Ultimately nothing is secure enough. I just got fascinated by the whole security idea when it comes to web sites and other network operations. Things like XSS, CSRF, CSP, HTTPS, authentication, frame high jacking, cookies, web tokens, input sanitizing, etc, etc.
I guess it all started when I figured out how easy it was to deface this forum after its "upgrade"
Then I got fascinated as to how to implement some or all of the most often suggested security features. One can use web services or "frameworks" that provide such security features out of the box but I wanted to see how I could cobble it together myself.
Anyway, I need to know something about all those buzzwords and what to do about them so I can deal with the security snake oil salesmen for work purposes.
Sealand? I could see a rather large Asian nation taking an interest in acquiring that artificial island off the coast of the U.K. Artificial islands are in vogue in the South China Sea.
Frankly, the last thing I would care to do is to spend the rest of my life dealing with rust prevention. I'd much rather have a damp and drafty stone castle on real land.
I tried my own website, but it really demanded more upkeep that I care to deal with. I simply have enough to deal with in terms of dusting and washing socks. Cleaning up dog hair has been a loosing battle for nearly 15 years now.
Sealand has an amazing history. From the glorious days of pirate pop radio stations in the 1960s, to armed take over attempts by the British government and a German usurper. You should check the wikipedia article. I would not worry about the rust. That concrete relic that was a gun emplacement in the second world war will be standing for a long time to come.
Last I heard the King of Sealand, or was it Prince, had died and the place was up for sale for 700 million pounds or so. Unlike the China Sea though it's a bit cold and harsh in the winter!
I don't really want a web site. I do want the ability to control and monitor things remotely. I believe it's called the "Internet of Things" now a days despite the fact we have been doing that for a decade or more already. Security is the first consideration hence the delay in getting it to actually do anything useful
Of course there is now a "gold rush" going on with a lot of vendors trying to sell you their IoT solution...Nah, I want my own solution under my own control thank you.
When we say, "an order greater", or some other such thing related to this concept of magnitude, there is always an implied base representation. The most common is base 10, because that's what most people are familiar with.
If you don't include any other context, "An order greater" is basically, 10 times greater, or a multiply by 10. "Several orders..." is x100, or x1000, etc...
We use "double", "triple" for x2, x3 and so on.
"Significantly" is useful here too. In a stats sense, that word means there is some meaningful distinction that can be made from the data, or observation under discussion. There are formal math definitions of significance associated with this, just as there are for "order of magnitude" For ordinary people, it's enough to equate "significant" to, "enough of a distinction as to be particularly notable."
Overall, this concept is embodied in the word, "colloquial", which means "in the sense of, or used in ordinary conversation", and the subtext is all about implied context your average, reasonable person would have in common with the speaker.
Anything else simply needs that context to be explicit, not implied or assumed, and it will all still work. Speaking, or writing with precision and or fidelity requires a keen understanding of implied context so that one can be prudent and reasonable with the inclusion or reference to specific, or explicit context. It's an art in many ways.
With sound as another fun word playground, an "order of magnitude" louder is ambiguous. In the colloquial sense, it's "the perception of being more than twice as loud", or not just "louder", where in the technical sense, it's actually a x10 discussion for what people would describe as "moderately louder", though closer to "significantly louder", etc...
If the context is implied, and your expression is aimed at common, ordinary, non technical people, it's to your benefit to consider the nature of implied context and whether it actually serves your goal of expression. Where it doesn't, you need to add explicit context for it to be clear and meaningful to the target, or most people.
I did already know of Sealand. I couldn't see much joy in having to travel 3 miles by sea to visit others. Crofting on the Isle of Skye is bad enough. Friends visit just because you are a free bed and breakfast.
What does one do for fresh water?
But Sealand does provide a lot of legal precidence about the hazards of creating artificial islands far from shore.
The South China Sea is where all the typhoon end up after passing over the Philipenes.
The real problem with artificial islands is your sources of food and water. I suppose fish traps could be permanently in operation. But what about carbohydrates?
This is an order of magnitude more secure than what it had before
Translation: "Not just a lot more secure, but more secure enough to warrant a gross expression to avoid the impression of marginal gains."
As we don't have units for levels of security, or at least we don't have common ones that I know of, other than simple things like dollars per square foot capable, general language is limited to:
-more
-a little bit more
-significantly more
-an order more
...and so on.
All of which boils down to, "enough more that I feel really good about it, as opposed to merely feeling better, or good."
Yes! For me, that was a troublesome concept. It's not now, but it was. In the end, security boils down to marginalizing favorable risk / reward scenarios to favor the one desiring some measure of security.
If they really want it, they are going to be able to get it, whatever it is.
Yes, context is always important. I posit that this is a technical forum an hence use of an expression like "order of magnitude" here is already embedded in a technical context where the usual base 10 meaning prevails.
Also yes, we can't sensibly apply measurements to security. I was being a bit free with my use of "order of magnitude" there. Something can be totally secure against all expected attacks, until the day someone comes up with the trojan horse or lock pick that gets them in, all of a sudden you have no security.
Except we can quantify the amount of time it takes to brute force attack crypto algorithms, hence old algorithms being discarded as computers have become faster and cheaper to operate in huge clusters. But of course the attack surface of most systems is so huge that busting the crypto is not the way you get in, often it's an exploit of some other feature in the system.
At the end of the day it a trade off between security and usability. One has to evaluate how much effort a potential attacker is going to expend trying to get at your stuff. Is it worth their bother?
@loopy,
I guess supplies on Sealand are not such a big problem. It's only 12Km from civilization and the local supermarket. Hardly worse than some places I have lived on land !
You all got me worried. In my thinking about security I start to think about the "attack surface" as they call it. That is to say all the possible way that someone can get in. The bad guys often don't just try the front door of your house.
So what is the "attack surface" of my little project here?
Firstly there is the front door. That is to say the web page served up over HTTPS. To get in through there you need to bust HTTPS, or the password scheme, or get cookies and such off of a machine being used by someone to access the site. Or bribe/threaten them to give you a password. Or look over their shoulder as they log in, etc etc etc.
There is a "back door" of course. The server is an Amazon EC2 instance and I can log into it using ssh. Again you need to bust ssh or get a key and so on. Much like the front door.
How else can you get in?
Well of course if you work for Amazon and have the right creds it's trivial. Or perhaps you know some vulnerability in the Amazon infrastructure.
There is more...
All the code running on 2π.net is here https://bitbucket.org/zicog/propanel/overview. So find a way into bitbucket and you can introduce a back door into my code which will eventually find it's way to the live server. Of course having the code on view might allow you to find a security hole that I introduced due to ignorance or error in design or coding.
There is more...
How does that code get to bit bucket? Why from my PC at home or in the office. Just get to those machines and you have a chance to introduce changes to the code or even directly login to the Amazon instance using the ssh keys these machines have....
There is more...
Probably, I can't think of them all!
Oh, except...I don't store any passwords on that server. But if anyone signs up there their username and a hash of password is managed by the stormpath.com authentication service. If stormpath gets busted at least it could cause all my registered users to not have access any more.
It's hopeless. The attack surface is huge and mostly out of my control. How can ever be sure this is secure?
It's like building a house with a front door, a backdoor, dozens of windows, a bunch of delivery doors round the side and numerous secret tunnels to other houses around the neighbourhood and far away. Buggers will probably come in down the chimney or up the sewer after I'm done checking everything else is secure.
Luckily it's only a play thing so I don't really worry. Yet.
Comments
Ultimately nothing is secure enough. I just got fascinated by the whole security idea when it comes to web sites and other network operations. Things like XSS, CSRF, CSP, HTTPS, authentication, frame high jacking, cookies, web tokens, input sanitizing, etc, etc.
I guess it all started when I figured out how easy it was to deface this forum after its "upgrade"
Then I got fascinated as to how to implement some or all of the most often suggested security features. One can use web services or "frameworks" that provide such security features out of the box but I wanted to see how I could cobble it together myself.
Anyway, I need to know something about all those buzzwords and what to do about them so I can deal with the security snake oil salesmen for work purposes.
https://en.wikipedia.org/wiki/Principality_of_Sealand
Frankly, the last thing I would care to do is to spend the rest of my life dealing with rust prevention. I'd much rather have a damp and drafty stone castle on real land.
I tried my own website, but it really demanded more upkeep that I care to deal with. I simply have enough to deal with in terms of dusting and washing socks. Cleaning up dog hair has been a loosing battle for nearly 15 years now.
Last I heard the King of Sealand, or was it Prince, had died and the place was up for sale for 700 million pounds or so. Unlike the China Sea though it's a bit cold and harsh in the winter!
I don't really want a web site. I do want the ability to control and monitor things remotely. I believe it's called the "Internet of Things" now a days despite the fact we have been doing that for a decade or more already. Security is the first consideration hence the delay in getting it to actually do anything useful
Of course there is now a "gold rush" going on with a lot of vendors trying to sell you their IoT solution...Nah, I want my own solution under my own control thank you.
If you don't include any other context, "An order greater" is basically, 10 times greater, or a multiply by 10. "Several orders..." is x100, or x1000, etc...
We use "double", "triple" for x2, x3 and so on.
"Significantly" is useful here too. In a stats sense, that word means there is some meaningful distinction that can be made from the data, or observation under discussion. There are formal math definitions of significance associated with this, just as there are for "order of magnitude" For ordinary people, it's enough to equate "significant" to, "enough of a distinction as to be particularly notable."
Overall, this concept is embodied in the word, "colloquial", which means "in the sense of, or used in ordinary conversation", and the subtext is all about implied context your average, reasonable person would have in common with the speaker.
Anything else simply needs that context to be explicit, not implied or assumed, and it will all still work. Speaking, or writing with precision and or fidelity requires a keen understanding of implied context so that one can be prudent and reasonable with the inclusion or reference to specific, or explicit context. It's an art in many ways.
With sound as another fun word playground, an "order of magnitude" louder is ambiguous. In the colloquial sense, it's "the perception of being more than twice as loud", or not just "louder", where in the technical sense, it's actually a x10 discussion for what people would describe as "moderately louder", though closer to "significantly louder", etc...
If the context is implied, and your expression is aimed at common, ordinary, non technical people, it's to your benefit to consider the nature of implied context and whether it actually serves your goal of expression. Where it doesn't, you need to add explicit context for it to be clear and meaningful to the target, or most people.
What does one do for fresh water?
But Sealand does provide a lot of legal precidence about the hazards of creating artificial islands far from shore.
The South China Sea is where all the typhoon end up after passing over the Philipenes.
The real problem with artificial islands is your sources of food and water. I suppose fish traps could be permanently in operation. But what about carbohydrates?
Translation: "Not just a lot more secure, but more secure enough to warrant a gross expression to avoid the impression of marginal gains."
As we don't have units for levels of security, or at least we don't have common ones that I know of, other than simple things like dollars per square foot capable, general language is limited to:
-more
-a little bit more
-significantly more
-an order more
...and so on.
All of which boils down to, "enough more that I feel really good about it, as opposed to merely feeling better, or good."
Yes! For me, that was a troublesome concept. It's not now, but it was. In the end, security boils down to marginalizing favorable risk / reward scenarios to favor the one desiring some measure of security.
If they really want it, they are going to be able to get it, whatever it is.
Yes, context is always important. I posit that this is a technical forum an hence use of an expression like "order of magnitude" here is already embedded in a technical context where the usual base 10 meaning prevails.
Also yes, we can't sensibly apply measurements to security. I was being a bit free with my use of "order of magnitude" there. Something can be totally secure against all expected attacks, until the day someone comes up with the trojan horse or lock pick that gets them in, all of a sudden you have no security.
Except we can quantify the amount of time it takes to brute force attack crypto algorithms, hence old algorithms being discarded as computers have become faster and cheaper to operate in huge clusters. But of course the attack surface of most systems is so huge that busting the crypto is not the way you get in, often it's an exploit of some other feature in the system.
At the end of the day it a trade off between security and usability. One has to evaluate how much effort a potential attacker is going to expend trying to get at your stuff. Is it worth their bother?
@loopy,
I guess supplies on Sealand are not such a big problem. It's only 12Km from civilization and the local supermarket. Hardly worse than some places I have lived on land !
So what is the "attack surface" of my little project here?
Firstly there is the front door. That is to say the web page served up over HTTPS. To get in through there you need to bust HTTPS, or the password scheme, or get cookies and such off of a machine being used by someone to access the site. Or bribe/threaten them to give you a password. Or look over their shoulder as they log in, etc etc etc.
There is a "back door" of course. The server is an Amazon EC2 instance and I can log into it using ssh. Again you need to bust ssh or get a key and so on. Much like the front door.
How else can you get in?
Well of course if you work for Amazon and have the right creds it's trivial. Or perhaps you know some vulnerability in the Amazon infrastructure.
There is more...
All the code running on 2π.net is here https://bitbucket.org/zicog/propanel/overview. So find a way into bitbucket and you can introduce a back door into my code which will eventually find it's way to the live server. Of course having the code on view might allow you to find a security hole that I introduced due to ignorance or error in design or coding.
There is more...
How does that code get to bit bucket? Why from my PC at home or in the office. Just get to those machines and you have a chance to introduce changes to the code or even directly login to the Amazon instance using the ssh keys these machines have....
There is more...
Probably, I can't think of them all!
Oh, except...I don't store any passwords on that server. But if anyone signs up there their username and a hash of password is managed by the stormpath.com authentication service. If stormpath gets busted at least it could cause all my registered users to not have access any more.
It's hopeless. The attack surface is huge and mostly out of my control. How can ever be sure this is secure?
It's like building a house with a front door, a backdoor, dozens of windows, a bunch of delivery doors round the side and numerous secret tunnels to other houses around the neighbourhood and far away. Buggers will probably come in down the chimney or up the sewer after I'm done checking everything else is secure.
Luckily it's only a play thing so I don't really worry. Yet.