myprofessorvoip blog

I have spent a lot of time around people who claim to be security specialists and companies who claiming to have security professionals. Let me clarify a little bit, there is a such thing as a security engineer. And to define that role I will have to simply state that it is an individual that can design, implement and configure Security devices such as IDS, Firewalls, and VPN. This role is very similar and can be the same as a network engineer. Only difference is that there is more job security as a Security engineer.

However, it is important to know that a Security engineer is not a security professional. A security professional breathes security. I know how an IDS system works, but do you know why to deploy it? Realistically an IDS system provides very little protection. Even if it tells you where penetration is occurring, would you know how to prevent it? Download a patch that guarantee’s it is the fix for the vulnerability, do you know how to test the patch?

The truth of the matter is most companies do not implement security as it should be implemented. They hire security engineeers and use vendors that can provide benefits to using their products, but none of the people involved can tell you how to prevent and correct vulnerabilities. Security is not a cookie cut solution. Networking is in fact a cookie cut solution. You have a need you design a solution. In security, each solution opens up another vulnerability.

The biggest Vulnerability are people. The government has been exposed yet again. Hackers Steal U.S. Government Corporate Data from PCs - AGAIN

Think about it this way, how easy would it be to walk up to a coworker you barely know or a person you barely know and ask them if you can check your web email on their system? In fact, they will leave you alone so that you may have privacy. Full access to their system for 5 minutes is more than enough time for me to plant a client on their network or get valuable information from their pc such as username and password.

Don’t ever illusion your self to think that you are protected. No one is protected.

This entry was posted on Monday, July 30th, 2007 at 12:38 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.