Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Inside Internet Security: What Hackers Don't Want You To Know Review by Charles Ashbacher
The basics of computer security without the hype
As a new field where speed is essential and getting there first is sometimes more important than following the correct path, computing suffers from more than its share of unsubstantiated claims. However, it is a field of human endeavor like all others we engage in, which means the social laws apply here as well. The recent burst of the "Internet bubble" should have surprised no one, as it is just the basic laws of business finally asserting themselves. Since it involves humans doing things where the consequences can be very visible, it is inevitable that it will attract people who will deface or destroy something just for the attention it generates. Therefore, like all other things we do in life, it is necessary to remain wary when using the Internet, and this book generally delivers help without the hype.
When reading this book, it is clear that most of the problems involving computer security involve fundamental oversights or misfeasance on the part of someone. As I read through the examples in this book, I was reminded of the biography I read of the Nobel prize winning physicist Richard Feynman. He managed to obtain a reputation among his fellow workers as an expert safe cracker. However, as he makes quite clear when describing his life, most of this was just simple logic and luck in combination with oversight. The people around him tended to leave their combination locks on the last number, which reduced the possibilities and one time he managed to crack a safe by simply opening it, as it had not been properly latched. Some time ago, there was an announcement of a security flaw in Linux. It turned out that if some defaults were not altered after the install, it would be possible for unauthorized persons to access the system. If there is a flaw here, it is hardly a problem with Linux.
Therefore, most of the solutions presented in the book fall under the umbrella of common sense. Use "complex" passwords and don't write them down in obvious places such as in a desk drawer. Furthermore, do not give out sensitive information over the phone, which is something I preach to my young children. The recent hilarious case of Oracle operatives doing some dumpster diving outside the Microsoft offices points out that one of the most efficient security features is to destroy any paper containing sensitive information.
While most of the book is good, there was one point where I severely disagreed with the author. On page 45 there is a chart of components with 99.9% confidence of security and a computation concerning the confidence of security for ten such components as well as the hours and days of cumulative vulnerability based on these confidence levels. Granted, the author qualifies this as being merely a theoretical discussion, but it is still very misleading. Probabilities like this are most likely not additive, as following one path means the elimination of another. To say that having a component that is 99.9% secure means that it is "open" 8.8 hours of the year is simply not correct. In fact, the author does not really define precisely what is meant by a 99.9% confidence of security.
I also question one other premise of the book, namely that a hacker defacing a site is a catastrophe. What people care about is that the data inside and all critical transmissions are secure. As long as the bank vault is untouched, I am not greatly disturbed if someone spray paints the sign out front. Most web users are smart enough to appreciate this difference.
Being aware of the risks inherent in using the Internet is the most important thing you can do to cover your caboose when using it. In this book, you will learn that using the simple awareness and common sense caution that you always use when conducting business with strangers is the best approach to security on the Internet.