The Ancient Art of Cybersecurity

image created with HeroMachine 3

The supplicant comes to the venerable master and asks, “O Guru, how may I be safe on my computer? What tool must I install?” and is told, “Ah, Grasshopper, the security that may be installed is not the true security.”

Okay, I may have taken a little poetic license in the above, but it is a more or less accurate summary of a lengthy mail exchange I had recently. I don’t actually sit atop a mountain dispensing wisdom, but as a long time hacker and software engineer, with decades of history in the realm of computer and network security, people often come to me seeking advice on “cyber” security. Because of, and not despite, my years of experience, I am never comfortable answering the question. It may be useful for me to explain why.

  1. Never accept any software that is offered to you. Only download software that you sought out and only from legitimate distributors, such as official app stores or directly from the creator of the software.
  2. Keep your system, and the software on it, up to date on all security patches.
  3. And so on.

Guidelines for everyone

These guidelines are all special cases of the principle that the computer should always be doing what you want it to do, not what someone else wants. Remember, an attacker wants to get you to run software for their purposes not yours, or to reveal information to them without thinking about it. Think about it, and remain in control. That means:

  1. Never accept any software that is offered to you. Only download software that you sought out and only from legitimate distributors, such as official app stores or directly from the creator of the software.
  2. Similarly, don’t accept advice or assistance with your systems that you didn’t seek out. No, Microsoft does not call you out of the blue on the phone to tell you about problems on your computer and offer to fix it. Windows that pop up on your screen recommending specific software are ads, and are highly suspect.
  3. Keep your system, and the software on it, up to date on all security patches.
  4. Make sure that everything of value to you is backed up. Frequently. Automatically. Multiple backups, stored in different locations, are best.

Guidelines for Specific Home Systems

For implementing these guidelines you will need a guru. Seek a professional or your local or family nerd. If you are using Apple products, the “Geniuses” at the Apple Store’s Genius Bar can help you. If you are running Windows, the folks at the Microsoft store or local computer store may help. For Android, Chromebook and other Google-based products, you will probably need a local or family nerd. If you aren’t a nerd and computer hobbyist yourself, you probably shouldn’t use Linux. If you do, whoever convinced you to do that must help.

  1. Each computer that you have should be properly configured to operate in an appropriately secure fashion. If, like my friend’s friend, you know that there are people specifically targeting you, then security settings should be set to highly secure, and you should be taught how to use it with those settings. Otherwise, moderate security is probably appropriate.
  2. Every computer, mobile device, and network device should be set to automatically install at least all security updates, and probably all software updates. If your guru doesn’t think you need to automatically install security patches, you probably have the wrong guru.
  3. If you use many internet services, and need to create a lot of accounts, you should consider using a password manager such as LastPass. If you know you are under attack, this is a must. Also, LastPass (and some of its competitors) gives you a secure vault to store encrypted information in, in addition to passwords. This makes makes it much easier for you to encrypt important information.
  4. If your system is compromised, you probably need to start from scratch. Have your guru reinstall the system and applications, and restore your data from backups. Before they start, they should make sure that your backups are usable.

So, who am I, anyway?

For those wondering who I am, and why I get these questions, perhaps a short introduction is in order. I started out hacking computers at MIT, Harvard and Stanford over the ARPAnet more than 4 decades ago, back in the days when routers and computers on the net still had guest accounts. A couple of years later, I caught the first intruder on Digital Equipment’s computer and was a member of the in-house teams that that dealt with intruders like Mitnick and the Chaos Computer Club on the corporate network.

Got on the ‘net (the ARPAnet) in ’74. Spent 4 decades doing things I’ve never done before. Currently researching Machine Ethics. Prev: Eng. VP at Silent Circle.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store