Collaboration

Tech Tip: Does more connectivity mean more vulnerability?

Find out if more connectivity means more vulnerability.

By Jonathan Yarden

These days, so many information security and privacy issues are cropping up that it's becoming difficult to decide what to write about. And the majority of these issues deal with the Internet.

The Internet is not getting smaller by any stretch, and it continues to expand, encompassing an increasing variety of products, both consumer and commercial. On the Internet, anything goes. If a host has vulnerabilities, it's only a matter of time before someone abuses or exploits the flaws.

Areas of the world are now online, as well as new devices, that previously had no connection to the Internet. And they're often running unmaintained systems that are in grave need of updating and securing.

At any given time, there are thousands of port scans running, identifying hosts and services running on these systems. Some of these are automated port scans, and some of them are probably unreleased worms looking for target hosts.

Earlier this year, I stumbled across one of these previously unknown worms on two Windows servers. Even on a fully updated and secured Windows 2000 server, someone managed to find a way in.

While this experience is undoubtedly not unique, that doesn't make me feel any better. In my opinion, we're simply not prepared as a society for both the benefits and the risks of having so much connectivity.

Putting Internet Protocol (IP) into everything electronic is a dangerous use of technology. But until consumers demand security and accountability with Internet products, it will continue. We're a long way away from holding companies liable for insecure products.

These new products offer cool features, but is security a design consideration or an afterthought? Many of these products include popular buzzwords, particularly "Internet-ready" and "Internet-enabled." However, that doesn't mean there's always a compelling reason to use them on the Internet.

I sometimes wonder if it makes sense in the long run to enable Internet accessibility in the majority of consumer products. Cell phones and computers are obvious examples, but what about other consumer products that are IP-enabled?

Just because a product uses IP doesn't mean it should. We're still not anywhere close to fixing the current problems with the Internet. Internet security is getting better, but it can't keep up with the flood of IP-enabled products, both wired and wireless.

Most serious wide-scale exploits occur quickly because they infect a large number of hosts before anyone takes steps to secure them. But most users care little about Internet security until they find themselves faced with a security problem. With so many devices connected using the Internet, we're more vulnerable than ever to a massive Internet-sourced problem.

Internet and information security should be the second thing you consider with any Internet-enabled product that you use. But the first thing you should consider is whether you even want the product to use the Internet in the first place.

Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.

Editor's Picks

Free Newsletters, In your Inbox