Wednesday, December 31, 2014

Computer Security Made Simple for Not-So-Dummies

Ars Technica reports that the NSA can uncloak practically all VPN traffic. What they don't mention is that it ain't just the NSA. There's very little that can keep a determined cracker out of an accessible computer system.

OK, here's the skinny on network security, and it's no joke.

If it's really, really important that you keep something secret, do not put it anywhere near the Internet. It can be on a COMPUTER if the computer is not connected to the Internet. Encryption will not make anything secure: it will only make it harder to read. This is not new with the advent of computing. If it's vitally important that no one else shares something, then don't you share it in the first place, and don't you leave it lying around unsecured (which is what putting it in an internet-connected location amounts to).

This is a principle of security that has been known for thousands of years. In prior times it was stated in a number of ways:
  • "Three can keep a secret if two of them are dead." -- Benjamin Franklin
  • "Dead men tell no tales." -- Hundreds of pirates
  • "Cash transactions ONLY" -- Every drug dealer who's never been caught

If it's necessary that your work be shared among a team, then your data can be on a NETWORK. It can even be in a WORKGROUP, but that network and that workgroup must be self contained and not connected to the outside world. That means no Internet. No wireless routers and hubs. No computers whatsoever in unsecured locations (as in, not behind a locked door).

Simple, right?

In every other case you must assume that a dedicated, knowledgeable computer expert can access your data. That's honestly not a new question for you, either. You make the same kinds of decisions when you choose what types of locks to buy (if any), or whether you're going to put bars on your windows or an alarm in a house or business. We all know we're not fundamentally secure against any sort of intruder. We temper our decisions with common sense and expectations. The big questions for you are simply these: Is what you have worth stealing? Does the value outweigh the bother that they'd have to go through? Use the appropriate level of security, and don't get too discouraged by the realization that it really isn't enough to prevent a breach, nor can it be.

Finally, what's its value to you? In computing, this is your measure of the value of a backup.

You can get mired down in details of what kind of firewall to implement, what kind of antivirus software, should you encrypt your drives, etc. Know that these are the same decisions you make when buying fences and locks. You can get information on all of that from anywhere. But what you're less likely to hear is that, as with physical alarms and locks, there is no system that will prevent a determined thief from gaining access if he wants it. Locks don't exist to prevent theft: they exist to discourage thieves. That is the very best they can do, be they physical or digital.

And that's the single most important thing you need to know about security.

No comments:

Post a Comment