{"id":437,"date":"2013-05-10T15:57:54","date_gmt":"2013-05-10T23:57:54","guid":{"rendered":"https:\/\/formidableengineeringconsultants.com\/?p=437"},"modified":"2013-12-09T09:49:16","modified_gmt":"2013-12-09T17:49:16","slug":"the-security-enigma","status":"publish","type":"post","link":"https:\/\/formidableengineeringconsultants.com\/?p=437","title":{"rendered":"The Security Enigma"},"content":{"rendered":"<p><a href=\"https:\/\/formidableengineeringconsultants.com\/wp-content\/uploads\/2013\/05\/secure-cloud-computing2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-655 alignleft\" alt=\"3d key\" src=\"https:\/\/formidableengineeringconsultants.com\/wp-content\/uploads\/2013\/05\/secure-cloud-computing2-300x300.jpg\" width=\"300\" height=\"300\" srcset=\"https:\/\/formidableengineeringconsultants.com\/wp-content\/uploads\/2013\/05\/secure-cloud-computing2-300x300.jpg 300w, https:\/\/formidableengineeringconsultants.com\/wp-content\/uploads\/2013\/05\/secure-cloud-computing2-150x150.jpg 150w, https:\/\/formidableengineeringconsultants.com\/wp-content\/uploads\/2013\/05\/secure-cloud-computing2.jpg 693w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a>A spate of recent articles describes the proliferation of <a href=\"http:\/\/www.ft.com\/cms\/s\/0\/50e318ca-d747-11e1-8c7d-00144feabdc0.html#axzz2LV9OL0ZG\" target=\"_blank\">back doors<\/a> in systems. \u00a0There are so many such back doors in so many systems, it claims, that the idea of a completely secure and invulnerable system is, at best, a fallacy. \u00a0These back doors may be as result of the system software or even designed into the hardware. \u00a0Some back doors are designed in to the systems to facilitate remote update, diagnosis, debug and the like &#8211; usually never with the intention of being a security hole. \u00a0Some are inserted with subterfuge and espionage in mind by foreign-controlled entities keen on gaining access to otherwise secure systems. \u00a0Some may serve both purposes, as well. And some, are just design or specification errors. \u00a0This suggests that once you connect a system to a network, some one, some how will be able to access. \u00a0As if to provide an extreme example, a\u00a0recent break-in at the <a href=\"http:\/\/www.nytimes.com\/2013\/01\/31\/technology\/chinese-hackers-infiltrate-new-york-times-computers.html?pagewanted=all\" target=\"_blank\">United States Chamber of Commerce was traced to an internet-connected thermostat<\/a>.<\/p>\n<p>That&#8217;s hardware. \u00a0What about software? \u00a0Despite the abundance of anti-virus software and firewalls, a little social engineering is all you really need to get through to any system. I have written previously about the experiment in which USB memory sticks seeded in a parking lot were inserted in corporate laptops by more than half of employees who found them without any prompting. Email written as if sent from a superior is often utilized to get employees to open attached infected applications that install themselves and open a hole in a firewall for external communications and control.<\/p>\n<p>The problem is actually designed in. \u00a0The Internet was built for sharing. The sharing was originally limited to trusted sources. A network of academics. The idea that someone would try to do something awful to you &#8211; except as some sort of prank &#8211; was inconceivable.<\/p>\n<p>That was then.<\/p>\n<p>Now we are in a place where the Internet is omnipresent. \u00a0It is used for sharing and viewing cat videos and for financial transactions. \u00a0It is used for the transmission of top secret information and buying cheese. \u00a0It connected to servers containing huge volumes of sensitive and personal customer data: social security numbers, bank account numbers, credit card numbers, addresses, health information, etc. \u00a0And now, not a day goes by without reports of another breach. \u00a0Sometimes attributed to Anonymous, the Chinese, organized crime or kids with more time than sense, these break-ins are relentless and everyone is susceptible<\/p>\n<p>So what to do?<\/p>\n<p><a href=\"http:\/\/science.slashdot.org\/story\/12\/05\/23\/2058251\/return-of-thevacuum-tube\" target=\"_blank\">There is a story<\/a>, perhaps apocryphal, that, at the height of the cold war, when the United States captured a Soviet fighter jet and were examining it, they discovered that there was no solid state electronics in it. \u00a0The entire jet was designed using vacuum tubes. \u00a0That set the investigators thinking. \u00a0Were the Soviets merely backward or did they design using tubes to guard against EMP attacks?<\/p>\n<p><a href=\"http:\/\/3.bp.blogspot.com\/_DRte5F0YPxk\/Rumw3iw5NWI\/AAAAAAAAAyM\/VQgpJHEsmu8\/s400\/devo.gif\" target=\"_blank\">Backward to the future<\/a>?<\/p>\n<p>Are we headed to a place where the most secure organizations will go offline. \u00a0They will revert to paper documents, file folders and heavy cabinets stored in underground vaults? \u00a0Of course such systems are not completely secure, as no system actually is. \u00a0On the other hand, a break in requires physical presence, carting away tons of documents requires physical strength and effort. \u00a0Paper is a material object that cannot be easily spirited away as a stream of electrons. Maybe that&#8217;s the solution. But what of all the information infrastructure built up for convenience, cost effectiveness, space savings and general efficiency? Do organizations spend more money going back to paper, staples, binders and hanging folders? And then purchase vast secure spaces to stow these materials?<\/p>\n<p>Will there instead a technological fix in designing a <a href=\"http:\/\/www.huffingtonpost.com\/2011\/07\/15\/cyber-security-network-private-internet_n_899364.html\" target=\"_blank\">parallel Internet infrastructure from the ground<\/a> up redesigned so that it incorporates authentication, encryption and verifiable sender identification? Then all secure transactions and information could move to that newer, safer Internet? <a href=\"http:\/\/www.infoworld.com\/t\/network-security\/could-the-secure-domain-make-the-internet-safer-193454\" target=\"_blank\">Is that newer, safer Internet just a .secure domain<\/a>? Won&#8217;t that just be a bigger, better and more value laden target for evil-doers? And what about back-doors &#8211; even in a secure infrastructure, an open door or even a door with a breakable window ruins even the finest advanced security infrastructure.\u00a0 And, of course, there is always social engineering of people that provides access more easily that any other technique. Or spies. Or people thinking they are &#8220;doing good&#8221;.<\/p>\n<p>The real solution may not yet even be defined or known.\u00a0 Is it <a rel=\"nofollow\" href=\"http:\/\/www.technologyreview.com\/view\/509346\/investors-bet-quantum-technology-will-make-the-internet-faster-and-more-secure\" target=\"_blank\">Quantum Computing<\/a> (which is really just a parallel environment of a differently-developed computing infrastructure)? Or is it really nothing &#8211; in that there is no solution and we are stuck with tactical solutions?\u00a0 It&#8217;s an interesting question but for now, it is clear as it was some 20 years ago when Scott McNeally said it &#8220;The future of the Internet is security&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A spate of recent articles describes the proliferation of back doors in systems. \u00a0There are so many such back doors in so many systems, it claims, that the idea of a completely secure and invulnerable system is, at best, a fallacy. \u00a0These back doors may be as result of the system software or even designed [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[47,48,49,56,15,17],"tags":[46,24,38,57,89,22],"class_list":["post-437","post","type-post","status-publish","format-standard","hentry","category-data","category-databases","category-privacy","category-security","category-software","category-web-x1-0","tag-ideas","tag-reinvent","tag-revolutionary","tag-security-2","tag-software","tag-world-wide-web"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=\/wp\/v2\/posts\/437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=437"}],"version-history":[{"count":33,"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=\/wp\/v2\/posts\/437\/revisions"}],"predecessor-version":[{"id":657,"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=\/wp\/v2\/posts\/437\/revisions\/657"}],"wp:attachment":[{"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/formidableengineeringconsultants.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}