Home / Blogs

Am I Safer Within an Organization or by Myself?

Alessandro Vesely

An Internet Bill of Rights may or may not be a good idea. The point here is that, besides highly commendable topics such as net neutrality and privacy, some of them seem to mandate cybersecurity. Approved in Brazil last May, the Marco Civil includes the principle of preservation of stability, security and functionality of the network, via technical measures consistent with international standards. The Italian Draft Declaration of Internet Rights, clause 12, states that network security must be guaranteed in the public interest, ensuring infrastructure integrity and protection from external attacks, and in the interest of individuals.

Undoubtedly, law enforcement is important for cybersecurity. However, I don't think it is possible to grant security to users irrespectively of what they do. In some cases it may be difficult to track attackers, and there are countries where criminals cannot be prosecuted. Spam Nation depicts a very colorful account of the situation. A more recent post confirms that botnets are getting worse. In his Cynic's View of Security Predictions, Gunter Ollmann asks whether big data is a cure, surmising that that's where companies are heading for, for the good and the bad of it. But how big is big, nationwide?

Security is not my forté, but it seems to me that corporate firewalls lower security to the level of their weakest user. For example, HTTP proxies are often used for anti-virus scanning; they can easily circumvent encryption by forcing clients to trust corporate certificates. An attacker who breaks in by infecting the weakest user, could gain control of that proxy. In that case, I guess wise users would have been safer by themselves. In general, if it is advantageous to centralize security management, how large shall the implied bailiwicks grow to be effective?

Some say one cannot expect users to be the primary security managers of their accounts. Users certainly need support, education, and coordination. I wonder why we don't need some kind of license to operate computers, like we do to drive cars. Obama's 2013 order to improve cybersecurity talks about a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure. Any computer connected to the Internet must be considered a critical infrastructure, as it can become a zombie if improperly operated. Obama's approach seems to promote active, rather than passive, involvement. Yet, his order doesn't address the question of what training computer owners need in order to join the program.

By Alessandro Vesely, Tiny ISP and freelance programmer

Related topics: Cybersecurity, Law

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?