Security Blanket Statements
People sometimes come to ICT to ask “How can I make my computer and network secure?”
To which I will respond: “Well, what do you mean by secure?”
This makes me very popular.
The first problem is that there is no big red on/off switch that toggles between secure and insecure; it’s a spectrum of possibilities where you trade off complexity, expense, time and training against safety. Even similar setups in, say, NDI’s different regional field offices need to find their own balance. There is no blanket statement that handles everyone's situation.
The second problem that makes security hard is that it is a process, not a product. We’ll go into that in Part II.
The art in computer and network security is knowing what you need to protect and from whom you need to protect it. If you have to save your data from the NSA or the PLA, well, good luck with that. Large nation-states are going to be able to get your data from you, whatever you do.
However, that doesn’t mean we have to throw up our hands, resign, and become a shepherd in Mongolia. Since we know we can’t achieve perfect security, we have to think about at what level we should set the security bar to make it difficult enough for the bad guys to get at it that we can be reasonable sure that we are keeping our secrets to ourselves. Remember, the most dangerous threat is an automated script just trawling the internet for ancient, easy-to-avoid security holes.
There’s a broad range of precautions, tools and systems you can use to keep your info safe; I’ll be talking about different examples as we go. Often your physical safety solutions can be a cue for what your virtual stance should be; the overall threat environment should inform your online precautions as well.
First and foremost, though, don’t forget the basics. It doesn’t help to put a moat complete with sharktopus around the rest of your house if you leave the front door unlocked and open. Buying shiny, expensive allegedly cutting-edge stuff can give you a false sense of security; you think "Sweet! I've stopped all these evil hackers!" while still being very, very vulnerable.
So please, keep your systems up to date, use antivirus protection, have a basic firewall on your computer and on your network, and don’t open attachments or run downloads unless you know what they are.