July 09, 2012, 10:28 AM — Network and endpoint security may not strike you as the first place to scratch an experimental itch. After all,
protecting the company's systems and data should call into question any action that may introduce risk. But IT
security threats constantly evolve, and sometimes you have to think outside the box to keep ahead of the more
And sometimes you have to get a little crazy.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on
advice from expert contributors in InfoWorld's "Malware
Deep Dive" PDF guide. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security
Central newsletter. ]
Charles Babbage, the father of the modern computer, once said, "Propose to a man any principle, or an
instrument, however admirable, and you will observe the whole effort is directed to find a difficulty, a defect, or
an impossibility in it. If you speak to him of a machine for peeling a potato, he will pronounce it impossible: If
you peel a potato with it before his eyes, he will declare it useless, because it will not slice a pineapple."
The world of network security is no different. Offer a new means for IT defense, and
expect to meet resistance. Yet, sometimes going against the wave of traditional thinking is the surest path to
In that vein, we offer 10 security ideas that have been -- and in many cases still are -- shunned as too offbeat
to work but that function quite effectively in helping secure the company's IT assets. The companies employing
these methods don't care about arguing or placating the naysayers. They see the results and know these methods
work, and they work well.
Innovative security technique No. 1: Renaming adminsRenaming privileged accounts
to something less obvious than "administrator" is often slammed as a wasteful, "security by obscurity" defense.
However, this simple security strategy works. If the attacker hasn't already made it inside your network or host,
there's little reason to believe they'll be able to readily discern the new names for your privileged accounts. If
they don't know the names, they can't mount a successful password-guessing campaign against them.