Posted by: tycheent | May 22, 2009

SECURITY

This posting is not about Ubuntu, directly. This is about security: what is is and how does one achieve it. Certainly, having an operating system that is not subject to the assorted malware that’s out there is helpful. But the FIRST thing one must have is the proper attitude toward security.

.

There is a story going around that a certain software manufacturer managed to get a particular operating system certified as secure by NOT having it attached to the Internet. Opponents of that operating system made comments about it being even more secure if one never turned that computer on. Despite the humor of the situation, it’s not far wrong. There is NOTHING secure about the Internet. To believe that there is is to delude yourself. There is NO way that I can over-emphasize this:

.

THERE IS NOTHING SECURE ABOUT THE INTERNET.

.

If you put something on the Internet it will be accessed. If it interests somebody, it will be copied. This goes back to the simple maxim, “Tell one person a secret, and it’s no longer a secret”. This is true of not only the Internet, but of anything at all. If you don’t want people to read, view, hear or otherwise access something then don’t make it available in the first place.

.

But does this simply mean that one shouldn’t post private information on the Internet? Not at all. ANY security can be broken by dedicated people with the proper tools and the will. And there are those who definitely have the will and the tools. Hard drives and CDs with vital information can be stolen or even “mislaid”. Books can be scanned. Music CDs and video DVDs can be copied. Artwork can be copied. State and corporate “secrets” can be accessed by dedicated professionals. It’s all there and available.

.

So, what can one do about it? It’s called “risk management”:

  1. If there’s no need to put something out there, don’t do it. If you want people to NOT be able to access something, then don’t put it where they can gain access to it. This includes music and movies.

  2. Have a plan worked out in advance for the security of “hard” information, such as papers, hard drives, CDs during any movement or storage. Sending something by way of the government post-office is a good way to have it “ripped off”. Secure currier with signatures and receipts for any changes in possession is a must. First, it gives you a chain to follow if something DOES go wrong. Second, it impresses the seriousness of the situation on the individuals involved.

  3. If it is something of commercial value, then take a thought to how others might gain access to it, copy it, and/or otherwise try to get around the monetary aspects of it. It will be done. But instead of fighting it one might find it better to turn a weakness into a strength. Instead of the failed system of DRM, choose to make access easier for a reasonable price. Recognize that file-sharing actually gets your works into more hands – hands that will pay money for higher quality versions of what they’ve downloaded. And, where you’re attempting to foist off on an unsuspecting public some trash, you’ll quickly find out what the public considers trash. It is the opinions of the public that actually drive your profits. If they’re displeased, they won’t buy. If they are pleased they’ll happily pay a reasonable fee to own a valid copy.

  4. Before all else, consider how much risk there is in the dissemination of your material. If the risk is too great for you then DON’T PUT IT OUT THERE. Listen to the people who are security experts when they tell you that something isn’t working (if you’re only listening to people who agree with you – marketing people, “yes-men”, managers that haven’t worked their way up through the ranks of IT or the like – then you WILL fail to find appropriate solutions to your security problems). When you don’t know something it pays to listen to those who do.

In short, don’t blame others for your material getting away from you. They are YOUR secrets. Making them available to others is YOUR choice. Don’t blame people for being people. You’re simply attempting to transfer your OWN guilt to somebody else because you’re too immature in your attitude to accept your own responsibility.

Posted in Omnibus, Security | Tags: , , ,

«
»

Responses

  1. [...] This post was Twitted by planetubuntu – Real-url.org [...]

    By: Twitted by planetubuntu on May 22, 2009
    at 11:53 am

  2. [...] H­ere is th­e original­: S­E­CUR­ITY « A­dv­e­n­tur­e­s­ in­ a­ … [...]

    By: SECURITY « Adventures in a Perambulator « Security on May 22, 2009
    at 3:26 pm

  3. [...] Re­ad mo­re­ fro­m the­ o­rig­in­al s­o­urc­e­:  S­ECURITY­ « A­d­v­en­tures­ in­ a­ Pera­mbula&#1… [...]

    By: SECURITY « Adventures in a Perambulator « Security on May 23, 2009
    at 12:27 pm

  4. There’s a lot of myth about security. It’s not:

    * Something you buy in a box.

    * Something you install as an add-on to your machine.

    * An excuse to make your customers and coworkers miserable.

    * Something to brag about.

    You don’t get security when you:

    * Make things so obscure you forget how it works.

    * Install processes you don’t understand.

    * Need someone else to get at your own stuff.

    * Have to trade your liberties for it.

    By: jimcooncat on May 24, 2009
    at 3:51 am


Leave a response






Your response:

Categories