Shared here for posterity
Information security is in your machine. So are analytic analysis. Application of statistical analysis is possible for anything. If you use analytic engines for analysis such as Cloudflare or Google Analytics, you may see an analysis report like this from our dashboard:
Except, the nature of the internet became more useful than originally anticipated. Now, GPS is used everywhere. DARPA that created it acknowledges the mixed bag privacy challenges brought to societies. We have RISC computers connected to the internet, held in our hands.
Let’s take a step back, fully back.
The second world war ended and in the 1950s, Eisenhower created the interstate highway system. He wanted a way of evacuating cities if the United States was attacked by an atomic bomb. The defense of the American people was the primary reason for the Interstate in the US.
In the 1960s, the Department of Defense engaged the Defense Advanced Research Projects Agency (DARPA), to research and develop a thing originally named ARPANET. This agency of the United States Department of Defense is responsible for the development of emerging technologies for use by the military. The original intent of the thing was to share resources and information.
Unlike the interstate highway system which had well defined county and state borders, the thing that became the internet was borderless yet had defined rules from the American Registry for Internet Numbers (ARIN) that created Autonomous System Numbers (ASN) to route between networks. The interstate highway system had state and local police to control and enforce rules. Except, ARIN had nothing and the Internet Engineer Task Force (IETF) didn’t exactly have the role of an officer to guard the internet. New technologies came on the market to guard systems.
A complete cultural revolution of the internet of the 1970s, to the ’80s and ’90s occurred and is written elsewhere on the ‘net. The nerds, geeks and dorks were amassed as their technology was interesting and cool. In an iconic manner, Steve Jobs of Apple ushered in the iPhone in the mid-2000s that consolidated multiple technologies into one device. Security was not mentioned nor part of the conversation, it’s an afterthought and essentially still is. As a blog mentioned elsewhere on the internet, a typical user conducts themselves in a manner eerily similar to this: ignorance played out while they check social media at Starbucks connected to the WiFi and with GPS silently enabled while waiting for their beverage as they pass by sharing selfies of their drinks on social media on their way to work.
There was a moment when your handheld RISC ARM computer, which is commonly called a mobile device, was not permitted to connect to your business work network. After time and slight decades of frustration, these connection rules were ceasing and you could connect your devices to your work network.
Except you also connect to them anywhere else: coffee shops, friend’s houses, and other businesses.
In the fall of 2019, the New York Times published and publicly stated that the Internet Didn’t Turn Out The Way We Hoped. A few months later, the worldwide mandated lockdown of the Covid-19 Coronavirus forced us to rethink and evolve.
There was a local party recently, like another party anywhere. Except one youth renamed the WiFi name to Panera and your mobile device automatically connected. To the security practitioners of us, the CTOs and CISOs, and the minded security Systems Administrations geeks, this was a bit of youth fun. Some of us would name this an Easter Egg. Others would not know what to name this nor would they know what occurred to their mobile device.
As the New York Times stated in 2019, now the internet is a nightmare. Zuckerberg publicly acknowledged that his company is too large to control. People around the world take more pictures and place them online faster than we or a computer can delete them. Computers were not made for this, the internet wasn’t made for this either. Neither are most people aware of what this version of the internet brings. Web 2, web 3, or web 5 – it doesn’t matter: your identity and the 3+ levels of the internet are anywhere.
With the ubiquity of the internet, how do you defend everything?
Such network flow analysis tools are still used for the analysis of the network or analysis of the machine but the internet changed again. Some ideations focus on identity as the root solution, this is seen with Okta used commonly. We need a technology that adds privacy and security, not a technology that adds one thing and takes away another. Prominently, network flow solutions are fully embraced. Yet if these solutions drove to the heart of the problem, why are we stuck in this nightmare situation? Why is there a successful malware attack? There is a hallway at MISI about 80 feet long with Elastic painted on it in a celebration of sorts yet we’re drowning in data.
In 2019, Aronetics participated in a collaborative workgroup of Project Spectrum. At Project Spectrum, our team was focused on narrowing the educational gap in cybersecurity. Project Spectrum has fully embraced a dynamic living training curriculum. The hope is that the curriculum keeps pace with policy, technology, and the tradecraft of offensive cyber actors. Of the five tenents mentioned, one was creative craft.
As of late 2016, with the initial phases of the research completed, the study came to two overarching conclusions. First, creativity is essential for solving complex problems-the kinds we often face in a fast-paced world. Second, we have very little success training people to be more creative. And there’s a pretty simple explanation for this failure: we’re trying to train a skill, but what we really need to be training is a state of mind.
With security issues to businesses that include a network-flow analysis, mobile devices in almost every pocket, and Virtual Private Networks (VPN) marketed everywhere, (hush, I utilize two, OpenVPN (fully customized), ZeroTier (plug-n-play)) there are no boundaries of countries to report. So, if you are in Southeast Asia and connect to a computer in Ohio, the report to the analytics is from Ohio. Yes, you could use the X-Forwarded-For (XFF) request header to look at HTTP/HTTPS connections. Though, when you have an attacker that uses Shodan to research and access your network, what use are HTTP/S XFF analytics?
As noted in 1991, Linus Torvalds made a lil thing that wasn’t going to be huge like GNU. In the mid-90s, there was an open war alleged economically from Microsoft, closed versus open-source software.
About 15 years later in 2003, IBM showed interest in what Red Hat had become and another 15 years later in October 2018 took a controlling interest to change and provide a cloud infrastructure to ‘become world’s #1 hybrid cloud provider.’ Presently, is this a reason why Microsoft has for years treated Red Hat open-source software as an adversary to its proprietary closed-source Windows system? Presently, Microsoft has since apologized and included it as a feature for the Windows Subsystem Linux (WSL).
Although Linux hasn’t been a slam-dunk success in every market, the operating system has had a profound impact on the technology industry and enterprise computing. President and Executive Director at Software Freedom Law Center, eben moglen, who is one of the original authors of the GPL took a moment at LinuxCon in 2011 and shared his views about the role Linux plays in society. He described ‘Linux as the steel and coal of a 21st-century industrial revolution. Linux and the Internet, he said, have together changed human civilization more than any other pair of inventions.’
With the technology migrations and business transformations to the cloud, the Free Software Foundation has a sticker that states that the cloud is someone else’s computer. In 2022/23, you could still think of the cloud as a rented computing space/power. You pay for what you use and for what you need as you need it. Updates are usually automated, and the cloud hardware and software are maintained by someone else. A brief history of the cloud goes back to the origins of the internet and data stored on a remote computer, back to ARPANET roots.
Regardless of where you have your computing resources and data, how do you protect and tamper-proof your data?
Information security isn’t in the clouds or found with analysis of the network flow. It is found deep in your computing platform.