Internet Security is an Oxymoron
-
Upload
max-nokhrin -
Category
Internet
-
view
233 -
download
3
description
Transcript of Internet Security is an Oxymoron
Internet Security is an OxymoronMax Nokhrin, @mno2go
June 17, 2014
Why the talk?
• Background in Computer Science and Finance
• Work in the IT/technology space
• Took several courses on Social Media Marketing
• Realization:
• As everyone moves to using social media, there is a lack of understanding in how social media works
2
3
BSc International Finance and Computer Science
Financial Controller Intern at French bank in Ukraine
Consultant in tax credits (Canada, UK, France)
Manager, Tax Services, tax credits
From the humble beginnings
• University of California, Los Angeles (UCLA)
• Stanford Research Institute's Augmentation Research Center
• University of California, Santa Barbara (UCSB)
• University of Utah’s Computer Science Department
• Security on ARPANet (precursor to the Internet) was a trust-based system
• Essentially, still is today
4
ARPANet in 1977
5
To a global, always on network
6
Data is broken down into hundreds of small pieces before sending…
7
... and each piece can take a different path
8
How it works
• Many computers (devices) sending messages
• Across many intermediary computers (“servers” and “switches”)
• Following a standard protocol (“language”)
• Many protocols for different types of messages (email, visiting websites, instant messaging)
9
How does a message travel?
• From computer to computer between sender and recipient
• Many middle points between you and your recipient
• Between Toronto and London, a message passes through:
• 10 switches, including Toronto, Montreal, New York, London
1 message (email, photo, website visit) can take different paths and “visit” many countries
10
Cloud vs. Cloud
11
Where is data stored?
• A website address has absolutely nothing to do with where the website is actually stored
• “Cloud”
• Where a company no longer has to maintain its own servers
• Can pay Amazon to host the website and store the content
• Amazon can place the physical server in the USA, in Ireland
• In China
• Why should you care?
• Data security
• Privacy laws
• Security of your Intellectual Property12
False sense of security
• Companies generally offer only 1 level of security:
• “Access Level Security”
• As long as the bad guy can’t get into our network…
• …we don’t need to encrypt data inside it
13
You are NOT anonymous
• Each computer has an IP address
• Leased from your Internet Service Provider
• Tracked, logged and stored for 1 to 5 years
• All data posted/sent online says who sent it
• Can track each data bit to an IP address
• Can then track it back to you
14
15
No data online is secure
• Once you put something on the Internet…
• …you can NEVER delete it
• A system is secure as long as it’s not worth it to hack it
• When there are enough data records,
• someone will hack it
16
17
18
RSA SecurID Breach
19
• On March 17, 2011, RSA announced that they had been victims of “an extremely sophisticated cyber attack”
• End goal was NOT RSA…
• … it was Lockheed Martin and RSA’s other clients
• Intellectual Property theft between USA/China
• Gmail accounts of Chinese dissidents hacked in June 2011
• Core “Western” corporations hacked on a daily basis
Some other recent events
• Edward Snowden and WikiLeaks
• CRA – April 2014, officially lost 900 passwords
• Target – January 2014, lost 110 million credit card numbers
• LinkedIn – June 2012, lost 6.5 million passwords
• Because people re-use passwords, even after fixing the account on LinkedIn, users didn’t change passwords on other services
• French President’s Office – May 2012
• Iranian nuclear site (“Stuxnet”) – July 2010
20
What does this mean to me?
• Social content gets created very fast
• When communicating with people online,
• Be very aware of their privacy
• Read the privacy policy, or create a good one
• Ask tough questions: storage, security and retention
• And: don’t store data for longer than you really need to
21
Google yourself
22
Be aware
• Data on the Internet:
• Passes hundreds of computers between sender and recipient
• Gets stored on many intermediary computers
• You cannot control how many copies there are
• You can never delete it
• The Internet is not anonymous
• Your IP address is very easy to trace back to you
• Data stored in the “cloud” is a time bomb waiting to be stolen
23
Thank you!
24Max Nokhrin (LinkedIn), @mno2go (Twitter)