Paranoia and Security

I’ve always found paranoia to be a perfectly defensible positionPat Conroy

Let me make something clear right from the outset, when it comes to the security of the technology that supports my business, I am not a raving, paranoid lunatic; I am completely capable of carrying on calm, quiet, rational conversations.

Back in the day, when hard drives were the size of washing machines, tape drives consumed half-inch tape on 12 inch reels, computers were huge blue boxes serviced by a cadre of adoring acolytes, and networks were comprised of tin cans, bits of string, and acoustic couplers security was simple – those without the blessing of the high priest (the systems administrator – a god-like being capable of patching a OS binary on the fly). The concept of an external attack was practically inconceivable simply because (a) it was the rare computer that supported even dial-up access, (b) dumb terminals and acoustic couplers were not your typical household appliance, and (c) an attack coming in at 300 baud (about 30 characters per second) is something you would notice. It was a halcyon time, carefree and innocent. A time where security was a backup tape and a warm blanket. A time doomed by its own success and the crushing inevitability of Moore’s Law.

Today, if your tech is connected to the outside world though anything other than a electrical power cord (and I have my suspicions about those), it is vulnerable to attack; it is not a matter of if, it is a matter of when. Therein lies the faustian bargain we make with the Internet – access to untold amounts of knowledge, pleasure, and power in exchange for our tech’s soul. But fear not, for tech also offers some hope of salvation if not complete redemption. Continue reading