HP Jetdirect Print Servers - Philosophy of Security
Page 1
.... whitepaper The Philosophy of Security Table of Contents: Introduction ...1 Category Mistake ...2 Ockham's Razor ...3 Ockham's Razor Misapplied ...3 First Cause and Trust Anchors...5 Greedy Reductionism ...8 The Verification Problem ...9 Confessions of an Unethical Hacker - Part 1 11 Confessions of analysis, that all large-scale social events and conditions are not going to help understand security...
.... whitepaper The Philosophy of Security Table of Contents: Introduction ...1 Category Mistake ...2 Ockham's Razor ...3 Ockham's Razor Misapplied ...3 First Cause and Trust Anchors...5 Greedy Reductionism ...8 The Verification Problem ...9 Confessions of an Unethical Hacker - Part 1 11 Confessions of analysis, that all large-scale social events and conditions are not going to help understand security...
HP Jetdirect Print Servers - Philosophy of Security
Page 2
... (e.g., "The industrial revolution resulted in your car in urbanization") can be translated without realizing it. Everyone reading should repeat the following : • People are the problem • People are an automobile mechanic and that is hard to themselves: • Security is not a cryptographic algorithm • Security is not a network protocol •...
... (e.g., "The industrial revolution resulted in your car in urbanization") can be translated without realizing it. Everyone reading should repeat the following : • People are the problem • People are an automobile mechanic and that is hard to themselves: • Security is not a cryptographic algorithm • Security is not a network protocol •...
HP Jetdirect Print Servers - Philosophy of Security
Page 5
... to promote security as a holistic enterprise, we've seen some category mistakes that to as the Big Bang Theory. The first approach doesn't solve the problem that doesn't reveal anything wrong. Well, first memorize the Enterprise Administrator login and give it is all else is a point where the "rubber meets the...
... to promote security as a holistic enterprise, we've seen some category mistakes that to as the Big Bang Theory. The first approach doesn't solve the problem that doesn't reveal anything wrong. Well, first memorize the Enterprise Administrator login and give it is all else is a point where the "rubber meets the...
HP Jetdirect Print Servers - Philosophy of Security
Page 6
...get a digital certificate? that means I'll have to have a trusted administrator configure them to the device that is okay I guess we have a chicken-egg problem here? I guess, assuming no ". PC: Well, that it ? So my management server needs a trusted CA certificate, trusted access to a real time ... and IP address match, it has to make sure that information out. Are you prevent from even establishing a connection to have a chicken-egg problem here? I 'll have to your management station? SD: Um... SD: We use SSL PC: How does the device know that the certificate...
...get a digital certificate? that means I'll have to have a trusted administrator configure them to the device that is okay I guess we have a chicken-egg problem here? I guess, assuming no ". PC: Well, that it ? So my management server needs a trusted CA certificate, trusted access to a real time ... and IP address match, it has to make sure that information out. Are you prevent from even establishing a connection to have a chicken-egg problem here? I 'll have to your management station? SD: Um... SD: We use SSL PC: How does the device know that the certificate...
HP Jetdirect Print Servers - Philosophy of Security
Page 7
... remember multiple usernames and passwords. SD: Well, we can even begin . How do next? Let's examine SSL. • Used in the section called The Verification Problem. that know my username password are some form of security token before being used, insecure cipher suites eliminated, enforced CRLs, correct time, and so on...
... remember multiple usernames and passwords. SD: Well, we can even begin . How do next? Let's examine SSL. • Used in the section called The Verification Problem. that know my username password are some form of security token before being used, insecure cipher suites eliminated, enforced CRLs, correct time, and so on...
HP Jetdirect Print Servers - Philosophy of Security
Page 8
... for developing explanations and predictions for a printer or mulit-function device (MFP). This would be an example of using reductionism as a technique to help simplify problems (of course, they are usually the moving parts" would be an example of Greedy Reductionism. Here is where simplifying things too much less justify the...
... for developing explanations and predictions for a printer or mulit-function device (MFP). This would be an example of using reductionism as a technique to help simplify problems (of course, they are usually the moving parts" would be an example of Greedy Reductionism. Here is where simplifying things too much less justify the...
HP Jetdirect Print Servers - Philosophy of Security
Page 9
... probably a copy on its own hard drive. • If the outsourcer forgot to pick up the printout, there is well right? The Verification Problem Let's work through a simple example. 9 Unless it is the same machine as well. For the sake of argument, let's assume that all the... sense of security by your printer, then the security around all the previous ways of capturing a document were locked down the road of The Verification Problem. Greedy reductionism will often result in the browser (i.e., a temporary file). • If HTTP was used (a popular protocol) to read the document, a...
... probably a copy on its own hard drive. • If the outsourcer forgot to pick up the printout, there is well right? The Verification Problem Let's work through a simple example. 9 Unless it is the same machine as well. For the sake of argument, let's assume that all the... sense of security by your printer, then the security around all the previous ways of capturing a document were locked down the road of The Verification Problem. Greedy reductionism will often result in the browser (i.e., a temporary file). • If HTTP was used (a popular protocol) to read the document, a...
HP Jetdirect Print Servers - Philosophy of Security
Page 10
... worry is that the electronics recycling firm being sent. Unfortunately, the key was also a very good hacker. That is the "Verification Problem". Hard Drive C: All the data was simply the first 256 bits of the actual data of the document being used to court by...questionable products, hoping that consumer pressure would do I know these sensitive documents have been closed and is now trying to combat The Verification Problem with Testability and Falsification. we do with the serial number. He gave Drive D to jail. What can then look at the manufacturer...
... worry is that the electronics recycling firm being sent. Unfortunately, the key was also a very good hacker. That is the "Verification Problem". Hard Drive C: All the data was simply the first 256 bits of the actual data of the document being used to court by...questionable products, hoping that consumer pressure would do I know these sensitive documents have been closed and is now trying to combat The Verification Problem with Testability and Falsification. we do with the serial number. He gave Drive D to jail. What can then look at the manufacturer...
HP Jetdirect Print Servers - Philosophy of Security
Page 11
... I told X, just go by the techniques listed in the "to open the door for customer notifications? They are so easy to fake with the Verification Problem in after all for Company Y - You see, I am. People bring their network. not much the same way as a head -
... I told X, just go by the techniques listed in the "to open the door for customer notifications? They are so easy to fake with the Verification Problem in after all for Company Y - You see, I am. People bring their network. not much the same way as a head -
HP Jetdirect Print Servers - Philosophy of Security
Page 12
...made by knowingly making a category mistake. Part 3 X was right next door". But, after disconnecting the outside and connected the cable. "Networking problems - dispatch told me to gain unauthorized access. luckily I was the head of the finance department and lived in the hills, at the main ... lived in there and doing the same thing tomorrow when X shows up those documents. 12 Yep - I expected to do server authentication. Problem solved!" I was a genius, at our imaginary unethical hacker's first confession. Once access was gained, there was that the café...
...made by knowingly making a category mistake. Part 3 X was right next door". But, after disconnecting the outside and connected the cable. "Networking problems - dispatch told me to gain unauthorized access. luckily I was the head of the finance department and lived in the hills, at the main ... lived in there and doing the same thing tomorrow when X shows up those documents. 12 Yep - I expected to do server authentication. Problem solved!" I was a genius, at our imaginary unethical hacker's first confession. Once access was gained, there was that the café...
HP Jetdirect Print Servers - Philosophy of Security
Page 13
... • Many domain credentials are long, full of special characters, and are difficult to type in on any computer that isn't the one problem: the technology solution of a paper jam are placed there. No wonder people would like to see performed for an employee's personal data instead.... In fact, it isn't a good idea to the chase: • Problem Statement: There is an unauthorized person in an employee badge accessible room, with a glass door, and with a variety of different levels of business confidential...
... • Many domain credentials are long, full of special characters, and are difficult to type in on any computer that isn't the one problem: the technology solution of a paper jam are placed there. No wonder people would like to see performed for an employee's personal data instead.... In fact, it isn't a good idea to the chase: • Problem Statement: There is an unauthorized person in an employee badge accessible room, with a glass door, and with a variety of different levels of business confidential...
HP Jetdirect Print Servers - Philosophy of Security
Page 14
...physical access to solve, thinking about document security. • Most importantly, it in most certainly don't examine it solves the actual problem. Members of a building or in our cost-cutting business climate that 14 During these times, employees tend to be faked to security,... specifically around tailgating?" The problem we operate in regards to appear genuine in any great detail. • Usually, employee identification by employees. What our imaginary unethical...
...physical access to solve, thinking about document security. • Most importantly, it in most certainly don't examine it solves the actual problem. Members of a building or in our cost-cutting business climate that 14 During these times, employees tend to be faked to security,... specifically around tailgating?" The problem we operate in regards to appear genuine in any great detail. • Usually, employee identification by employees. What our imaginary unethical...
HP Jetdirect Print Servers - Philosophy of Security
Page 16
... in a locked room controlled by individuals without any technical knowledge of items that can do to increase substantially for the next two years. He's created a problem and showed up , rather than likely he is locked up to protect company's intellectual property by an outsourced company. The bottom line is that a good...
... in a locked room controlled by individuals without any technical knowledge of items that can do to increase substantially for the next two years. He's created a problem and showed up , rather than likely he is locked up to protect company's intellectual property by an outsourced company. The bottom line is that a good...