manualshive.com logo in svg

HP Jetdirect 310x - Print Server For Fast Ethernet, White Paper

Introducing the HP Jetdirect 310x - a high-performance print server for fast Ethernet. Find in-depth information on configuring, troubleshooting, and optimizing this product with our comprehensive user manual. Download your free copy, in the form of a white paper, from our website today and unleash the full potential of this cutting-edge device.

Share
Download
background image

1

 

 

The Philosophy of Security 

 

 

 

Table of Contents: 

 

Introduction ..................................................................................................................................... 1

 

Category Mistake ............................................................................................................................ 2

 

Ockham’s Razor .............................................................................................................................. 3

 

Ockham’s Razor Misapplied ............................................................................................................. 3

 

First Cause and Trust Anchors............................................................................................................ 5

 

Greedy Reductionism ....................................................................................................................... 8

 

The Verification Problem ................................................................................................................... 9

 

Confessions of an Unethical Hacker – Part 1 ..................................................................................... 11

 

Confessions of an Unethical Hacker – Part 2 ..................................................................................... 11

 

Confessions of an Unethical Hacker – Part 3 ..................................................................................... 12

 

People and Technology: An Analysis for Part 1 ................................................................................. 12

 

People and Technology: An Analysis for Part 2 ................................................................................. 14

 

People and Technology: An Analysis for Part 3 ................................................................................. 16

 

How Security Technology Can Help People ...................................................................................... 16

 

How People Can Hurt Security Technology ....................................................................................... 17

 

Summary ...................................................................................................................................... 20

 

 

Introduction 

 

Many security whitepapers begin with an in-depth analysis of an algorithm or they begin by showing 

how easy it is to exploit various vulnerabilities.  The intention is to scare you into performing the steps 
outlined by the whitepaper or buy the technology the whitepaper promotes.  We are not going to do 

that here.  This introduction to security endeavors to step back and look at security more generally 

and apply some basic philosophical concepts to help understand security in a more meaningful way.  

Essentially, we are going to use Holism and apply it to security.  What is Holism? 
 

Holism - 

In the philosophy of the social sciences, the view that denies that all large-scale social events 

and conditions are ultimately explicable in terms of the individuals who participated in, enjoyed, or 

suffered them. Methodological holism maintains that at least some social phenomena must be studied 
at their own autonomous, macroscopic level of analysis, that at least some social “wholes” are not 

                       

white

pa

per 

Summary of Contents for Jetdirect 310x - Print Server For Fast Ethernet

Page 1: ...owing how easy it is to exploit various vulnerabilities The intention is to scare you into performing the steps outlined by the whitepaper or buy the technology the whitepaper promotes We are not going to do that here This introduction to security endeavors to step back and look at security more generally and apply some basic philosophical concepts to help understand security in a more meaningful ...

Page 2: ...y mistake is when a tour of a university is given to a new student The tour guide takes the new student around the various buildings the school of engineering the library and so on After the tour is over the new student says something to the effect of that was all very nice but where is the university The new student has made a category mistake they assumed the university was a building micro rath...

Page 3: ...he least amount of assumptions everything else being equal This principle lends itself well to security considerations as it tends to show how flexibility and complexity can be viewed as untested assumptions For instance there are a wide variety of ways to secure a communication session For a given level of security that is desired these various ways can be compared in terms of their flexibility a...

Page 4: ... horrible breach of security so Example User decides to do some research into the Internet Book Store and the Internet Jewelry Store and found out the following The servers used to store account information are located in a highly secure building more security than his company s buildings The servers used to handle account information meet higher security standards than his company s servers The s...

Page 5: ...t Enterprise Admin and writing down the passwords for personal accounts that probably use credit cards with fraud protection anyway Simply protect them with the same care as your credit cards and you should be fine Alternatively a file can be created with the passwords and then the file would be encrypted with a pass phrase This procedure allows for the passwords to be managed and stored on the co...

Page 6: ...setup is outsourced but none of these settings really undermines my network security so I don t mind providing them to my outsourcer So the device has determined it is talking to a trusted management station how does the management station know that it is talking to a trusted device SD We use a proprietary Web Service and keep our Web Services Device Language secret PC Well that is okay I guess as...

Page 7: ... It is very important to understand what needs to be configured in order to establish these trust anchors for the security of a given solution Also not only what needs to be configured but also who is going to be configuring these items on the device in question What are some of the trust anchors in the previous solution A secure Public Key Infrastructure PKI Easily the most overlooked and hardest...

Page 8: ... team of engineers that designed it had and then develop a service plan An alternative is to make the assumption that things that break down are usually the moving parts Instead of studying the entire automobile we can now simply study the moving parts and develop a service plan around that This would be an example of using reductionism as a technique to help simplify problems of course they could...

Page 9: ...nt may in fact be stored by email servers along the way and perhaps deleted as well Note These electronic copies are available on servers that are probably not covered by your security policy There is probably a deleted copy of the PDF on the outsourcer s hard drive when it was viewed via email There is probably a deleted copy of the spool file on the outsourcer s hard drive when it was printed In...

Page 10: ...ach drive but they kept track of the actual value and correlated it with the serial number A disgruntled employee of the company had posted this serial number to key database to the underground hacking community The customer was upset at what he saw as horrible implementations of security He immediately went and looked at the manufacturer s warranty statements Dismayed he saw that the hard drives ...

Page 11: ...aught it is okay as I ll simply say that you work for me and they ve promised me that nothing will happen after all they are paying me to do this X seemed skeptical but after I told him how much the bonus was and showed him my fake contract he was all for it It is really simple I told X just go by each printer and MFP they have get the documents that are in the to be picked up pile you know the do...

Page 12: ... main site I stopped by after disconnecting the outside cable line Networking problems dispatch told me to check it out luckily I was right next door Cool Can it get to your networking equipment Yep right over here In a small wiring closet I connected my access point to a mirrored port on the switch I configured I verified I could connect securely I don t want anyone else to do that and went back ...

Page 13: ...olutions people solutions are hard There is only one problem the technology solution of requiring domain credentials to digital send doesn t actually solve anything First let s argue with the technology focused solution on its own terms It is never a good idea to supply your domain credentials to a computer that isn t a member of your domain remember our Ockham s Razor example In fact it isn t a g...

Page 14: ...esses in the United States have a lot of festive things going on at work During these times employees tend to be more helpful and friendlier Halloween even offers the opportunity to disguise your identity and you are usually encouraged to do so Many employees are not thinking about security when they are walking into work Instead they are talking with teammates thinking about a problem they have t...

Page 15: ...loyees with badges but not really a lot It may take them a few seconds longer to enter the building We haven t achieved the security of Fort Knox I mean someone can just hop over the turnstiles but we weren t trying to deploy the technology of Fort Knox What we are trying to do is allow people to be people but use technology in such a way that it helps them make good security decisions Given an em...

Page 16: ... through induced stress or through using the helpfulness of people against them This isn t to say that they don t use technology to exploit vulnerabilities it is to say that some of the most devastating attacks may not involve cracking the technology at all Putting people in a position to be successful under such conditions requires a lot of work in itself How Security Technology Can Help People A...

Page 17: ...All of their laptops and servers have encrypting storage systems and their backups are encrypted and securely stored About 15 of these employees are working on a next generation product that is critical to the success of the business All computers and MFPs are managed by an internal IT team staffed with employees of the company The IT department believes it is a good idea to protect company s inte...

Page 18: ... at the bottom to see what is being used Have I actually verified the site s certificate when presented with the opportunity to do so An unethical hacker could use technology to direct a user to a false web site when they are thinking they are going to a trusted website The Internet Explorer 6 experience when an untrusted digital certificate is a pop up dialog like this In many cases a user may ju...

Page 19: ...his is a lot different notice the symbols and explanatory text The way the information is now presented it will grab your attention If we click the Continue to this website not recommended link we get this ...

Page 20: ... come full circle Summary Many books have been written about security in regards to technology such as how to secure your networking equipment how to test for vulnerabilities in technologies how do deploy patches across the enterprise and so on These are all important topics and require dedicated people to implement and maintain This whitepaper took the approach of stepping back and looking at sec...

Reviews:

No comments

Related manuals for Jetdirect 310x - Print Server For Fast Ethernet

thomann the t.racks DS2418 User Manual preview
the t.racks DS2418
Brand: thomann Pages: 8
Keysight U4206A Quick Start And Accessory Manual preview
U4206A
Brand: Keysight Pages: 2
DigitalZone S5 HVS-5204 User Manual preview
S5 HVS-5204
Brand: DigitalZone Pages: 30
Alzatex R2012 Wiring Diagram preview
R2012
Brand: Alzatex Pages: 3
AMS TRIMB2 User Manual preview
TRIMB2
Brand: AMS Pages: 3
Tripp Lite U036-005-R Specifications preview
U036-005-R
Brand: Tripp Lite Pages: 2
Gefen EXT-HDMI1.3-142 User Manual preview
EXT-HDMI1.3-142
Brand: Gefen Pages: 13
I-PEX CABLINE-CAL Instruction Manual preview
CABLINE-CAL
Brand: I-PEX Pages: 12
OEZ OD-BL-KS03 Instructions For Use Manual preview
OD-BL-KS03
Brand: OEZ Pages: 6
ODU Easy-Clean AMC Assembly Instruction Manual preview
Easy-Clean AMC
Brand: ODU Pages: 6
FireBoard drive Fan Control Cable Quick Start Manual preview
drive Fan Control Cable
Brand: FireBoard Pages: 4
hager ZY15MS Mounting Instructions preview
ZY15MS
Brand: hager Pages: 6
TRENDnet TPE-114GS Specifications preview
TPE-114GS
Brand: TRENDnet Pages: 2
TRENDnet TPE-1011 User Manual preview
TPE-1011
Brand: TRENDnet Pages: 10
ARTHUR HOLM DynamicCableRetract AHDCRHDMI User Manual preview
DynamicCableRetract AHDCRHDMI
Brand: ARTHUR HOLM Pages: 29
Zhone 900 Maintenance Manual preview
900
Brand: Zhone Pages: 8
Sven HDMI-DVI User Manual preview
HDMI-DVI
Brand: Sven Pages: 2
NEUTRIK NP3TT-P Assembly Instructions preview
NP3TT-P
Brand: NEUTRIK Pages: 2

Brands by name

Popular brands

Load more brands