These days, so many information security and privacy issues
are cropping up that it’s becoming difficult to decide what to write about. And
the majority of these issues deal with the Internet.

The Internet is not getting smaller by any stretch—it
continues to expand, encompassing an increasing variety of products, both
consumer and commercial. On the Internet, anything goes. If a host has
vulnerabilities, it’s only a matter of time before someone abuses or exploits
the flaws.

Areas of the world are now online—as well as new
devices—that previously had no connection to the Internet. And they’re often
running unmaintained systems that are in grave need of updating and securing.

At any given time, there are thousands of port scans
running, identifying hosts and services running on these systems. Some of these
are automated port scans, and some of them are probably unreleased worms
looking for target hosts.

I’ve recently stumbled across one of these previously unknown
worms on two Windows servers. Even on a fully updated and secured Windows 2000
server, someone managed to find a way in.

While this experience is undoubtedly not unique, that
doesn’t make me feel any better. In my opinion, we’re simply not prepared as a
society for both the benefits and the risks of having so much connectivity.

Putting Internet Protocol (IP) into everything electronic is
a dangerous use of technology. But until consumers demand security and
accountability with Internet products, it will continue. We’re a long way away
from holding companies liable for insecure products.

These new products offer cool features, but is security a
design consideration or an afterthought? Many of these products include popular
buzzwords, particularly “Internet-ready” and
“Internet-enabled.” However, that doesn’t mean there’s always a
compelling reason to use them on the Internet.

I sometimes wonder if it makes sense in the long run to
enable Internet accessibility in the majority of consumer products. Cell phones
and computers are obvious examples, but what about other consumer products that
are IP-enabled?

Just because a product uses IP doesn’t mean it should. We’re
still not anywhere close to fixing the current problems with the Internet.
Internet security is getting better, but it can’t keep up with the flood of
IP-enabled products, both wired and wireless.

Most serious wide-scale exploits occur quickly because they
infect a large number of hosts before anyone takes steps to secure them. But
most users care little about Internet security until they find themselves faced
with a security problem. With so many devices connected using the Internet,
we’re more vulnerable than ever to a massive Internet-sourced problem.

Internet and information security should be the second thing
you consider with any Internet-enabled product that you use. But the first
thing you should consider is whether you even want the product to use the
Internet in the first place.

Miss an issue?

Check out the Internet Security Focus
Archive, and catch up on the most recent editions of Jonathan Yarden’s
column.

Want more advice for
locking down your network? Stay on top of the latest security issues and
industry trends by automatically
signing up for our free Internet Security Focus newsletter, delivered each
Monday.

Jonathan Yarden is the
senior UNIX system administrator, network security manager, and senior software
architect for a regional ISP.