SIGINT10 - final10

SIGINT 2010
Konferenz für Netzbewohner, Hacker und Aktivisten

Referenten
Frank Breedijk
Programm
Tag Day 2 - 2010-05-23
Raum Vortragsraum (MP6)
Beginn 18:00
Dauer 00:45
Info
ID 3817
Veranstaltungstyp Vortrag
Track Hacker
Sprache der Veranstaltung englisch
Feedback

The road to hell is paved with best practices

"Best" practises? Really?!

This light talk will try to address the "unaskable" question "will best practices make use more secure?" in a light and entertaining manner.

Will a strong password policy result in stronger passwords? When are there too many admins on the system?

In good cop/bad cop style Frank Breedijk and Ian Southam will address this topic from the firm believe that IT Security should actually make IT more secure.

What will the audience gain: Besides the fact that we plan to give a very entertaining presentation, we also hope to trigger some self reflection in the IT security community.

We hope to help break the inertia of certain log lived best practices that, e.g. force us to change our password every month because it takes two months to crack such a password with a PDP-11.

Together they have been in the IT profession for over 35 years. Ian stared as a programmer, did datacenter development and is now Mission Critical Engineer at Schuberg Philis, Frank first as a programmer later as IT security guys and currently as Mission Critical Engineer Security for Schuberg Philis. Together they strongly believe that IT Security should have one purpose, to actually make computing and processing information more secure.

As obvious as that statement seems, security measures often do not achieve this goal but sometimes hurt it. E.g. enforcing "very strong" password policies will often result in people not being able to remember their passwords and writing them down, or reverting to passwords like Password01, Password02, etc.

In a light, good cop/bad cop style presentation Ian and Frank plan to address this and other less obvious examples of so called "best practices" that actually hurt security.

In the process the hope to plant the seed for some of the serious self reflection that is required from the IT Security industry.