAM/ etc etc… I’m trying to get down and technical and philosophical… Those Tools and Software are used to Detect… and Prevent and Cure… but I see these tools useful to a Point… but Overall I see these things as preventing from “Unauthorized” access to a resource or object. When you come down to it… a SID / Access Token is the thing that the hacker is after (to make it easy for him/her to change system settings / files)… A User / Password Actually is a easier term for it… when you put a thousand firewalls and two levels of sub netting and master the art of Prevention and a simple dummy server… You only need a User Name Password / Access Token… a simple 6 character (Avg) user name and a pretty simple 9 Character Password (Both Letters and numbers and/or symbols with 1 Capital Letter) … If we put so many tries to guess a username/password you’ll get locked out for XX Minutes or until “Admin” Unlocks Your Account or you must supply a correct ‘fingerprint’ or ‘smart card’… Now tricking these security ‘measures’ are pretty difficult but yet still can be done (I have practiced trying to beat the whole fingerprint thing but i got the smart card thing down)…

Its all binary sending to a usb port thats connected to a root hub… which can support 127 devices… now its just up to the hacker how to match the binary thats sending to the hub when the ‘correct’ user uses that device… Why is it so easy to ‘emulate/copy/simulate’ something that can have access to millions of dollars worth of information… Confusing? let me try to make it to a another event…

If you are Mr Secure Man 2010; and you are installed on a computer/server… you can do everything that is ALREADY* invented and yet a hacker can get in… Why is that?****
or just replace the hacker with a average joe just guessing a password…

Cant there be something more? something that we can invent that cannot be emulated or simulated or copied or ‘similar to someone else’?..
Fingerprints no good/ Picture Verification No Good etc etc…

Then I asked my self… when it comes down to it … what makes Me different from Melih or from a avg user
… well me is me i know that but “How can something that i created tell the difference between me or Person B? .” … hmmm… Oh I know let me create a user name and password so “Noone” knows my user or password… haha that must be it… but wait… if someone has enough time to waste… wouldnt he just sit and enter in every possible entry?.. No… Of course not who would do that?.. but a simple boot from a CD can change the password… but what if i run some cables and introduce a Language that was created in 1969(I think)… Maybe TCP/IP Will work… hmmmm oh wait but would the Person B have access to my computer freely?.. hmm better put a firewall there so i can prevent him from gaining access… so yeah let me go to the store and purchase a 40 Dollar Linksys Router… that will work… but wait a minute… what if he gets passed that or even guesses my network key or even just goes to a torrent site and download a linux iso live cd which has a Key Cracker… hmmm but wait i dont care about my network i care about my computer… my hard drive… hmm what else can i do?.. hmm Defense+ ? no that wouldn’t work… because if he uses a simple program to access the computer and uses the computers resources then Defense would say its a safe app… hmmm… what else… AV? no because he didn’t create a program… hmmm if someone has my password and username … how can i protect my self?.. or can I?****

I’m just saying… maybe its not this serious YET… but wouldn’t it be soon?..
Yeah AV AM AS etc etc Helps Prevent it… but There is no Such Thing as Security…
You either have security or you dont… there isn’t no 40 or 99.9 percent and once a virus gets you complain to norton that a virus gets in and they tell you thats the 0.1 percent … I mean honestly… What do we have to provide security?/

I’m so confused when it comes to security…

Jacob Kilgore