Home | Hardware | Internet News |Web Hosting |IT Management |Network Storage
LinuxPlanet
Search 
  Power Search | Tips 

 Front Door
 Discussion
 LinuxEngine
 Opinions
 Reports
 Reviews
 Tutorials
 News
 Technology Jobs

 Browse by subject.
Free Newsletter

Linux Planet
 Linux Today
More Free Newsletters

Be a Commerce Partner



internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
Print this article
Email this article
   LinuxPlanet / Reports






Why Do Security Pros Forget About Users?
A Security Lesson in a Washbasin

Kenneth Van Wyk
Friday, November 14, 2008 12:48:13 PM

Editor's note: there is an important lesson here for Linux security pros and admins-- even though Linux has a strong security track record, the weakest link is almost always our users. We need to help them, rather than blame them.

When did we forget about the users? At some point, it seems to me that the security community simply forgot about the users. I want to know why.

Many people believe—perhaps with good reason—security is simply an inhibiting function, preventing our users from doing what they feel they need to. They say they want to do something; we tell them no.

Sure, we security folk know that's an unfair generalization, and the reality isn't all that bad, but at the very least it's a common perception of what the IT security department does. We tell them no.

But that's not the way it should be. We can do better. Let's take a moment to learn something from software developers. They often make use of a simple process called use cases. We stand to learn something useful from the use case process.

First, let's consider an example of failure to consider use cases, although this failure has nothing to do with computers. While traveling on business last week in London, I experienced a men's room washbasin with two water spigots: a hot and a cold one. No big deal, right? Well, the two spigots dispensed their water separately, about 6 inches apart from each other. So, how does one wash his hands with warm—not hot—water?

Do you rapidly move your hands from the hot to the cold, in hopes that the average will somehow be to your liking? Do they expect us to fill the sink with some hot and some cold, and then wash our hands in the resulting pool of warm water? That must be what they intended, but what ends up happening is that you either wash with scalding hot, or with ice cold. Crazy, and all because no one considered the use case when “designing” the washbasin.

A more user-focused way of designing the wash basin would have been to consider how a user would want to wash his hands—under a single warm water flow—and design a single spigot accordingly. Pretty straight forward stuff, right?

So where's the security lesson?

Next: Apple Shows How it Should Be Done »

Skip Ahead

1 A Security Lesson in a Washbasin
2 Apple Shows How it Should Be Done





Linux is a trademark of Linus Torvalds.


internet.com home | search | help! | about us

Jupiter Online Media

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Web Hosting | Newsletters | Tech Jobs | Shopping | E-mail Offers