July 2014 Archives

Protecting and Promoting the Open Internet

| 0 Comments
| | | |

As an everyday consumer I pay an Internet service provider (ISP) a monthly fee for access to the Internet. As a programmer and technologist I pay a colocation facility for space, power and bandwidth to participate on the Internet. Both the colocation facility and my local ISP themselves pay "upstream" provers for Internet access. These upstream providers then engage in "peering" agreements where ISPs interlink their networks with each other resulting in an interconnection of networks, the Internet. As the Federal Communication Commission itself has stated, "The Internet is a vital platform for innovation, economic growth and free expression", a platform that I build upon everyday. As such, the interconnection of these networks and equality of communication that these networks carry is of utmost importance to me.

This "net neutrality" has become an important cornerstone of the Internet that enables me to prosper. In order to keep an Internet that myself, and millions of others, can continue to grow and depend on, I urge the FCC to continue on the path started with the "Protecting and Promoting the Open Internet" notice to ensure the Internet remains an open platform for innovation and expression. Specifically, I believe the best legal method granted by the United States Congress for the FCC's oversight of internet service providers depends upon the reclassification of ISPs as common carriers under Title II of the Communications Act of 1934. By classify ISPs as common carriers the FCC will be realizing that their "platform" is a public utility and that additional prioritization arrangement, or "fast lanes" have the potencial to negatively impact "innovation, economic growth and free expression" as expressed by myself and others on a daily basis.

Comment to FCC Proceeding #14-28

How to Secure Your Website Part III: Keeping You and Your Website Safe

| 0 Comments
| | | |

First published: 30th of May 2014 for Orbit Media Studios

History
In the late 1960s the mathematician Whitfield Diffie, now a well known cryptographer, started his graduate work at Stanford. There he was introduced to the growing prominence of "time-sharing" computing, computers powerful enough to allow more than one user or task to execute at the same time. Contemplating the security implications of these new systems, Diffie and his colleagues realized that our everyday concepts of privacy and security would have to enforceable in the new digital age.

Unfortunately, in the 1980s, the developments of multitasking and computer security were pushed aside for a new vision; computers became independent and personal. They sat on a desk, not in some closed off room. They had all the required resources right there and didn't require connecting to another system. They just got about doing one thing, in real time, with just one user.

Evolution
As the personal computer evolved, features from the days of mainframes and minicomputers were introduced. Multitasking and networking made their way into our everyday lives. Soon everyone had an email address and was finding their way onto the "Information Superhighway." Unfortunately, the vision of an independent personal computer lead us to develop some bad habits and a false sense of security.

Consider what has been mentioned in the previous two posts about data in transit and in storage:

  • Encrypting and decrypting data requires intense mathematical computation, which can impact processing time and the perception of an application's responsiveness. In the world of 80s-era personal computing, the computer was not regularly connected to any remote device, was not executing multiple applications at the same time, was not interacting with various users and was not easily portable. At the time encryption was not popular because of the performance hit and limited security benefit.

Unfortunately, this habit of speed over security has continued. Platform and application developers still routinely shortcut security concerns in the name of performance.

  • The Internet provides a previously unknown sense of immediacy and intimacy despite great physical distances. Email and social networks allow us to view and share thoughts throughout the world as they occur. Ecommerce sites can organize lists of items personalized to one's tastes and fashions.

This intimacy creates a false sense of security, that one is safe, among friends and trusted institutions. Yet, the wildly successful networking protocol TCP/IP, the foundation of today's Internet, was originally developed as a research initiative. It forsake some concerns, such as security, for others, such as simplicity of implementation as research drove itself to an initial, small-scale (by today's standards) implementation.

Safety Tips
There are, of course, steps that system architects and developers can take to rectify this situation. But there are also steps that users of these systems, be it end users of a website or proprietor of it, can take:

  • Be aware of what data is being collected, how it is communicated

    • What information is being requested, can it be considered "sensitive"

    • Review how data is being transmitted between systems

    • If it is "sensitive" is it being transmitted securely

  • be aware of how information is being stored

    • Review what data is being stored

    • If the data is  "sensitive" is it being stored securely

    • Review "roles" assigned to different users who access the data and create unique accounts for each user

  • Overall, be proactive, not reactive

    • Create strong passwords

    • Use secured network protocols such as SSL and SFTP

    • Keep all applications and devices up-to-date

    • Undertake a risk assessment with your web developer and hosting provider.

  • Know that no system is unbreakable

    • Like a chain, a complex system is only as strong as its weakest link

    • Compliance with PCI, HIPPA or other security policies is a starting point

    • Threats evolve as new vulnerabilities are routinely discovered, don't get discouraged

Think something is missing from the list? Post it in the comments section below.

About the Author

Paul is a technologist and all around nice guy for technology oriented organizations and parties. Besides maintaining this blog and website you can follow Paul's particular pontifications on the Life Universe and Everything on Twitter.

   
   


Subscribe:
Add to Google Reader or Homepage
Add to My AOL

Add to netvibes
Subscribe in Bloglines
Add to Technorati Favorites

Powered
CentOS
Apache
MySQL
Perl
Movable Type Pro