The Art Of War And ECommerce Essay — страница 6

  • Просмотров 805
  • Скачиваний 5
  • Размер файла 27
    Кб

administrators. The more accountable your administrators are, the less likely you are to have problems. Law #7: Encrypted data is only as secure as the decryption key. Suppose you installed the biggest, strongest, most secure lock in the world on your front door, but you put the key under the front door mat. It wouldn’t really matter how strong the lock is, would it? The critical factor would be the poor way the key was protected, because if a burglar could find it, he’d have everything he needed to open the lock. Encrypted data works the same way no matter how strong the cryptoalgorithm is, the data is only as safe as the key that can decrypt it. Many operating systems and cryptographic software products give you an option to store cryptographic keys on the computer. The

advantage is convenience you don’t have to handle the key but it comes at the cost of security. The keys are usually obfuscated (that is, hidden), and some of the obfuscation methods are quite good. But in the end, no matter how well-hidden the key is, if it’s on the machine it can be found. It has to be after all, the software can find it, so a sufficiently-motivated bad guy could find it, too. Whenever possible, use offline storage for keys. If the key is a word or phrase, memorize it. If not, export it to a floppy disk, make a backup copy, and store the copies in separate, secure locations. Law #8: An out of date virus scanner is only marginally better than no virus scanner at all. Virus scanners work by comparing the data on your computer against a collection of virus

“signatures”. Each signature is characteristic of a particular virus, and when the scanner finds data in a file, email, or elsewhere that matches the signature, it concludes that it’s found a virus. However, a virus scanner can only scan for the viruses it knows about. It’s vital that you keep your virus scanner’s signature file up to date, as new viruses are created every day. The problem actually goes a bit deeper than this, though. Typically, a new virus will do the greatest amount of damage during the early stages of its life, precisely because few people will be able to detect it. Once word gets around that a new virus is on the loose and people update their virus signatures, the spread of the virus falls off drastically. The key is to get ahead of the curve, and

have updated signature files on your machine before the virus hits. Virtually every maker of anti-virus software provides a way to get free updated signature files from their web site. In fact, many have “push” services, in which they’ll send notification every time a new signature file is released. Use these services. Also, keep the virus scanner itself that is, the scanning software updated as well. Virus writers periodically develop new techniques that require that the scanners change how they do their work. Law #9: Absolute anonymity isn’t practical, in real life or on the web. All human interaction involves exchanging data of some kind. If someone weaves enough of that data together, they can identify you. Think about all the information that a person can glean in

just a short conversation with you. In one glance, they can gauge your height, weight, and approximate age. Your accent will probably tell them what country you’re from, and may even tell them what region of the country. If you talk about anything other than the weather, you’ll probably tell them something about your family, your interests, where you live, and what you do for a living. It doesn’t take long for someone to collect enough information to figure out who you are. If you crave absolute anonymity, your best bet is to live in a cave and shun all human contact. The same thing is true of the Internet. If you visit a web site, the owner can, if he’s sufficiently motivated, find out who you are. After all, the ones and zeroes that make up the web session have be able

to find their way to the right place, and that place is your computer. There are a lot of measures you can take to disguise the bits, and the more of them you use, the more thoroughly the bits will be disguised. For instance, you could use network address translation to mask your actual IP address, subscribe to an anonymizing service that launders the bits by relaying them from one end of the ether to the other, use a different ISP account for different purposes, surf certain sites only from public kiosks, and so on. All of these make it more difficult to determine who you are, but none of them make it impossible. Do you know for certain who operates the anonymizing service? Maybe it’s the same person who owns the web site you just visited! Or what about that innocuous web site