Internet Security – Everyone’s problem
Thank you for your invitation to provide some thoughts on “what hope do the rest of us have?” Quite a lot really: but I’ll come to that shortly.
It seems to me that it is the big IT players who make the news when they get a security breach. I guess these are caused in different ways and no amount of cyber security is going to stop someone having relevant access, from copying the data and selling it. But if the breach comes through, or in spite of, existing cyber security protection, then it is a different matter.
I think that cyber security is seen as a big problem. Big problems require big solutions. Big solutions are always expensive and usually require far more computing power that the rest of us can afford. Big solutions are always complex. They have to be, because this is a complex problem. So we end up with layers and layers of software, chewing up precious compute resources to try to keep the hackers out. Out of what? Out of our internet systems and databases; that’s what!
But why do we have the databases where the internet can interact with them. Why not quarantine the database from the internet? Put it on a computer which has no direct access to the internet. What do you think that would do to attempts at hacking the database?
It can’t possibly work! It is too simple! Really?
Net2Core® is a patented framework that operates exactly like that. Get the front end (the Net) to operate through the Internet and get the back end (the Core) to maintain the database. Place the Net system on one computer and connect with the Core system through a LAN. Then place the database either with the Core system, or on a LAN at some other location. The Core system should be programmed to provide fixed responses to predefined stimulus from the Net system. Anything else gets trashed.
Big problem – small solution.
There are other benefits that can be gained quite simply. Access can be restricted via a “Gateway” to keep robots from having direct access to the Net system. The Net system only continues an Internet session which has been commenced through the recognised Gateway; and that is a one by one transfer to the Net system. The Gateway transfers no response to any legitimate incoming data. It only establishes a “legitimacy” for the Internet session. Again a LAN or WAN can provide communication for the Gateway to Net system interaction.
The Gateway can act as a filter to monitor access to the system. Too rapid an access from a single source could cause rejection. Too much access volume could cause the Gateway to return the overload back to its source or quarantine it with a rejection message. Alternatively, some reasonably easy load prediction could cause the Gateway to pass the requests to several Net systems; each of which would interact with the same Core system. I’ll leave it to the reader to contemplate what a “denial of service attack” applied to a Gateway might do. Could be interesting! Would the Census have benefitted from some such strategy?
There is hope for the rest of us. Hope for the small to medium IT users. It just requires each of us to take some responsibility for our own security. We need to apply some innovation. Some thinking outside the box. And start getting our databases away from the Internet.
Chris Hillman (MACS Snr.)
Lead Developer (Parametric Systems Pty Ltd)
