6 Dumbest ideas in computer security

Interesting article: www.ranum.com/security/computer_security/editorials/dumb/

Ooh that's really good!

Here's a few more to be going on with:

1) Making your password policy so difficult to comply with that your users resort to writing the passwords on post-it notes on the sides of their monitors

2) Having the best IT security in the world but a useless security guard who lets undesirables into your computer room on the thinnest of excuses then leaves them there unattended

3) Bosses who give their engineers pointless tasks despite their regular protests that they need to be working on monitoring, backup, security and documentation - then blame the engineers when there is a disaster caused by lack of monitoring, backup, security or documentation

4) When your company insists on engaging a firm of 'security experts' who turn out to know much less about security than you do but are being paid a lot more

thanks for that.. you've just made me even more depressed about my job and the whole IT field in general...

That password one is great, Bishop. Government password policies are a pain...good thing they are working towards smart card log-ins.

Here's my addition to the dumb ideas:

1.) Having your network administrators do large amounts of premises cabling to save money. There's two words for that, unskilled labor. What happens is your technicians are all swamped running cables all day that there isn't time to properly do the cabling and administer the network at the same time.

2.) Replacing a perfectly good command line with GUI in an attempt to be more user friendly. I just think a keyboard will always be faster than pointing and clicking. At least until someone comes up with that thing Tom Cruise was using in Minority Report.

lol, very interesting. I encourage everyone to share what else they consider to be dumb ideas in computer security

Sorry to bifurcate(!) this thread, but the password issue is definitely one of my areas of pain. As a systems and network administrator the number of passwords I'm expected to remember is ridiculous. And they change the stupid things regularly, but never all at the same time!