We can build our fortress with towering fifty-foot high, four-foot thick walls. We can build a moat thirty feet wide to surround those walls. And we can even man the castellation with the finest archers. But all will be for naught . . .
We can build our fortress with towering fifty-foot high, four-foot thick walls. We can build a moat thirty feet wide to surround those walls. And we can even man the castellation with the finest archers. But all will be for naught if the enemy crosses the drawbridge in the guise of one of our fellows and gives a good password to the gatekeeper.

Not knowing any better, our gatekeeper will surely open the gate and allow the enemy in. Once inside, the enemy wait until our guard is down, then open the gate himself to allow his cohorts in, and all we keep inside will be lost in no time.

Colorful as this analogy is, how close is it in fact to the truth of our situation? Are we really that vulnerable? The answer is yes, I'm afraid we are. If our enemy, a hacker or a corporate spy, comes to our system with a recognizable user name and armed with the corresponding password, our only remaining protection will be our internal vigilance mechanisms, which, especially on larger systems, are liable to be less than adequate to reliably detect the intruder.

The link for this article located at CrossNodes is no longer available.