Thinking about getting gas. Then Ranting.

Security is way harder than people realise. In the end, the only (mostly) reliable approach is air gapping — every employee who needs access to sensitive stuff has two computers, one connected to the Internet and one connected to the sensitive system. There is no connection between the two (the "air gap"), and no remote access for the sensitive system. That's reportedly the approach many defense departments take (though, obviously, they don't tweet about it).

VPNs, firewalls, etc, add a lot of protection, but if you're connected to the Internet, you're still potentially breachable if a major actor (government or otherwise) cares enough to put in the effort, plus there's always much-simpler social engineering.
 
David Megginson said:
Security is way harder than people realise. In the end, the only (mostly) reliable approach is air gapping — every employee who needs access to sensitive stuff has two computers, one connected to the Internet and one connected to the sensitive system....
Click to expand...

Yup - for those that have seen real classified system... It's not at all like hollywood where a main character takes the laptop home, connects from home, etc.

Real classified systems even worry about cross-talk...
 
Bob Noel said:
Yup - for those that have seen real classified system... It's not at all like hollywood where a main character takes the laptop home, connects from home, etc.

Real classified systems even worry about cross-talk...
Click to expand...

LOL yeah. We couldn’t even do that on unclassified DOE systems twenty years ago.

There’s orgs with enough money and enough secrets to make it economically viable to do it right...

Well assuming trillions in debt is economically viable anyway. Technically they can’t afford it either...
 
denverpilot said:
LOL yeah. We couldn’t even do that on unclassified DOE systems twenty years ago.

There’s orgs with enough money and enough secrets to make it economically viable to do it right...

Well assuming trillions in debt is economically viable anyway. Technically they can’t afford it either...
Click to expand...
And even then there are leaks. I give you Edward Snowden. And several others. Sometimes the technical solution isn't the problem.

Speaking of which, let's see what kind of trouble happens as pimeyes becomes better known.

Technology is a blessing and curse.
 
denverpilot said:
...

Well assuming trillions in debt is economically viable anyway. Technically they can’t afford it either...
Click to expand...

well, the trillions in debt isn't because of the cost of the classified systems. And don't forget why information is classified. I know there are some with the crazy *** view that everything is over-classified, but sometimes we have to protect the sources of information, sometimes to protect vulnerabilities, and sometimes to protect advantages.
 
David Megginson said:
An external contractor has access to copy unlimited amounts of data onto USB sticks. Maybe not the best example.
Click to expand...
That would be exactly the point. The more folks that have more access to info, the greater the risk.

This is nothing new, however. I'll have to find the link, standby.
 
Bob Noel said:
well, the trillions in debt isn't because of the cost of the classified systems. And don't forget why information is classified. I know there are some with the crazy *** view that everything is over-classified, but sometimes we have to protect the sources of information, sometimes to protect vulnerabilities, and sometimes to protect advantages.
Click to expand...

Huh. When I’m broke I can’t blame the other stuff in my budget for things. That’s a cute new one.
 
Bob Noel said:
What the heck are you talking about?
Click to expand...

Spending is spending. Doesn’t matter if you need it or not as to whether you can afford it. Increasing debt means you can’t, mathematically. That’s all I was saying.

Doesn’t matter which dept or how important they think they are is spending it.

The excuse that it’s another dept spending all the money doesn’t matter where I work. We all go bankrupt together.

I’d love a blank check to secure my stuff.

Wouldn’t work anyway.

If Garmin can’t afford to do it right, we sure as hell can’t.

Apple and Microsoft and numerous other vendors of ours have billions. They still deliver us total garbage code.

A week of downtime and $5M is cheaper than what some of our customers want. They’d have to send us $5M a quarter to get it. It’s adorable.

We can’t even come close to hiring a 1:1 ratio of security staff to the customer. That’s more staff than the entire company.

And they have to continually go into deeper debt to afford it. We won’t. We don’t have that option.

We’ve had this conversation more than once...

——

We want you to do X.

We won’t be doing that this year unless we quadruple your price and even then it’s unlikely.

Mmm but we want it.

That’s nice.

Okay by next year.

Doubt it, but sure, we’ll try. If you mandate it, we’ll send over the updated price. It’ll be higher by then.

But you’re critical infrastructure.

Better start paying like it is, then.

——

It’s a ridiculous game of bankruptcy chicken.

We aren’t going bankrupt because someone wants something that they won’t pay for, that’s for sure.

In the end it’s all simply unaffordable.

One sweet single mom employee who needs $1000 for a kids medical bill and has never done a bad thing in her life, takes out my entire company, easy... if a bad actor knows enough about my architecture. Easy. Fully background checked and badged and all of it.

You know how many 100% dedicated security staff we have? Zero.

I have government customers who’ve sent 30 analysts to a single meeting. Their “needs” for what they’re willing to pay are truly adorable.

Oh but they’ve got 30 people available for a meeting to ask for another copy of a document they lost, twice. Took em about fifteen minutes to realize they could just email it to each other.

It truly is that ludicrous. 30 people sitting around getting paid on debt money who can’t figure out how to email things to each other.

I wish that weren’t a true story but it is.
 
wsuffa said:
That would be exactly the point. The more folks that have more access to info, the greater the risk.

This is nothing new, however. I'll have to find the link, standby.
Click to expand...
Exactly. In a fully-secure environment, Mr Snowden would have had terminal-only access, with no ability to copy data onto external media. USB sticks are also a common vector for incoming attacks, so it's really surprising his computer even had a USB port

By comparison, I know of one international organisation that has to move very sensitive data out of a country in conflict. I'm not sure of the physical media, but here's how they do it:
  1. Encrypt the data using a new, one-off key.
  2. Send the encrypted data with a courier who does not have the key.
  3. Send the key with a different courier, on a different day, flying a different route.
There is no use of the internet. If one courier gets intercepted, their information is useless without the other. Ditto if one of the couriers wanted to leak the information.

However, that's a lot of work, expense, and inconvenience, so most organisations eventually fall into shortcuts. And there are many Internet security-software companies selling false confidence (it can be secure AND easy!!!) through government contracts.
 
Security is easy: Unplug the computer, grind it into a fine powder, encase it in concrete and shoot it into the sun. It's still not 100% but your data is pretty secure.

Usable security is slightly harder.
 
chartbundle said:
Security is easy: Unplug the computer, grind it into a fine powder, encase it in concrete and shoot it into the sun. It's still not 100% but your data is pretty secure.

Usable security is slightly harder.
Click to expand...
True — it just depends on how important it is a) to protect the data and b) to ensure the integrity of the system.

If you're a mid-sized online retailer, a consumer-level VPN is probably good enough; if you're military intelligence, you need air gapping, customised hardware, and security measures like no private phones in the office.

If you just want to drive the surveillance people crazy on the cheap, make two copies of a one-time pad and send public, uncrackable encrypted messages back and forth to a friend in Russia or China on Twitter (subject doesn't matter — sports or weather work fine).
 
David Megginson said:
True — it just depends on how important it is a) to protect the data and b) to ensure the integrity of the system.

If you're a mid-sized online retailer, a consumer-level VPN is probably good enough; if you're military intelligence, you need air gapping, customised hardware, and security measures like no private phones in the office.

If you just want to drive the surveillance people crazy on the cheap, make two copies of a one-time pad and send public, uncrackable encrypted messages back and forth to a friend in Russia or China on Twitter (subject doesn't matter — sports or weather work fine).
Click to expand...
I don't know about Russia, but twitter is blocked in China, we use WeChat. And I wouldn't pull that stunt if I cared at all for my friends in China. I've the impression their monitors are a humorless lot.
 
David Megginson said:
Exactly. In a fully-secure environment, Mr Snowden would have had terminal-only access, with no ability to copy data onto external media. USB sticks are also a common vector for incoming attacks, so it's really surprising his computer even had a USB port

By comparison, I know of one international organisation that has to move very sensitive data out of a country in conflict. I'm not sure of the physical media, but here's how they do it:
  1. Encrypt the data using a new, one-off key.
  2. Send the encrypted data with a courier who does not have the key.
  3. Send the key with a different courier, on a different day, flying a different route.
There is no use of the internet. If one courier gets intercepted, their information is useless without the other. Ditto if one of the couriers wanted to leak the information.

However, that's a lot of work, expense, and inconvenience, so most organisations eventually fall into shortcuts. And there are many Internet security-software companies selling false confidence (it can be secure AND easy!!!) through government contracts.
Click to expand...
There are secure ways to transmit the data. Just as there are secure voice channels.

No Snowden should not have had full access. But he also was cleared to get the data. Compartments exist for a reason. SCIFs exist for a reason.

At some point, someone has access to the data. And as long as there are humans in the chain, there will be risks. Even in the pre-computer days (Mark Felt, Aldrich Ames, Robert Hanssen, Rosenbergs). All the background checks in the world won't stop 100%.

The job of the security professional is to minimize and mitigate the risks, and that may involve multiple layers.
 
wsuffa said:
Even in the pre-computer days (Mark Felt, Aldrich Ames, Robert Hanssen, Rosenbergs).
Click to expand...
And Stalin already knew about the atomic bomb project when Truman told him about it in 1945.
 
NMCI = No More Computer Information.
One of the several things I look forward to with retirement is to not have to deal with NMCI.
Absolute piece of junk. So secure that nothing works. Reboot 3-5 times a week. Last week my computer was quarantined. No explanation. Took three days to get it back.
If your home computer ran like it does no one would have one.
 
You must log in or register to reply here.
Back
Top