For the last decade I have trained new employees for the
healthcare company I work for every two weeks in network and Internet security. The following is a summary of that training.
The first thing you need to understand about the Internet is,
it’s just a baby, well a teenager now, and it’s still growing up. So to get a
good understanding of the state of security we need to rewind the hands of time
to about 2002. Prior to that year the Internet was mostly static pages of
information. Back then it was called the Information Highway. In 2002, Google
published a white paper entitled “Web 2.0” meaning we would see an upgrade from
the Information age as it was called at the time.
The paper stated how the new web 2.0 was going to be more
dynamic, more interactive, and today we certainly see that came true. It’s like
a virtual city that delivers real things, from education to soul mates. Almost
everything you can do in a real city you can do on the Internet. For instance,
you can, shop, bank, invest, find a job, get an education, check your medical
labs, socialize, and yes, even find your soul mate! But who would build a city
and put all those goods and services, but never build a Police department?
That’s right, the Internet is a City without any security
departments, and in fact it’s left up to you alone to provide your own
protection. Beware!
Have you ever been to Russia, China, Indonesia, or
Pakistan? One thing about this new city
on the wire is it’s big, real big because it’s global. So even if you don’t
have the resources or even the desire to visit those countries, you are but one
click away from them. Who agrees there are countries in this world that don’t
like the United States or her citizens, well they are only one click from us
and you! Scary huh?
The pre-2002 Internet, wasn’t without viruses or even hacks,
but most of it was benign, website defacement with shoutz outs to hacking
groups and girlfriends, most hackers were even nice enough to backup the
original webpage so the site could be restored. I refer to this almost playful
type of hacking as Cyber tagging. But oh how things have changed, just like a
baby, through the tweens, teens and now approaching adulthood, life starts to
get serious.
Remember how I said the new web 2.0 would be dynamic,
interactive, even fun? The tool kit to make that happens comes from a vast
network of companies that plug into your Internet web browser. Companies like
Adobe, Oracle, Apple, Microsoft, and many more. For instance, if you’ve ever
watched a video on YouTube, you were using the Adobe flash player. Have you ever
opened a PDF file? That’s the Adobe Acrobat Reader. Playing games on your computer? Chances are
you were using Sun Microsystems/Oracles ‘Java.
And the list goes on and on, iTunes, QuickTime, MS Silverlight, etc.
Every one of those programs plugged into your web browser is
vulnerable, even the Browser itself can be vulnerable. In fact Java is the
worst of all. Even the Department of Homeland security issued an advisory for
Americans to uninstall it from their devices. You can diligently try to update
them all, Sigh
But not all is lost, with the Internet came new
opportunities. Industry have been born on the wire, look at eBay, Facebook,
Google, billion dollar companies, would have never happened without the
creation of the Internet.
But there is another industry making its living on the
Internet. The Cyber Criminal industry selling not only stolen information,
credit cards, and even the viruses used to steal them. Hackers are for hire and
virus writers can customize a virus to your specification. Case and point you
can buy the virus that infected Target on the Internet for $1000.
No comments:
Post a Comment