Marketplace of Ideas (1) - Response Print
Tuesday, 06 October 2009 18:21

Question of the month: "In 2000, Kevin Mitnick, a computer hacker once described as the most wanted computer criminal in the United States, was released on probation for breaking into corporate computer networks and stealing software. One of the conditions of his probation was that he could not use the Internet for several years, a prohibition that ended earlier this year... If a person is convicted of using the Internet to commit a crime, should he or she be barred from surfing the Web or was (Kevin) Mitnick an extra special case?"

From: "Harris Georgiou"
To: IEEE - The Institute quarterly
Subject: Marketplace of Ideas - response
Date: Sat, 14 Jun 2003 12:17:39 +0300
.......

 

Information Systems Security does not rely on physically preventing access to persons of malicious intentions. On the contrary, every security scheme should take occasional malicious intentios as a proven fact and try to deal with them using system-internal means. Protecting a network connection does not mean placing a security guard along the transmission line to prevent eavesdropping - the system itself forces adequate security measures (encryption and authentication) make this scenario infeasible.

The same principles apply for proven cyber-criminals. As the world changes and everything gets connected to intranets or the Internet, it is virtually impossible to prohibit someone from using network services. According to his/hers expertise, everything could be turned into a hacking medium, from a PDA to a cellular phone.

The only feasible way to achieve an outmost degree of security worldwide is not trying to contain the harm in it's source. It is exactly the other way around: leave the medium (network) free for everyone and concentrate on hardening the security on-site. The network (especially the Internet) is too vast and to complex to monitor anyway, and most security problems arise by the exploitation of bugs and holes in the systems installed on network nodes with sensitive information.

Developing strong security systems for shielding and monitoring is much more feasible, cheap and ethically correct than putting handcuffs to anyone that MAY use his keyboard as a hacking weapon. Of course convicted criminals should be monitored in order not to repeat the same mistakes agains, but this is far from protecting the information systems just by putting the criminals into a "sandbox".


_________________________________
Harris Georgiou
Informatics Systems Analyst (MSc)
Univ. of Athens, Greece

 

Original Article: IEEE - The Institude quarterly, Marketplace of Ideas, "Logging Off" (question of the month), March 2003, vol.27(1), pp.6.

 

Last Updated on Tuesday, 06 October 2009 21:07