listening
... not listening for that "flushing sound"... though that one is pretty key,
but for the sound of running water interrupted a couple of times...
Wash your forking hands!*
Because it is pretty awkward and a bit disgusting when they've left the bathroom and you didn't hear that washing sound...
We've only really taken hand washing seriously since 1867 when Lord Lister published his paper on the use of carbolic acid to wash hands.
Just 150 years ago.
And it still a problem today at home... even in hospitals ... and doctors know better.
Digital Hygiene - rethinking better security
This past weekend, I started reading the book, Better, by the surgeon, Atul Gawande. He opens the book with an extended dicussion of ...handwashing
And its importance for infection control.Fascinating stuff (I highly recommend the book and I'm still in the early parts of it).
What struck me was how computer security is very much like infection control.
Except, we've gotten wrapped up with all of our high-tech toys - our cryptography, biometrics, IDSs and IPSs, etc., etc. etc.
We are constantly looking for some security magic bullet.
But we don't wash our forking hands.
We don't practice basic digital hygiene.
It isn't really fun or sexy, but perhaps it is a better way to get better security.
And it isn't just one thing. There is no magic bullet.
Infection control works when everybody is involved. At every stage of each and every process.
There are changes in practices (washing hands, gloves). There are technologies (chemical and heat-based sterilization, disposable instruments). There are simple tools (alcohol gels instead of hand soap).
But, for computer security...we haven't built up our basic "digital hygiene" practices.
Instead of creating a comprehensive security regime of imperfect elements that strengthen security together, we keep looking for a "special security solution".
It hasn't worked.
The state of digital security today is no better, and probably worse, than it was when I started in the field in the mid 1980s.
We've gone from DES to elliptic curve cryptography, passwords to biometrics, hash functions to blockchains.... and security as experienced on the ground is still pretty awful.
So, rather than thinking big, let's start thinking small.
The No BS Security Guides that I'm creating are my effort to help make actual security better.
One step at a time.
Let's start washing our digital hands.
* In the quite funny TV series, The Good Place, the main character finds herself unable to swear because she has died and gone to "The Good Place". Every time she attempts to swear, her words are changed and f*cking becomes forking.
Become a Patron!
No comments:
Post a Comment