Security basics

[Jacques B.]

<snip>
> With a safe, it's expected that the perpetrator will be caught within
> that hour and will not be allowed to resume the cracking.
> With your computer, you might not notice the problem until you look at
> the log (days/weeks later?) and even if you notice it in time, you can't
> apprehend the intruder -- you must block them somehow and not allow them
> to continue hacking, which is pretty hard because they can use
> proxies/etc and appear to come from some other IP address.

Reminds me of a case where people broke into a business and cracked
open a huge floor safe and stole the contents.  Prior to entering they
took steps to disable a potential alarm and tested parts of the
building for an alarm.  Once they got in they tipped this big safe
onto its side and hacked away at it until they got in.  It may very
well have been a one hour safe.  But it was in a hardware store where
the thieves could use the tools on the floor to assist in breaking
into the safe.  And the business was closed from early evening until
the next morning  - much more than 1 hour so lots of time to get
through a 1 hour safe.

Same as what was suggested for your computer and a "1 hour" password.
Unless you are monitoring your logs (manually or using some auditing
tool) hourly you are still at risk (like all of us).  As was suggested
earlier in the thread you have to implement layers of protections.  A
hacker may be able to get through one or two.  But unless they can
penetrate all the layers they will not get in.

Jacques B.