Why one should be "concerned", but not "paranoid" about I.T security in the age of "big data"!

Introduction



I am back writing again this week, after a rather abbreviated entry last weekend, surrounding a couple of albums from the 1980's I was listening to, that sounded as though they were twenty-years ahead of their time. This week, I will be talking about the "Psychology of security" if you will and the "paranoia" surrounding it!. It should be dully noted, that this weeks entry was inspired by a rather "elegant rant", but some poster on "Slashdot" a couple of days ago, that was being blown out proportion (you can look up the post yourself on their if you would like, I won't be referencing here, because I consider it be "nonsensical" in some regard). Let's start by separating "fact" from "fiction". Afterwards, we will continue to work our way into conclusion about "news" sites on the Internet, from there on out.

"Fact" vs. "Fiction" and some underlying "assumptions" about the N.S.A



The general "fact" of the matter is, everyone SHOULD always keep I.T Security in the back of their mind, when they are designing and customizing systems from the ground up. This includes everything, like system, network, physical, and information security. The "fiction" part comes in, when you believe you are going to GUARANTEED 100% security. You should not concern yourself with this, unless your name is "Bruce Schneier", who is the world's leading public cryptographer and author of both "Blowfish" and "Twofish" ciphers or you are working for the N.S.A! Why do I single out the N.S.A? I do this for a number of reasons, the first and foremost being they have their own CUSTOM designed Operating Systems (it's "speculated" they use over eight) and they use their own line of customized Suite B cryptography algorithms (that are also classified and not available to the public). The point of all this? 100% Security is NEVER going to be reality for public consumption. All you can do, is work with what "tools" are given to you. Most of the security "technologies" we take for granted, in this day and age, where either invented or recommended by the N.S.A. Some technologies in that category, include creation of Security-Enhanced Linux (SELinux) in the mid 90's and the recommendation in 2001 for Rijndael or "AES" to be the successor to 3DES cipher for data encryption! Any notion that any type of new security technology has "back doors" in it is, simply "paranoid delusional" thinking and probably warrants a trip to the Psychologist. This is "conjured" up by individuals, who fail to understand how this technology actually "works" or reading too many "news" websites on the Internet, which feeds into that paranoia. This and the fact that their claims always fail to be "verified" by third-parties. Either way you should ignore the "mind games" and get to what's important, when implementing security in your I.T infrastructure, instead focusing on NIST recommendations. Remember the old saying "the best offense, is a good defense".

Conclusion



In conclusion, we can see that the I.T Security industry is full of a lot of people who are generally concerned with implementing secure infrastructures and want to teach people the best possible way of securing there own, henceforth discussions at the R.S.A conference and from evangelists like the Boston based security company Rapid7. In the same token, we also may come to the realization that is ALSO filled with "snake-oil salesman", whose goal is capture the "human imagination", conjure up lies, and spread fear mongering B.S on "news" sites in an effort to make more money! This I would argue, is the part of the industry that leaves a generally dissatisfaction and distrust in people's mouths! One should always be cautious and proceed with care, when designing their own I.T security infrastructure and remember to never read into the "hype". That's all for this weeks entry. I will be back in a couple of days or next week with a new entry. I hope this entry has helped people to thread cautiously and be skeptical, regarding whatever they are read on "news" sites and understand that fear sells! Good luck and godspeed. See you next week! ;-D

Comments

Post a Comment

Popular posts from this blog

Encoding Opus files in Linux with opusenc for your own collection and HTML 5

Introduction Hello everyone! I am finally back to writing a new blog entry, after taking a very long month off. I hope all of my U.S readers had a great Fourth of July and are enjoying the summer. Today, I am going to be discussing and showing you how to encode with the the new IETF working audio codec called "Opus". Briefly, Opus is a combination of Xiph.org "CELT" codec and Skype's "SILK" codec combined into one project. It's a low-latency audio codec that was designed with "scalability" in mind and does things "fundamentally" different, even though it should sound the same if not better in different situations for speech and music. The project was finally completed this past winter and standardized and will be used in the new WebRTC project (for video conferencing), Skype (for video calls), and other companies that wish to use it. Google is NOW (as of July 2013) incorporating it, into the next generation codebase of WebM, wh
Read more

Encoding Vorbis files in Linux using oggenc for your own music collection and HTML 5

Introduction In today's topic, I will be showing readers different ways you can encode your music collection, if you just moved over to Linux from Windows using open source codecs! You do not have to encode your music files with Vorbis, due to the fact that MP3 is also supported in Linux and HTML 5, but there are some substantial benefits to doing in this day and age (at least from the perspective of an open-source nerd 8-)). The first is you don't have to worry about royalty's and licensing rates (especially if you are opening up a store for indie musicians). The second is that both objectively and subjectively Vorbis sounds substantially better and has been greatly improved with the help of dedicated "audiophiles" and the open source community, since it's first public release over a decade ago, way back in 2002. Today, I will show you some tips and tricks if you are new to encoding your music collection in Linux using the oggenc command-line program in Li
Read more

Transcoding H.264 files to Google's WebM format (VP8/Vorbis) in FFMPEG 0.6 or better using Linux for your own collection and HTML 5

Introduction Note: I want to stress that I DO NOT CONDONE using this guide to encode movies that are infringing upon international and local copyright laws (which include the WIPO Treaty in Europe and the DMCA in the U.S). These examples ASSUME your encoding material in which you OWN The RIGHTS too! I will not be held responsible for individuals that are using it to encode copyrighted material in those respective countries! If there are disputes about this or any other questions please DO NOT hesitate to contact me right away! Thank you. This week I am going to focus on showing you how to transcode videos to WebM, which is playable in both VLC and most HTML 5 compatible web browsers including Firefox, Chrome, Opera, and I.E 10! If you recall way back several months ago (if you had been following my old blog) I showed you some code snippets for how to encode directly to WebM using an older version of libvpx 0.6.1 code named "Bali", that came out last year, but has since be
Read more