The “Perfect” Firewall…

Security is a story of economics. It is about risk. In my time in the industry, I’ve worked for a number of large players and managed the security for a number of highly secured organisations. In the 90s, I acted to implement and secure the Australian Stock Exchange as they first went online. I also helped organisations such as Lasseter’s Online, an online casino. The reality is, none of them were perfectly secure. They were all secure enough.

This is important. Security is a risk function. You do not pay more than the value of the asset to secure it. If you do, you are not secure.

Marcus Ranham and I had a number of run-ins back in the 90s. He was one of these people who had this idea of perfect security, in particular with his Gauntlet firewall product and his company Trusted Information Systems (TIS). I had a number of clients in the federal government who implemented it because it was secure but fell for the lie of perfect security. You see, one part of the security triangle is availability. And Marcus had the idea that disconnecting the Internet would be a good security control.

One of the government departments received threats of a denial of service. They would go to conferences and training where Marcus presented and taught them the ultimate firewall: a pair of pliers. The problem here was that disconnecting the service greatly disadvantaged many people who used the government site. Think about it now; imagine Google disconnecting from the Internet.

I was ridiculed for my argument. I told the department that they should not disconnect under any circumstances — if anything implement multiple redundant paths. For two weeks, the government department disconnected from the Internet, and stopped payments to a number of people who were disadvantaged. To some of us, not receiving money for two weeks may not seem all so important; we can live on savings. For many of the people impacted in the late 90s, it was a problem. Luckily, very few people overall had their payments processed online at that stage.

Bitcoin does not need to be perfectly secure; there is no such thing. Bitcoin needs to be resilient and available. In seeking the perfect, we destroy any hope of achieving something that can be great. Such is the problem with Core and others, and in seeking perfect anonymity, they create a system that cannot work in the real world. In seeking perfect security, they chase a dream that can never be achieved. As with all things in the world, there is no perfection, only risk.