Technology, training and policy lead to security

Kevin Mitnick in one of his books that security comes from technology, training and policy leads to security, and I believe that that is the truth, as a good example I can point to is Estonia’s ID card technologies. Unlike most countries Estonia took the plunge into virtualization their governments services, something that is widely debated in many other countries who hesitate to transition due to the security concerns, and due to that Estonia had to pioneer many different technologies and techniques to keep their and their citizens info safe.

The prime example as I had mentioned is the Estonia’s ID card technology, each citizen has one and it is unique to them, on the surface it may seem like something that would be ripe for exploitation, just steal someones ID card and you can basically impersonate them online, and that might even be the case if they were also somehow able to obtain the passwords and pins associated with that ID card. But that is where the “technology, training and policy leads to security” part comes into play. Estonia has a system called smart ID, a system that connects a phone with you ID card so that if it gets used a confirmation from the phone is required, sadly it isn’t enabled by default, but some educational facilities actually teach their students about it, so a good chunk of the population already has it enabled by the time that they start carrying their IDs with them, plus the government sometimes advertises it to spread awareness, increasing the amount even more.

Phones aren't usually stored together with wallets, so if a pick-pocket comes along and steals someones wallet it renders the ID card basically useless to them. Now another part that smart ID adds is that it allows people to not carry their ID with them everywhere, for example if they needed to login in to their bank or some other secure website that usually needed an ID card to access, they would be able to simply login via their phone.

Now it is true that every technology has flaws, so the virtualization of services came with an increased chance of some thing going wrong, but with proper education and the citizens knowing how things work, most of the relatively simple hacks and scams can be avoided, and the only thing that would be left to fear would be some unforeseen angle of attack and that sadly is impossible to preemptively stop.

Comments

Post a Comment

Popular posts from this blog

Three interesting examples of good ideas and interesting models which flopped for a variety of reasons

As much as people hope and pray, failure is an undeniable fact, some even say that it is an important step to success! So in this blog post I will be looking at and describing a couple of the most interesting ideas that had potential, but unfortunately were unable to live up to it due to one reason or another. Google Glass Sadly Google Glass falls into this category, unlike many of the products and services that I considered putting on the list, this one brought me the most sadness to put on here. I personally had high hopes for this product, when the rumors and leaks started surfacing on the internet around 2012, there was excitement and anticipation, and google later that year released a what could be video confirming the peoples hopes and giving rise to a new fervor! Then Google did a very eye catching demo of the Google Glass by having multiple sky divers wear the device and transmit everything live as they skydived to the conference, truly that was the peak of the excitement.  Whe
Read more

Review of the “Capture The Flag 101” wiki

Before I start digging into the wiki, for full disclosure, I do have to give some background as to my own experience with Capture the Flag, I have never done one to completion. I have researched some for school, I have also given a couple a try, but I have never finished, so some of my critic or praise might miss informed. My first impression of the “What is Capture the Flag?” part of the wiki is that it lacks sources, tho I do admit that my part of the wiki does look similar due to the inconvenience of putting the sources where appropriate so I do understand why there is a lack of them, but still it was a point worthy of mention. Now I do believe that the “Definition” part does a very good job at introducing the subject, as I am able to understand what a CTF is just from one paragraph! My only complaint with the next part is that most CTFs that I have seen accurately explain or at the least approximate their difficulty level, so that should have been said instead of what was written.
Read more