Internet Security

I wanted to put out a little clarification on what rules and what things should people be thinking about when they are considering security on the Internet.

The axioms for securing data on the Internet are as follows:

1. Nothing is secure.
2. Nothing on the Internet and especially the web is secure.
3. Don’t put anything on the Internet you don’t want others to see.
4. Internet security is not about making something impossible to see, but about how inconvenient you can make it for unauthorized people to see.
5. Given enough time, resources, and desire any security system can be broken.
6. Given the above, information on the Internet is only as secure as how inconvenient you can make it to where it is not worth the time and resources, and is undesirable to get that information.
7. Generally, information does not want to be free, but some if not many people would like it to be.
8. Be aware, today’s inconvenience is tomorrow’s relatively simple task. In other words, no security system stays inconvenient for long.
9. Be aware, what is desirable is a relative thing. What may be undesirable to you might be extremely desirable to someone else.
10. Be aware, time is a relative thing, given enough resources, time can be greatly reduced.
11. Be aware, resources are a relative thing. It can be anything from people, money, information, equipment, access, etc.

What are a few poor uses of the Internet?

1. Storage and access of personal or private information
2. Storage and access of financial data
3. Storage and access of health data
4. Storage and access of private security data
5. Storage and access of data that could cause someone to get hurt, insulted, killed, or sued
6. Storage and access of corporate secrets
7. If you are going to use or implement any of the “poor uses of the Internet” as I have defined then, then you had better figure out a way to make your data as inconvenient and undesirable as possible. This is a tall order as both terms are relative. What is enough inconvenience and what makes your data undesirable.

What is generally inconvenient?

1. Strong and currently unbroken encryption
2. Very restricted user access to data
3. Very restricted network and physical access to the systems that house the data
4. Highly monitored and audited systems that house the data
5. Systems that contain many traps for unsuspecting intruders
6. Systems that hide their identity such as what OS it is running, and what services it is running

What makes something inconvenient?

1. If it takes too much money
2. If it takes too much time
3. If it takes too many people
4. If it takes too much information
5. If it takes too much expertise
6. If it takes too much equipment
7. If it takes too much access
8. If it cannot be easily reproduced or repeated

What is generally undesirable information?

1. Nothing