[PLUG] Encrypting LPR data
Ronald Chmara
ron at Opus1.COM
Thu Apr 7 09:12:45 UTC 2005
On Apr 7, 2005, at 12:03 AM, Keith Lofstrom wrote:
> Any other ideas? I guess if my physical network is penetrated, I am
> Owned anyway. Time to upgrade the security alarm ...
Physical? The so-called traditional "physical" layer stopped mattering
a *long* time ago. Remember the 386?
One word:
Tempest.
Okay, maybe that's a bit short and alarmist, and I should use more
words.
Let me put it another way:
If your data needs *require* more security, the less your systems emit,
the better, be it WiFi or simple UTP....
Oh, and since most breaches occur inside, you should monitor their drug
use, credit records, social life, politics, and sexual history of all
of your employees, and EMP and de-and-re-magnetize them on every
entrance and exit from their cages....
As you may (should?) have noted by now, I am postulating an argument of
extremes. Creating security in a network cannot ever be about making a
network "totally secure", unless you have unlimited resources and an
unlimited budget. Since *nobody* has that (and yes, I do mean nobody),
it becomes a question of balance.
Bops rule (somebody *should* have a prior rule....) of secrecy:
#1: Every secret has a cost, be it in losing, or keeping, the secret.
If you spend 50k guarding something that has a 10K cost, that's, well,
silly.
Getting back to LPR... if you're worried, run cable! I've seen some
sites where the CEO is STP to their officers, and where I have guns
trained on me while I worked. So what.
It's a very simple formula:
Security < Value of secret: Less security
Security > Value of secret: More security
If the LPR data matters enough to protect the things "on the wire",
it's a done deal.
-Bop
More information about the PLUG
mailing list