Saturday, May 13, 2017

Secure Networks

The most recent flap on intrusion into large scale public networks has evoked responses by people who appear in my opinion and in my experience to have little in any understanding of what was and what is. For example the NY Times has apparently some Librarian commenting on the recent flap. The author states:

It is time to consider whether the current regulatory setup, which allows all software vendors to externalize the costs of all defects and problems to their customers with zero liability, needs re-examination. It is also past time for the very profitable software industry, the institutions that depend on their products and the government agencies entrusted with keeping their citizens secure and their infrastructure functioning, step up and act decisively.

But take a look back forty years, to the mid seventies. We worried about Soviet intrusion into networks and at the same time we were intruding into theirs. One of my best employees had been with the Brits and managed to [penetrate East German telephone lines. It was simple, just climb through the sewers, tap the copper pairs, and hope you do not get caught.

But in a similar fashion we had three key elements. First we had secure lines. They were not shared. They were encrypted. Finally we had secure Operating Systems, Kernelized OSs. What was a KOS? Simple it was an OS with a secure outer kernel that only allowed access to the OS functions such as DB access and I/O access in a fully secure manner. However, the MS/OS is an open system allowing third party software. It is a pure kluge. At least Apple has a somewhat better system. But MS systems ate a patch quilt of ports and access points that have evolved into an uncontrollable mess. Anyone can get into them. Then add the Internet, an "open" network by design, and you have a recipe for disaster.

Thus what is the solution? Go back 40 years. Why is the NHS using the Internet! It is grossly insecure. Why do they use XP, it also is insecure. And finally, what do the people always open stuff they should not? What would one expect, just a disaster.