Know Your Security Perimeter E-mail

(a.k.a. What's an "Interface" and Why do I Want One?) 

This concept is foundational for understanding how and, more importantly, where to apply security to your Internet connected computers. It's probably not what you've been told!

In the professional practice of cyber-security, the focus is on geeky stuff like network perimeters and segmentation, demilitarized zones, filtering traffic, intrusion detection/prevention, ports, protocols, rfc’s, blah, blah – a whole raft of nerdy doo-doo that puts regular folks to sleep.

But you must to get your head around this one, critical, security concept: network security perimeters.

Even with only one computer, you still have a “home network” - if it’s connected to the Internet. The location of your home network’s security perimeter is the data interface of the device or computer that's connected to your cable or DSL modem.

What’s an “interface?” Glad you asked! Know it or not, you already have lots of them. In the context of data, an "interface" is any point where data may enter or exit a component, device or system. And, just like your home's front door, every interface (data entry point) has its own security concerns.

Common data interfaces include:network interface

  • Ethernet port (RJ-45 jack)
  • Phone and Modem ports (RJ-11 jack)
  • Wireless access points (802.x and cellular)
  • Coax (i.e. cable modem and TV antennas)

Phone jacks have security risks! Think of all the folks who've been duped by clever, phone scams. Dangerous data (the scam) is allowed in (lack of security knowledge) through the phone's interface (RJ-11 port to the handset) then does what it's designed to do: get credit card or bank account info, social security numbers, etc.

Every data interface has risks!

This interface concept is important because an interface is also a... security boundary! Security boundaries or check points are all around you, like:

  • Entrances to homes and cars
  • Airport security check points
  • ATM's and credit card payment devices

Consider an ATM. Without a card and correct PIN, no access past the bank's "security check point" to your cash. In other words a security boundary is any point where access may be restricted for any reason.

When attaching computers to the Internet, understanding security boundaries is crucial to keeping computers safe. But few computer owners have been educated to consider them. The issue is blurred even more because makers of security software assert that their security software products make computers "really" secure for various (*marketing*) reasons. We'd never set up security for our homes, cars or businesses using this logic. It doesn’t make sense and here’s why.

LockThis word picture should help:

Imagine a business that keeps $1,000,000 cash in a huge, super-tough, explosive-proof safe. You'd think them pretty smart! Why? Because we know there are lots of unsavory characters that would love to separate said business from its cash. Next imagine the business mounts this safe in concrete so thick that nothing but heavy machinery could bust it out of its spot. You’d think the business was very serious about securing its cash!

Now feeling very confident, they next decide that this is so secure that (for convenience and to save a few $$) it’s fine to allow unguarded access to the safe’s door and lock from the dark alley behind the business. You'd quickly change your mind and think them idiots!

The absurdity of this security design is obvious, HOWEVER... most people have been told that this exact “design” is just fine for their computers! The point is that where you put a lock is even more important than how tough the lock is! Plugging your computer directly into a cable or DSL modem is just like putting the door to your safe in an unguarded, dark alley.

This common flaw in home-network security design is one of the top reasons the Internet is a playground for hackers, spammers, botnets and other perpetrators!

You've likely heard of the "Windows Firewall," "Zone Alarm," "Symantec Security Center," etc. - all purport to help secure your computer. These technologies vary in how effective they are at what they’re made to do, but you must understand they tend to perpetuate this flawed computer security design that millions use. Why? Because they don’t want to tell you that their product is “not enough.” When security software is used as the only line of defense, you’re setting up this flawed, "back alley" security design.

Back to our word picture...

You find out our imaginary business changed their minds, and actually put its cash-filled, tough-as-nails, concrete-mounted safe in the center of it's building - accessible only to authorized personnel. You'd think "Duh, it's about time they figured it out!" That's because you intuitively know that it's not just important how you lock something, but is even more important where you lock it up.

So the operative word here is "perimeter." You instinctively understand the building adds another security perimeter (layer) around the safe.

So, forget about relying on only software to protect your PC, Mac or whatever floats your computing boat, because without a “real” and separate security perimeter, any security software only gets you part of the way there. So find out how to cheaply protect your computing investment by moving your network perimeter from your hacker-targeted, juicy, computer interface to a separate, low-cost security device... in "Seriously, get a REAL firewall"

 

 

 

 

 

 

 
 
Copyright © 2009 Joe's Services. All Rights Reserved.