Living in a place like Cambodia where "development" almost never refers to software, I have found that thinking low-tech is almost always the way to go. As an example, I talked a while ago with somebody who was looking for a secure way to share a central database. He was talking about connectivity throughout the country, and ways to secure the links between the central database and all the remote sites that would need access.
The guy I was talking to decided against VPN-over-dialup recommended by some overpriced Western consultants, in part because there was literally no way to get a dialup connection; the only phone service available was cellular, and even that was spotty. We finally decided the best solution was a CD burner on each end, and a person who would ride a motorcycle between headquarters and each remote site to distribute updated records. The small number of conflicts would be resolved manually by a person with a cellphone calling the sites involved to resolve them.
That's what I mean by low tech.
The "official" solution was engineered properly for a situation in which power and Internet access are both cheap and accessible. But in a place where labor is cheap and infrastructure is minimal, low tech is often the right solution.
With that in mind, here are some of my favorite low-tech solutions to security problems. They are presented in no particular order, and should certainly not be seen as recommendations for the general public. Some of these have been tried, some are just ideas I've had, and I'd appreciate your thoughts on any or all of them. I also think about security in the broad sense, with the full CIA (confidentiality, integrity, availability) triad included. Some of these things are not "sexy" security (intrusion prevention, anti-malware, etc.) but they nevertheless are important.
The extremely smart systems manager ran a few numbers and found it would be cheaper and more reliable to not use the generator to automatically cut over, but just to manually cut over at the start of the work day, turn on the necessary systems, and then turn off the systems and the generator at the end of the work day. Web operations were already hosted offshore (which in this case meant California) so they had only one or two servers with UPS to run overnight.
Reliability improved, they were available when they needed to be, and they saved money.
The solution? For at least one company, VOIP over a VPN to an office in another country. This isn't low tech, but it is a great application of VPNs to circumvent a corrupt process. In this case the content of the calls wasn't sensitive, just the fact of them.
None of the people involved were technical, so the solution I recommended was simple. A patch panel with one cable in it the uplink from the main switch to the classroom switches. Plug it in, Internet available. Unplug it, Internet unavailable. Low tech, but highly reliable.
Do you have any favorite low-tech solutions to security problems? One of the best things I have learned being here is to not discount a solution for lack of complexity. As I learned from Civilization 4, "a designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." (Antoine de Saint-Exupéry)
Nathan Spande has implemented security in medical systems during the dotcom boom and bust, and suffered through federal government security implementations. Special to Dark Reading.