a wifi hypothetical .. ??

[Kym]

Kym are you a PC or Mac user (or both) - Them words sound pretty much like a dedicated PC user

Leopard OSX actually comes with its own firewall but nobody uses it. I'm a member of Mactalk, an Australian Mac users forum and this issue of security comes up again and again and again (I wish people would do a search first). Nobody uses firewalls or virus scans or anti-maliscious (sp?) software. The only way for you to get "infected" is for you to download the file and in windoze speak "execute it". To execute a file will involve you entering your permission password and no other way, its just not automatically vunerable like a PC. I look long and hard for any file asking for permission and always have a system backup when adding new apps.

On the other side of this fence is the legality of using somebody elses bandwidth, whether its a commercial entity or a private user. If caught, it is akin to theft and a number of cases in the US has set presidence. In this country I'm not sure but my aging memory seems to recall something about using a "Starbucks" or similar but can't confirm this.

Use Mac's in the past - use PC's for work - use Linux for a bunch of server work.

Most personal computer (any flavour) attacks happen from executing something bad.

But - there are other attacks. Eg. buffer overruns attacking web servers.
IIS and MS SQL Server had a run of these a few years ago.
Apache has had a few over the years as well.
Various softwares have had these vulnerabilities as well. phpBB as a good example.

So just because a particular platform is difficult to attack (Mac or Linux) does not mean it cant or wont be attacked.

Having written the web server security architecture for a Govt department a few years ago (previous job) - I do have clue in this space. (and that was for mainly *nix systems)

With security it is not that you are paranoid - but are you paranoid enough?
Defence in depth is a very important concept.

One day (when not if) there will be a hole in Mac or Linux security and some bugga will let loose an attack and many will lose data etc.
Only those with a multi layer defence and good backups will be ok.

The good thing is MS platforms are used widely and are relatively easy to attack so the malicious people (being generally lazy and after a quick $) will focus on the MS platforms and leave the better platforms alone.

[bigdazzler]

The good thing is MS platforms are used widely and are relatively easy to attack so the malicious people (being generally lazy and after a quick $) will focus on the MS platforms and leave the better platforms alone.

i know very little when it comes to the tech stuff .. but that seems a good enough reason for me to not use windows at all

[Kym]

i know very little when it comes to the tech stuff .. but that seems a good enough reason for me to not use windows at all

Well yes.
But Windoze is the lowest common denominator and we have to live with it.
Not all the software I need is on the other platforms (and vice versa - some stuff I want for Windows is Linux only).

But if lets say Apple suddenly halves their prices and open the HW platform and everybody jumps from Windoze to MacOS...
then the malicious people would go after the biggest platform simple because of the percentage game they play.
Why do you think you keep getting 419 emails (Nigerian scams)? Coz they only need a few suckers out of millions of people.

[JM Tran]

i spoke to a security analyst in IT for the SA state government a while ago

he actually said that the more defences you put up, the more attention u will attract from hackers, they will be very curious at the layered defences u have - and wonder whats behind that. Curiosity killed the cat.

concluding that sometimes, going naked is a safer choice. I agree with what he says in many ways.

[Kym]

i spoke to a security analyst in IT for the SA state government a while ago
he actually said that the more defences you put up, the more attention u will attract from hackers, they will be very curious at the layered defences u have - and wonder whats behind that. Curiosity killed the cat.
concluding that sometimes, going naked is a safer choice. I agree with what he says in many ways.

Defence in depth for serious apps looks like... (assuming Java EE)
- outer firewall (router)
- DMZ reverse proxy server with intrusion detection, NAT
- inner firewall (router private IP addresses)
- web server / container
- EJB container (proxy DB user to access stored procs)
- database firewall (router - only EJB server can access)
- database stored procs
- database tables/views <<< this is what is being protected

So from the outside you just see a web server (aka reverse proxy). It also limits internal access to the transactional database. Given that more attacks occur from internal networks.

The above model is used by banks etc. Fairly standard in the corporate space.

Naked is not genuine option.

[bigdazzler]

Defence in depth for serious apps looks like... (assuming Java EE)
- outer firewall (router)
- DMZ reverse proxy server with intrusion detection, NAT
- inner firewall (router private IP addresses)
- web server / container
- EJB container (proxy DB user to access stored procs)
- database firewall (router - only EJB server can access)
- database stored procs
- database tables/views <<< this is what is being protected

So from the outside you just see a web server (aka reverse proxy). It also limits internal access to the transactional database. Given that more attacks occur from internal networks.

The above model is used by banks etc. Fairly standard in the corporate space.

Naked is not genuine option.

you gotta get out more mate ..

[Kym]

you gotta get out more mate ..

Have to do something to pay for the camera gear

[ving]

not an awful lot could happen to the thief, but one has to look at the moral implications... it is theft... much like stealing petrol out of someones car.

mt wireles network at home is secure... cause there are plenty of scum out there that like to steal stuff.

[MarkW]

not an awful lot could happen to the thief, but

Unless you reside in the US where the thief actually did time - do the crime do the time

[milspec]

So, to sum it all up .... turn your wireless off when your at the airport

[MarkW]

So, to sum it all up .... turn your wireless off when your at the airport

Huh ????

In the US it was proven that the thief was aware that the WiFi was only for the use of their customers due to previous attandance and since he had not purchased any goods from the supplier then he wasn't entitled to use the WiFi usage.

As for the airport, the only one I have been able to get is Qantas where its $5 per hour password secured as I don't have Qantas Club. Thats what you get for flying cattle class.

[JM Tran]

Defence in depth for serious apps looks like... (assuming Java EE)
- outer firewall (router)
- DMZ reverse proxy server with intrusion detection, NAT
- inner firewall (router private IP addresses)
- web server / container
- EJB container (proxy DB user to access stored procs)
- database firewall (router - only EJB server can access)
- database stored procs
- database tables/views <<< this is what is being protected

So from the outside you just see a web server (aka reverse proxy). It also limits internal access to the transactional database. Given that more attacks occur from internal networks.

The above model is used by banks etc. Fairly standard in the corporate space.

Naked is not genuine option.

I have almost zero idea of anything u just mentioned up there LOL

[bigdazzler]

Just to clarify .. when i said airport , i meant "AirPort" - Apples wireless network connection utility , not "the airport" - as in where you might board an aeroplane ..