Popular Myths-2

5. Thanks to the technology, you don't need physical protection or security policy:

This is false. People deny the simple truth can the system can only protect when it's turned on. If the system is off, there is no guarantee that the data stored in it is self.

Let's take an example of firewall; even if you pay for a mid range firewall, there is no guarantee that it can save you from locally driven attacks which can be performed in a system next to yours.

Technological security measures are necessary.

6. Effective security is achieved through obscurity(not discovered):

This assumption means, the lesser you use your system, the more secure it is. Not getting connected to internet is not the solution. Any system that performs some activity will be able to disclose a lot in its configurations and people who manage that can understand.

7. Client side security successfully protects server:

As a sever administration, you have no control over client computer. The example is the client application, which does not allow user to put minus 1 as a value in the price field in online shop. But as you can't control, the client could be the administrator and use it freely.

The user could tamper with your functionality of your web page. Not knowing coding, the user may not be able to modify the code of the web page but can connect it to the page bypassing your application on a public server.

8. Cracking passwords is the biggest threat:

If an attacker can intercept the encrypted passwords, it can masquerade as the user instead of cracking the password in the authenticating system.

9. Total computer system security is a priority in all case:

Total security is not likely to happen for both computer or any device. In this case, making a system completely secure is impractical and also financially also as it is not capable of working successfully.