Tuesday, December 2, 2014

The Internet Security Brief - Introduction


For the last decade I have trained new employees for the healthcare company I work for every two weeks in network and Internet security. The following is a summary of that training.

The first thing you need to understand about the Internet is, it’s just a baby, well a teenager now, and it’s still growing up. So to get a good understanding of the state of security we need to rewind the hands of time to about 2002. Prior to that year the Internet was mostly static pages of information. Back then it was called the Information Highway. In 2002, Google published a white paper entitled “Web 2.0” meaning we would see an upgrade from the Information age as it was called at the time.

The paper stated how the new web 2.0 was going to be more dynamic, more interactive, and today we certainly see that came true. It’s like a virtual city that delivers real things, from education to soul mates. Almost everything you can do in a real city you can do on the Internet. For instance, you can, shop, bank, invest, find a job, get an education, check your medical labs, socialize, and yes, even find your soul mate! But who would build a city and put all those goods and services, but never build a Police department?

That’s right, the Internet is a City without any security departments, and in fact it’s left up to you alone to provide your own protection. Beware!

Have you ever been to Russia, China, Indonesia, or Pakistan?  One thing about this new city on the wire is it’s big, real big because it’s global. So even if you don’t have the resources or even the desire to visit those countries, you are but one click away from them. Who agrees there are countries in this world that don’t like the United States or her citizens, well they are only one click from us and you! Scary huh?

The pre-2002 Internet, wasn’t without viruses or even hacks, but most of it was benign, website defacement with shoutz outs to hacking groups and girlfriends, most hackers were even nice enough to backup the original webpage so the site could be restored. I refer to this almost playful type of hacking as Cyber tagging. But oh how things have changed, just like a baby, through the tweens, teens and now approaching adulthood, life starts to get serious.

Remember how I said the new web 2.0 would be dynamic, interactive, even fun? The tool kit to make that happens comes from a vast network of companies that plug into your Internet web browser. Companies like Adobe, Oracle, Apple, Microsoft, and many more. For instance, if you’ve ever watched a video on YouTube, you were using the Adobe flash player. Have you ever opened a PDF file? That’s the Adobe Acrobat Reader.  Playing games on your computer? Chances are you were using Sun Microsystems/Oracles ‘Java.  And the list goes on and on, iTunes, QuickTime, MS Silverlight, etc.

Every one of those programs plugged into your web browser is vulnerable, even the Browser itself can be vulnerable. In fact Java is the worst of all. Even the Department of Homeland security issued an advisory for Americans to uninstall it from their devices. You can diligently try to update them all, Sigh




But not all is lost, with the Internet came new opportunities. Industry have been born on the wire, look at eBay, Facebook, Google, billion dollar companies, would have never happened without the creation of the Internet.
 
But there is another industry making its living on the Internet. The Cyber Criminal industry selling not only stolen information, credit cards, and even the viruses used to steal them. Hackers are for hire and virus writers can customize a virus to your specification. Case and point you can buy the virus that infected Target on the Internet for $1000.



No comments:

Post a Comment