Wednesday, February 4, 2009

Safety: going up?

Today I will speak again about security. Analytical articles of this type, I usually begin with quoting the definition given, for example, from Wikipedia or a similar source. This material will be presented to my subjective opinion. For all the years of work in the field of IT security, I formed a view on the regional situation as concerning only the RB, as well as global. Today I will try to show the real picture of things.

SafetyTo get started, I would like, once again, focus on the meaning of «security». Will use simple words and explain everything on the fingers, so to speak. The problem is that security itself is not an end product or result. Safety - is a continuous process, which reduces the risks to minimize or even remove some. There is no difference between security in the IT sector, or in any other. If we are talking about isolating the machine from the LAN or the Internet, it completely excludes the fact of breaking the network, while retaining the need to maintain data from different types of malware. So the expression «why me antivirus, I do not work in Internet» is quite inappropriate, because data, you still share. Флэшки, hard drives, optical drives - all of these pathways zlovredov on your computer, bypassing any communication. Contrary to the established social view of security - it is not installing antivirus or firewall redirector, it is much broader. In fact, in itself installing anti-virus system does not solve any problems promptly. Several times I had to provide services ranging from friends, relatives and ending, so to say, «friends of friends». The vast majority are very surprised when I found hundreds of phone viruses on their computers. The question was always the same: «and where they came, because I have Kaspersky Anti-Virus is the latest version». However, it appears that the antivirus had solid overdue virus signature database, has never held a full system scan for malware, but still could be completed with long term use of the license key. So it turns out that this anti-virus would be more sense if it did not have. This is a situation that has occurred with respect to ordinary users. Taking into account the advanced users, those for the most part, believe that constantly monitor operating proactive protection module solves all the problems entirely, but scanning is not necessary. Again, surprised by the great ... home computer security requires constant monitoring by the user. And it does not need to be an expert in the field of security. It is simple to correctly configure all the components responsible for the security program to protect data at the level of the hard drive and operating system. Of course, fully without denial to ensure the security has not received any ordinary user or advanced. If any expert to undertake a serious car, it is still at the outlet of the system could be jeopardized. Indeed, the need for a high level of security in this niche of the IT world in our society there. Home computer is not stored on your disk, no secret data, and Internet banking are not using the people of Belarus the exception of a few percent of the population.

In the West, painting the situation a little better. Access to the Internet does not cause any complications, and almost every European or American, without problems using a global network for peanuts. We have the services of Internet access, although rapidly developing, but still far from the level of more developed countries. This is quite natural. Yet western user (by the way, as well as the east) without any problems of anti-virus updates, without fear for his pocket. Yes, and for the work of antivirus is not used VAREZE licenses in 80% bought because value of the last just ridiculous, given the income levels of western users. For this same user is still difficult to allocate about 100-150 rubles (depending on the program and the manufacturer) to purchase an annual license. Another important factor is that the informational support in the West are much more developed. Literature on IS (information security), there is much more, as a professional or amateur, calculated at the average user. With regard to companies, firms, etc., the situation is almost the same as the domestic segment. True, there are small differences related to the presence in the West, high-class professionals who really know their job competently and maintain a security policy in advance. These professionals are actively used by companies, and the last at the outlet are good protection. We are much worse: there are specialists, but the company did not want to recruit heavily overweight person. Let us in turn. Modernity demanded by firms and companies creating another department - to IB (at large) and a new position (small). This entails extra cost, of course. And there still ibeshnik said the acquisition of necessary corporate licenses for antivirus software, software for data backup, firewall redirector (if it is a firewall systems, both for the purchase of servers, etc.). This all leads to the solution of «before that once lived - and now live». But, gentlemen, is not there it was - the time comes, and progress does not like conservatism. Bill Gates said: «If you're not online, then you are not in the business», - so it had to be considered. So it turns out that communication is the infrastructure there, but keep it there. I see this complete anarchy. Local networks are like Passing yards: prolez through the gateway of access to the Internet, and is ready - walking, as you please. This is not a good thing.

With all this in private companies were still hit-or-miss place. It is natural, because no hunting to lose by their own hands. But in most gosorganizatsy of the whole security is only available on the monitor nakleechka «processing of classified information is prohibited». Admit, looking at the state iteshnikov, it is difficult to believe that there is at least one machine in the organization, which is designed to handle sensitive information. All this, apart from the smiles and sadness, nothing else is. At the same time on aid, even gratuitous, many refused. With regard to specialists, the so little. Yes, it is so true. Tragically it is aware of, but a modern education system overlooked the need to prepare ibeshnikov. In doing so, I do not take into account people who study cryptography, hardware encryption, etc. This is information security, but it does not complete training. To an expert on security meets modern requirements, he must know the work of modern means of protection. And how is arranged and operates an emulator or a code module is heuristic analysis of modern anti-virus program, no one teaches these people. Therefore a classical specialist, is not prepared for modern threats. In such a case remains the only self. Again the problem, because with the device to work the first thing asked, «Where do you learn?» or «what kind of education?». In my opinion, the expert must clearly know how to «do security», and not explain where he studied and what kind of education received. In the West, such a specialist just to test and was pleased to have a job, because people capable of productive self, - a very valuable man, and he deal in everything. And in our case would be to think very long and in most cases choose the negative. The results you too can watch: findings of the machines from viruses - it is not just a nuisance, it has become commonplace, «bytovuhoy», so to speak. And while the employee prints any invoice, the list of active processes already reigns trojans, viruses, worms, etc.

«So far, no thunder gryanet, man does not cross» - there is a folk wisdom. The situation is certainly changing, but very slowly. Rather than immediately adopt the experience of others, prefer to learn from their mistakes. Any company that has decided to acquire a local network or Internet resources, primarily to take care of security, and then - on the availability of other IT professionals. Title of article and pushes me to the conclusion in terms: so we go up or down, but can and do stand on the spot. Naturally, we are moving upwards, but not as fast as we would like. And so to a satisfactory level is still a long walk. I hope that will successfully and with minimum errors. Draw conclusions.

1) "Get Money for Clicks" NameDrive.com - Fastest Growing Domain Parking Company in the World.
2) Search your domain name wishing to have! FREE DOMAINS - yourname.co.cc

No comments:

Post a Comment