Moyaboy, Sorry about the slow response. It's been a day. I was hoping others would jump in.
Quote:
|
Originally Posted by Moyaboy
But is that based on sensitive information or is the question of someone stealing your drive rhetorical? Because if someone steals your drive you have more to worry about than your data (for home users) such as real home security.
|
No, I was trying to get you to think of the consequences of data theft. What's on that drive? Who does it affect, and to what degree? What responsibility do you have to protect it? If none then go crazy.
Quote:
|
We are talking about someone wanting to steal your data, if they really wanted to then they would.
|
Certainly, the Amish Mafia can bonk you over the head and take your computer and all belongings. I'm suggesting that while locking your front door and windows you shouldn't leave the patio door open.
Quote:
|
If it was that sensitive, then why is it so accessible for your indexing purposes. Google Desktop allows you to determine which drives and folders are indexed.
|
You're right. I wish the default were less permissive. Remind you of the early days of file sharing? (Not P2P but MacOS/Windows/NFS/FTP...)
Quote:
|
The reason I mention any of this is based on home users worrying about Google Desktop, not corporate users.
|
Certainly, Google indexing is an infosec officer's nightmare. Home users should think about it to the degree their home systems contain company or important personal information. It requires consideration. A corporate analyst that isn't thinking about this isn't doing their job.
Casual home users tend to trust the big guy, maybe more than they realize. In this case the potential loss is whatever is being shared. That's an unusually large increase in vulnerability, industry-wide, which makes it deserve the concern it's getting. Any weakness will eventually be exploited and given Google's mindshare it could cause a huge exposure.
Quote:
|
Assuming the worst is a great idea, however, being paranoid about it makes it a problem all around.
|
Information security requires
appropriate paranoia on an even level. Consider all points of vulnerability and apply appropriate security while maintaining usability. Appropriate means people need to do their job but not give away the store. The even level means you don't blow the budget on telepathic deadbolts while installing a unsecured wireless access point.
Quote:
|
How do you know if someone is hacking your system, because they would make a mistake and alert you that way, otherwise, we may never know.-
|
Small installations usually run blind. While there are many tools for server & net admins to watch for these intrusions, home/so users usually run their Norton et al and try not to look more vulnerable than the next guy. Back to part one, don't assume a new hole in the wall won't be a target just because a big company watches the door. Recall that most breaches are inside jobs. A scary part of google indexing/sharing is that it's out of our control. We're outsourcing security to an unknown entity. There's likely safety in the anonymity of scale, but that's obscurity and a no-no by itself.
I'm not against new goodies. I love toys. Some just keep me up later than others. Much of the job is striking a balance between new features and old while protecting assets.
Everybody hates the security guys.
