Internet Security is everyone’s responsibility

Aug 05.09 | Technology   

Server administrators, web-application programmers, web site designers, help desk support, software companies, technology providers, government officials, and yes, even end-users — we are all responsible for information security on the internet.    We need to not fall for knee-jerk, and ineffective solutions — i.e.  strong passwords — or assume that certain technologies will keep us safe — i.e.  “I use a mac and they don’t get viruses”.  What can we do?  I am not a security expert with specific prescriptions to give — but remember, easy prescriptions don’t exist.  What is needed is an ongoing conversation — at my workplace the CIO recently held the first of a series of campus-wide forums to provide technology staff with information, and to gather ideas from all of us.  This is a good first step.  Here are a couple of other ideas:

• Identify the causes of security attacks in your user community and let your community know how, when, and why these occur.  Don’t kid yourself that keeping these secret provides some form of protection — the bad guys already know this stuff.  The good guys need to be kept in the loop.
• Implement measures that address the root causes of known attacks.  Try to focus on the larger ecosystem to help anticipate possible exploits instead of trying to stay one step ahead of the bad guys — they’ll normally win.  Question common-sense approaches — many are a panacea that can add expense and end-user inconvenience with little actual benefit.
• Do not implement security policies that stifle innovation — if you do your users will just end-run your policy, and in the process create a greater security exposure.
• Talk to users about security issues, but also listen to their needs, questions, mis-conceptions, problems, etc.   Good security practices will develop with community involvement, not prescriptions from on-high.
• Security needs to be part of everything we technology professionals do — not just some last minute addition.  Everyone is a security officer.  Cost and time pressures can not knock security considerations off the table.

Internet Evolution – Jart Armin – Browser Hack Emerges as Key Threat

Both the CSRF token hack using CSS history and the JavaScript “Ping” Sweep attack have been released into the hacking community as PoC (proof of concept) vulnerabilities.

Internet Evolution – David Vellante – Twitter Hack Points to Bad User Habits

What can we learn from this incident? First, the convenience of inexpensive (often free) Web services and their natural openness is in opposition to highly secure systems. While one individual system may have reasonable security, bad user practices exponentially increase users’ exposure across the Internet. …On a broader scale for corporate systems, users should consider two-factor authentication systems. Your business may depend on it.

Internet Evolution – Ira Winkler – Twitter Sets Security Example

I was ecstatic when I read that Twitter Inc. was taking action against accounts that were clearly infected with the Koobface worm.

Internet Evolution – Jonathan Hochman – Simple Security Steps to Stop Server Spam

If enough Websites made basic attempts to protect their email addresses and forms, spammers would lose revenues, or they would start processing JavaScript and CSS.



Related Posts

• Bottom-up IT strategies
• Where is the new Edu-tech frontier?
• The half-life of your internet ephemera
• Web design for multiple devices
• How do you build business applications?

Tags: application, campus, css, Design, email, innovation, PLE, Security, systems, twitter, web


Author: Randy

In my day job I serve as Information Technology Director for the Yale School of Drama. Otherwise I garden, play guitar, build stuff out of wood, take photos, play around with technology and have been blogging since 2003.

Share on: LinkedIn

Stay Informed!

Did you enjoy this post? Then subscribe to my email newsletter and have the daily posts delivered directly to your inbox. Enter your email address here:

ADD YOUR COMMENT
Comments are moderated.

Name (required)

Mail (will not be published) (required)

Website

Adjacent Posts

« Technology’s changing role in the classroom | Web designers — do your part to stop email spam »

Welcome to RodeWorks

Randall Rode's online home for thoughts, notes, and experiments with a wide range of technology topics. Visit the about page for info on my recent projects and professional background. I welcome your comments!

Coming Soon

Open Source Way in creating community

Drupal 7 promises big UX improvements

Site Topics

• Enter your email address to have my latest posts delivered to your INBOX or subscribe to the NewsFeed:

Connect

Archives

• Past listings from 2004 to the present

  Select Month March 2010  (18) February 2010  (28) January 2010  (20) December 2009  (22) November 2009  (24) October 2009  (23) September 2009  (27) August 2009  (19) July 2009  (25) June 2009  (27) May 2009  (25) April 2009  (32) March 2009  (27) February 2009  (25) January 2009  (24) December 2008  (21) November 2008  (30) October 2008  (33) September 2008  (19) August 2008  (16) July 2008  (21) June 2008  (20) May 2008  (31) April 2008  (14) March 2008  (21) February 2008  (16) January 2008  (32) December 2007  (29) November 2007  (16) October 2007  (3) September 2007  (3) August 2007  (6) July 2007  (15) June 2007  (13) May 2007  (20) April 2007  (33) March 2007  (11) February 2007  (2) January 2007  (10) December 2006  (2) November 2006  (4) July 2006  (8) June 2006  (3) May 2006  (6) April 2006  (9) March 2006  (12) February 2006  (10) January 2006  (16) December 2005  (2) September 2005  (2) August 2005  (2) July 2005  (9) June 2005  (17) May 2005  (20) April 2005  (28) March 2005  (9) February 2005  (15) January 2005  (17) December 2004  (5)

Sharing

• 
  This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.

Meta

• Log in