In today's world, due to some dishonest populace who are like parasites living on somebody's else blood, implemenation of security comes at a heavy price and it has more problems than solutions. It is also a great business model for the companies to exploit the fear mongering mentality created by hackers and dishonest people who like to steal things or create havoc in your computer.
So, I tend to build security like a paranoid does but lately I have come to a realization that these all security implementations are nuisance rather than solutions.
Few examples:
- A laptop running 5 services of Symantec anti-virus and chewing up resouces when you need them most. Still, hackers beat the anti-virus software and invade your computer. I have learned lately to follow some simple rules navigating through the internet and completely turned-off the anti-virus software. I did not had any problem in last 9 months. No downloading of free easily available software and not opening attachements that I do not trust. Using a Ubuntu VM for surfing the internet and revert the snapshot of the VM to reset the machine where it was before. No need of the anti-virus software or malaware. But, I cannot do this on my work machine as it generates an exception.
- A firewall running on a server which is behind the router or main firewall. This is a great nuisance. I learnt my lesson as I had to spend 12 hours as I got locked out of my main server inadvertanly and my own security arrangement made me captive. This is an example:
- There was a thunderstorm and a lightening struck close to where I live. As a result, several electronics got out of commission. Like my VoIP phone and adapter, RF antenna of the TV, USB ports of my main server, 2 routers and others things just stopped working. This happened even after having serge protection. Atleast my server did not blow up but mouse and keyboard stopped working since USB controller got burned down.
- I cannot access my server console and but could access it through SSH only.
- This server is behind a router and only few ports are open to route the traffic to this server. Since I got new router and was configuring it, I decided to use a new port to forward to do the SSH. I do not expose port 22 but I use a very high port number so that people have to do lots of scanning to find the open ssh port. This works pretty well with a strong password. But, like a paranoid, I still had a firewall on my server running.
- I did a stupid thing – I changed the SSH port on my server but forgot to add that to the firewall rules and closed my session. I locked out myself from the server even for using the SSH and this was all due to this paranoid security arrangements that I had.
- I used software raid to mirror one hard disk to the another. So, I had to literally take out both the hard drives out from the server and attach them to another old spare server and use mdadm commands to assemble the raid. I had to locate the firewall file and modify the rule and again put the disks back to the original server. There was no need for me to run this firewall on the server since it was already beind the router and this caused me to lose my sleep and work several hours to get-in to the server when keyboard and mouse were out of order. Another lost productivity and sleep due to Security for Paranoid.
- Hard disk encryption – If something goes wrong to the boot or lilo or grub, it takes days to first decrypt the 1 TB hard drive and fix the problem and again encrypt it again. Such a collossal loss of work hours but nobody seem to care as protecing the hard drive is more important than lost productivity. Another nuisance and slow running laptop due to the encryption for everything on the harddrive. A great business model for companies to sell encryption to protect hard drives but a great nusiance for me.
- People encrypt their backups and after 5 years, there was a need to restore the backup but the peoson who did the encryption left the company and nobody bothered to ask him the keys at the time of separation from the company. A major loss of data due to the Security for the Paranoid.
- Another example is the misuse of the strong password that I see in my daily technical life. People bring-in their software in a VM to show it to the customer and somebody puts a very strong password to login and it is a nuisance to type-in that password every time a person has to login as that person cannot remember this complex password. The person puts the password on a notepad visible to all so that that the person can copy and paste it every time. People do not use common sense because using a strong password is a norm. I have a list of more than 100 passwords that I store in a password protected software to use them on internet or bank sites or other internet sites. Having many passwords is another big nuisance for the paranoid who force me to use a password that should have atleast one capital letter, one number and one more special characters and it cannot be a dictionary word.Such a curse and I curse all of these people for making my life difficult to remember such a password and again they force me to change it every 90 days with another complex hard to remember password and I cannot use same password for next 8 times.
- How could I not just use my one favorite password and it is applicable for everything – but technology (or thieves) makes things difficult for people like me who like to have a simple life not dogged bt these difficult passwords.
- Like you worry about your children, I have to worry about my passwords.
I guess that this is going to stay and we have to live with it even though we may not like it.