Security over the Net

Cheesewaffle

Hi,

I have recently been reading up on VPN's and encryption (HTTPS).

After reading quite a bit of literature I understand we use them to secure traffic(packets).

But my question is why is the internet so insecure?
If the internet is run by big ISP's who control the infrastructure shouldn't the information we send be secured anyway? As they just have all their equipment secured?

Cheers
Cheeseywaffle

dynamik

It would take quite a toll on ISP's equipment resource-wise, as well as make things significantly more difficult and complex to manage. Plus, you would need to trust your ISP do 1) implement the technology correctly, and 2) not abuse their power and snoop on your traffic. Forgive me, but I really don't think Comcast has my best interests in mind. Plus, those technologies are also useful if you're connecting to the internet from untrusted locations, such as coffee shops.

Cheesewaffle

Thanks,

What about groups of hackers, can they snoop on traffic? Using programs like wireshark?

dynamik

They'd have to find a way to get between the source and destination (i.e. set up a wireless access point that looks legitimate, ARP poison an internal network, etc.), but yes, they could do that. Those technologies will protect against that as well. However, you still need to be careful because tools like ettercap can do man-in-the-middle for things like SSL and SSH as well.

Met44

But my question is why is the internet so insecure?

Part of the problem of securing a network is establishing trust, and it goes far beyond the ISPs.

When you connect to a web site using SSL, at best this tells you that (1) the traffic is encrypted, (2) the source of the traffic, and (3) the traffic wasn't modified as it was in transit to you. At worst, someone was able to do something nasty like compromise a key, spoof a certificate, or other things dynamik mentioned, and you ended up trusting someone you didn't intend to trust. That, or the web server just securely tunneled its malicious code straight through your company's firewall/IPS, undetected. Suppose your computer's antivirus software is out of date; now there is a problem. Obviously there are methods to help prevent all of that, but the point is that the ISP might have been completely secure and you still have a virus on your system. There are lots of ways to skin a cat.

"The only truly secure computer is one buried in concrete, with the power turned off and the network cable cut (... and even then I have my doubts)." Here's the most secure network you'll ever find. I'm selling installation and free lifetime support, but warranty is voided by blasting or excavation.

dynamik

Met44 wrote: »

"The only truly secure computer is one buried in concrete, with the power turned off and the network cable cut (... and even then I have my doubts)."

Pfft, you don't even sink it in the ocean? Weak

tiersten

Cheesewaffle wrote: »

But my question is why is the internet so insecure?

There is no overall governing body or official policing organisation for the internet despite what some organisations have tried. Anybody can get access and can become an ISP or host content. Most of the internet protocols were designed back in the day when everybody on the internet were research or educational institutions. There is a certain amount of implicit trust involved for those protocols but proposals have been made to make them more secure. Go look at BGP and SMTP if you want to see some examples.

If you truly piss people off on the internet then you can experience a form of community policing where carriers or networks will refuse to talk to you but this is very rare.

Like the coffee shop that Dynamik mentioned, do you trust them to have secure their network and to not snoop on their customers? Now take that same question and apply it to everybody between you and your remote site.

tiersten

dynamik wrote: »

Pfft, you don't even sink it in the ocean? Weak

Fire it into space IMO. Just make sure you're not running AlienMothershipOS 1.0 since Jeff Goldblum has demonstrated you can hack into it with a Mac.

Met44

dynamik wrote: »

Pfft, you don't even sink it in the ocean? Weak

True, that would be a great way to sell marked up rugged hardware. I'm pleased to say that I am now offering on-site installation for a nominal fee in as little as one week at a premier storage location, just off the coast of the Bahamas.

crrussell3

Met44 wrote: »

True, that would be a great way to sell marked up rugged hardware. I'm pleased to say that I am now offering on-site installation for a nominal fee in as little as one week at a premier storage location, just off the coast of the Bahamas.

Pffft, I already have a patten going for my storage location in the Mariana Trench. The site is extremely secure, just pay no attention to those rumors about Decepticons being dumped there.

veritas_libertas

dynamik wrote: »

Pfft, you don't even sink it in the ocean? Weak

I'm only worried about the hard drive, and a drill with large bits will take care of that. Then bury the hard drive in cement.

tiersten

veritas_libertas wrote: »

I'm only worried about the hard drive, and a drill with large bits will take care of that. Then bury the hard drive in cement.

If your paranoia level is set to 11 then you'd have to totally destroy the HD platters. Just scratching or drilling holes in it wouldn't be sufficient. The areal density of current generation HDs is extremely high now so even a little 1 inch square chunk of your platter will store over 400Gb of data. Due to the high areal density, coercivity of HD platter coatings has correspondingly gone up.

Of course, you'd have to be sufficiently paranoid or know that you've got data that is valuable enough to warrant doing this. As for complete destruction of a HD, I'd say thermite would do the trick. (Note: Don't blame me if you're crazy enough to do this)

veritas_libertas

tiersten wrote: »

If your paranoia level is set to 11 then you'd have to totally destroy the HD platters. Just scratching or drilling holes in it wouldn't be sufficient. The areal density of current generation HDs is extremely high now so even a little 1 inch square chunk of your platter will store over 400Gb of data. Due to the high areal density, coercivity of HD platter coatings has correspondingly gone up.

Of course, you'd have to be sufficiently paranoid or know that you've got data that is valuable enough to warrant doing this. As for complete destruction of a HD, I'd say thermite would do the trick. (Note: Don't blame me if you're crazy enough to do this)

Forget being paranoid, that looks like just plain good old-fashion fun!

Thermite - Wikipedia, the free encyclopedia