Going through security...
"Just a song before I go..." begins a song from a legacy band of the late 60s - Crosby, Stills, and Nash. The song is of a transit time we all face in leaving a loved one for a voyage and its apprehension. At the time this song was written, 9/11/01 was ten or so years into the future, so the ability for the singer to hold his loved one while going through security can no longer happen.
"Going through security
I held her for so long
She finally looked at me in love
And she was gone"
Today I was on the phone to a client calming them down about their PCs being "invaded" by the plethora of nasties out and about. They are an all Windows shop, and pretty much had what they thought was sufficient lines of defense -- exterior firewall, interior DMZ, router using NATs, individual PCs coated with Norton Internet Security and AntiVirus, Webroot's Spy Sweeper, XP SP 2 and its firewall turned on, etc. Took me all of three minutes to go past it all and freely read files on all of their machines using openly-posted tools built by hackers just for that purpose -- and I'm sure there are those out there that could have done it in less time with less steps...but the point was that I COULD get in past all of their "security" and reach their mother lode.
In desparation, they felt worse than better...but I reassured them in the fact that, by finding out their weaknesses, I could show them how to close these gaps and be wary of others. The Discovery Channel has a program that "stole" its title from a 1960's TV show, "It Takes a Thief" to legally rip people off in the hopes they will learn how to handle it...nifty premise, but far too expensive for a normal homeowner to use.
When it comes to PC security, Rule One is that NO operating system is 100% foolproof. Rule Two is that if ANYONE wants to get in and knows ALL of the tricks, they WILL get in. You mission, Jim, should you decide to accept it, is to judge what to do with your belongings, not how to put your PC into total uselessness by overloading it with security shells. What does this mean? Well, if you encrypt your sensitive documents, if you block your PCs outbound network sharing, if you change your passwords regularly or use a biometric key, then no matter how they get in, what they find is next to useless. Do they have time to decrypt documents? Break internal VPN passwords? Hack around the biometrics?
I'm not saying you throw down all of the defenses...you just make their approaches meaningless. Folks want to hack to FIND something...not to do it and just brag that they did. If they don't have proof (by modifying web pages, stealing personal info, etc), then no one believes it.
There are many tools to encrypt files and information that use the strongest methodologies known to mankind. Trying to decrypt this with programs even would require twenty years of compute time...and then the information inside them would be useless. There's a UK group that announced they finally decrypted a sixty-plus year old Enigma message that WASN'T created by a computer, but a machine with human-movable parts. They offer a downloadable applet to use your "free" computer time to help decrypt the rest of these messages. For what purpose? To say it could be done? To add a historical footnote?
Your choice of security methodologies needs to be more than the thickness and armor around the outside of the city. The right catapult will smash your armies to death within the walls without having to use a battering ram -- the defense approach you thought would be needed. Look into the encryption techniques...the configuration for the internals of the system...and you will find the mentality of the hacker will change and start to leave you alone.
"Going through security
I held her for so long
She finally looked at me in love
And she was gone"
Today I was on the phone to a client calming them down about their PCs being "invaded" by the plethora of nasties out and about. They are an all Windows shop, and pretty much had what they thought was sufficient lines of defense -- exterior firewall, interior DMZ, router using NATs, individual PCs coated with Norton Internet Security and AntiVirus, Webroot's Spy Sweeper, XP SP 2 and its firewall turned on, etc. Took me all of three minutes to go past it all and freely read files on all of their machines using openly-posted tools built by hackers just for that purpose -- and I'm sure there are those out there that could have done it in less time with less steps...but the point was that I COULD get in past all of their "security" and reach their mother lode.
In desparation, they felt worse than better...but I reassured them in the fact that, by finding out their weaknesses, I could show them how to close these gaps and be wary of others. The Discovery Channel has a program that "stole" its title from a 1960's TV show, "It Takes a Thief" to legally rip people off in the hopes they will learn how to handle it...nifty premise, but far too expensive for a normal homeowner to use.
When it comes to PC security, Rule One is that NO operating system is 100% foolproof. Rule Two is that if ANYONE wants to get in and knows ALL of the tricks, they WILL get in. You mission, Jim, should you decide to accept it, is to judge what to do with your belongings, not how to put your PC into total uselessness by overloading it with security shells. What does this mean? Well, if you encrypt your sensitive documents, if you block your PCs outbound network sharing, if you change your passwords regularly or use a biometric key, then no matter how they get in, what they find is next to useless. Do they have time to decrypt documents? Break internal VPN passwords? Hack around the biometrics?
I'm not saying you throw down all of the defenses...you just make their approaches meaningless. Folks want to hack to FIND something...not to do it and just brag that they did. If they don't have proof (by modifying web pages, stealing personal info, etc), then no one believes it.
There are many tools to encrypt files and information that use the strongest methodologies known to mankind. Trying to decrypt this with programs even would require twenty years of compute time...and then the information inside them would be useless. There's a UK group that announced they finally decrypted a sixty-plus year old Enigma message that WASN'T created by a computer, but a machine with human-movable parts. They offer a downloadable applet to use your "free" computer time to help decrypt the rest of these messages. For what purpose? To say it could be done? To add a historical footnote?
Your choice of security methodologies needs to be more than the thickness and armor around the outside of the city. The right catapult will smash your armies to death within the walls without having to use a battering ram -- the defense approach you thought would be needed. Look into the encryption techniques...the configuration for the internals of the system...and you will find the mentality of the hacker will change and start to leave you alone.
posted by Mark Underwood at
6:55 PM
0 Comments:
Post a Comment
<< Home