For instance, I was in the Army and Army National Guard for over 7 years.  Though I was never a career soldier, I still took it seriously, and I still do today.  Maybe too seriously.  I get very upset when I see a TV show or a movie that screws up things like rank insignia (Army sergeant rank on upside down in some sitcom I watched) or basic military rules (you do NOT salute indoors unless you are reporting to an officer – that mistake is in too many military movies).

This feeling also bleeds over big time into my chosen profession of information security.  There is a new show on NBC called Kidnapped that I have been watching and enjoying for the last few weeks.  Basically, it is about a rich family’s son getting kidnapped and the family trying to get him back.  There are all kinds of twists and turns in the plot.  The dad used to be into some bad stuff, so it seems to revolve around someone getting back at him or trying to get some stuff from him. 

Anyway, last week the family’s hired gun (ex-military, police dude, etc.) gets asked by the FBI for help.  They want him to apply for a job with a civilian-run military company (basically, mercenaries) that supposedly has info on some people they think are involved in the kidnapping.  The guy goes through some weird psych-interview, then he is placed in front on some computer by himself that has a program running with pictures flashing.  The guy looks around, then easily opens some access panel to the PC and inserts a “remote control” device in some very conveniently-placed access port.  Of course, I am thinking, “where are the cameras that should be watching this guy?” 

Then, as the agent outside in the FBI van (real unique, right?) takes over the running of the program, he runs down the hall, guided by the blue prints of the inside of the building (which that type of compnay probably just publishes on the Internet) and strolls into the server room with no challenge and no lock on any door that I can see.  There are racks of servers, switches, etc.   Then he sticks another device in the “mainframe”, and away they go. 

He does get caught, but it was only because another agent ran in the building and called a security alert in a ploy to get the main bad guy to start erasing sensitive files.  They capture the screens (with all pertinent information on the first screen – nice, huh?), thus saving them the effort of searching through records.

Yea, ok, right.  I know it probably shouldn’t bother me, but that just pisses me off.  At least TRY to make it somewhat real.  I think even a layperson without security experience would probably be thinking, “where’s the security here?”

Sheesh.

Vet

Just a few of my thoughts on the issue:

• This is from a foreign country, so I don’t know if the insurance issues are the same here in the states, but basically the concern was that if there are no signs of burglary, then your insurance company won’t pay a claim.
• The claim was that this was the end of security for physical locks.  I think this is a little bit of the ol’ FUD game, but hearing it from an experienced (30 years) locksmith makes you think a little bit.
• It brings out the need for layers in security.  An alarm system is a fairly good layer, even in houses.  At least it will deter some low-level crooks, which are your typical crooks in home burglaries.
• When it comes to businesses, they will need to start looking into alarms and better locks (keypads, etc.)
• And the overall lesson, no matter what you do, if someone is determined to break in, they probably will.  All you can do is your best.

[gv data="7Uv45y6vkcQ"][/gv]