16
Harambe
4y

Please stop putting critical infrastructure to the internet. Security on the internet is a joke, and we won't be laughing the time when someone dies from a cyber attack on another pipeline/dam/weapons factory.

Comments
  • 0
    do they use custom protocols at least?
  • 4
    @bad-frog Oh yes please, toss together something home brewn, because using something you _think_ is secure and no attacker knows how to use (until they figure it out) is definitely way fucking safer than using something that is developed publicly and has well known risks and guarantees.
  • 1
    @homo-lorens Unfortunately, security through obscurity is alot easier to sell to luddites (see: those in govt that make big decisions) than actual cyber security.
  • 0
    @homo-lorens oh, hurt me plenty baby
    nah its just that i got ideas again;)
  • 0
    @homo-lorens
    and i refuse to believe that these luddites from the govnmnt dont spend big cash on making solutions tailored to the problems.
  • 2
    @bad-frog they certainly do not
  • 2
    @AtuM that was what he said...
  • 2
    @bad-frog I'm sure they do, but that does not yield better security than existing methods of protection that are regarded as secure despite being public.
  • 0
    @homo-lorens hmm... with adequate funding we could be building dyson spheres...

    i believe that if you throw enough money at the problem you end up with something good.
    and if the protocol is hidden you have another layer of security.

    also we're talking governmental infrastructure so user friendliness shouldnt be a factor; i mean its not a problem if you need special means to communicate with your endpoint.

    so if the only constraint is for the communication to be routed, even i could come up with some shenanigans that would make decoding the transmission a sore. (in fact im currently working on something to that effect, for personnal use)

    now if people take big money for that id expect something really good...
  • 3
    @bad-frog Money in itself is paper, the power it represents is a precondition for but not the determinant of quality. If you pay your average webdev better they won't magically become better at security and they won't eventually outperform decades of public development and testing. They will just ship the same insecure shitty homebrew protocol that is nowhere near as hard to decipher as they expect because they forget the fact that attackers have a lot more time to figure out what they did than they have to invent and develop it.
  • 1
    @homo-lorens more money should imply more oversight. more pen testing also.
    or irrationnal leadership. which wouldnt surprize me now that i think of it...
  • 1
    @bad-frog The latter is in my opinion the most likely result. The same leaders who can deliver something approximately usable on a reasonable budget might not be able to distribute a larger budget with comparable efficiency.
  • 0
    @homo-lorens :/ big money implies big organisation implies big oversight... or one would think...
  • 1
    @bad-frog Dyson spheres are impossible due to lack of raw material to build sait sphere out of
  • 0
    @iiii ure right, i meant dyson swarm
  • 0
    @bad-frog yeah, those are a bit more realistic, but still too damn expensive resource wise
  • 0
    @iiii depends on your definition of "too expensive".
    if that means that current economy wouldnt be able to support that you or that we dont have the means to extract these from planets, you are right.

    but, in absolute, it can be done with current technology, using the asteroid belt as ressources. especially if were talking about statites arranged in a shkadov thruster.

    is it realistically feasible? fuck no. it would cost more than there is wealth in the world.
    but with sufficient incentive, like a world-ending event, it could be done.
  • 0
    @bad-frog no, I mean quite literally that it would also require more resources than there is on Earth.
  • 0
    @iiii maybe not.
    i heard two versions: one that says to cannibalize mercury, one that say the asteroid belt would be enough.

    some guy names stuart armstrong proposed the former, cant trace back the latter
  • 1
    @bad-frog mining asteroids is a fantastic dream which cannot come true for all the same reasons: cost. The cost of all the equipment, fuel and other stuff outweight all the benefits of mining. It's all the same as for mining hard to reach resources here on Earth.
  • 2
    I would like to note that while security through obscurity can help to further complicate an attack it shouldn't, under any circumstances, be your main line of defense. It simply is not possible to guarantee no one will be able to audit your infrastructure and find out how easy it may be to attack
  • 0
    So where do you want your network infrastructure?
  • 1
    @Tonnoman0909 Shuffling port numbers is security by obscurity but it's very useful for tripping up less sophisticated attacks, and because it's not possible to navigate a network where every node has odd SSH ports without making a lot of noise in the process. Security by obscurity forces the attacker to guess a lot, so it performs best in a system that otherwise works completely silently and therefore warnings are noticed.
Add Comment