Weblog Awards
Best Canadian Blog
2004 - 2007
Why this blog?
Until this moment I have been forced to listen while media and politicians alike have told me "what Canadians think". In all that time they never once asked.
This is just the voice of an ordinary Canadian yelling back at the radio -
"You don't speak for me."
homepage
email Kate
(goes to a private
mailserver in Europe)
I can't answer or use every tip, but all are appreciated!
Katewerk Art
Support SDA
I am not a registered charity. I cannot issue tax receipts.
Support Our Advertisers
Want lies?
Hire a regular consultant.
Want truth?
Hire an asshole.
The Pence Principle
Poor Richard's Retirement
Pilgrim's Progress
Trump The Establishment
Wind Rain Temp
Seismic Map
What They Say About SDA
"Smalldeadanimals doesn't speak for the people of Saskatchewan" - Former Sask Premier Lorne Calvert
"I got so much traffic after your post my web host asked me to buy a larger traffic allowance." - Dr.Ross McKitrick
Holy hell, woman. When you send someone traffic, you send someone TRAFFIC.My hosting provider thought I was being DDoSed. - Sean McCormick
"The New York Times link to me yesterday [...] generated one-fifth of the traffic I normally get from a link from Small Dead Animals." - Kathy Shaidle
"You may be a nasty right winger, but you're not nasty all the time!" - Warren Kinsella
"Go back to collecting your welfare livelihood. - "Michael E. Zilkowsky
The secret to secure networks is to not connect them to the internet. Pretty simple. I have a computer I use for my engineering work – not connected to the internet
Robert is right. And nuclear power plant control systems and computers are isolated from the internet. Insertion of flash disks is not permitted.
so, is Nikita’s cold war prediction that the west will ‘sell’ russia the rope they use to hang it with?
looks like it.
took the internot for that to come about. some capitalists will do A-N-Y-T-H-I-N-G for a buck.
Robert of Ottowa is exactly right.
I do “computer stuff” for a living. I’ve managed a supercomputer center and done security consulting.
First out the gate: If it does not REQUIRE connecting to a network, do not connect it to the network.
Second same idea: If it does not REQUIRE connecting to the internet, do not connect it to the internet.
Third, similar: If a given bit of software is not REQUIRED on the computer, remove it. It is an “attack surface”.
There’s more (books full) but the basics start with those three. There are “penetration testing” tools used to find weaknesses in those “attack surfaces” and every time one is found, you either remove the program if it is not absolutely required, or patch it to close the hole. You can download these ‘pen testing’ tools so anyone can test their own exposure. ( “Kali” Linux is one that is common and pretty good. Also free.)
At the Supercomputer Site we went so far as to do bug sweeps. But we were working on secret development projects. So you an go much farther than just pen testing. However:
As soon as you have what is called “air gap security” you’ve gone a long ways toward being secure. (I’ve also been at sites where we did regular WiFi sweeps to assure nobody put in a clandestine ‘access point’… you would be surprised how often that happens as folks think the isolation is inconvenient… so even with the ‘air gap’ you need to police the air…).
Near Moffett Field in Mountain View is The Blue Cube. A Very Secure Site that you can see from highway 101. It is a large cubical powder blue building with front door and parking lot. There are NO windows. It is electrically isolated as what they do is signals intelligence and they know how to block signals… Those are THE most serious of the serious security folks. What have they done most? NOT connect.
It just roils my soul to hear talk of the Internet Of Things connecting everything from my stove to my dish washer to the local power plant and dam all in one giant ball of attack surfaces. “Stupid beyond belief” doesn’t even come close. I do NOT need my TV to have a camera in it, nor need it talk to the internet for guidance as to what to do. I especially do not need my security system to do that (as they are fairly easily hacked per reports at white hat hacker conventions – with demos…) and I certainly do not need the giant dam up stream of me on the internet. Any communications to the dam from remote manager can be done over secure leased lines. Period.
My home and the appliances in it will never be internet connected other than when I allow a connection to a specific computer. Even that will be intermittent (only turned on when in use) and through 2 levels of firewall protection. I’d certainly never want my stove able to be turned on remotely, or turned off. Neither a home fire from a towel too close to an ‘off’ burner, nor botulism from an undercooked meal are “features”.
With that said:
Yes, we have a real security exposure from weaknesses in control systems. They are far too frequently connected to the internet. IIRC, it was an A/C HVAC control system that was used to gain entry to the Target company network and leveraged for credit card information theft. All THREE systems ought to have been physically isolated. CCard info on a private network. Environmentals on a private network (or better yet, only run from a local control panel / station). Corporate network isolated from both (and with at least 2 levels and preferably 3 levels of firewall between more sensitive areas and less. I.e. financials don’t need to share with marketing…so put a firewall with access control between them.)
Until companies and governments are willing to abandon the embrace of the I.O.Things mentality and pay a little extra for isolated networks and leased lines and firewalls and routers and all; that risk remains. But it doesn’t need to…