Security
Unlike the early days of the Internet, where a limited number of sites
helped maintain security, today's ISP's are providing Internet access
to anyone for a few dollars a month. Unfortunately, not everyone
gaining this access has had good intentions, as is shown by the number
of reports of attacks on specific sites and the Internet itself.
However, computer security is a complex topic about which many books
have been written and many more could still be written without fully
covering the subject. Of course, if things were not complex enough,
the fact that many security solutions involve which are export
controlled by the US goverment makes things extremely difficult, and
leaves many sites relying on common ``solutions'' such as firewalls do
nothing more than give folks a false sense of safety. All in all, one
can begin to see why the only totally secure computer is one which is
turned off, unplugged, and sealed inside of much concrete.
Over the years, I have deal with several security issues. This has
included things such as system backups (yes, these really fall under
security), strong authentication (such as Kerberos), data encryption,
and firewalls. What I have learned over these years can be summarized
as follows:
- The larger the site, the harder it is to administer, and
therefore, the harder it is to maintain security.
- Without a doubt, most sites follow a "Tootsie Roll" policy, which
results in a hard shell over a soft, chewey middle. Moral: Never
forget that employees and equipment failures are the largest potential
security problem.
- You have never covered every possible security problem.