Pump Scenario
There's no such thing as a computer virus, only
unsafe computing.
Okay, okay okay! If you surf the internet you
could contract a malware, or a worm, or a bug or
something. It could happen, but there are precautions
you can take. What are those precautions? Let's
brainstorm.
For one, you could not surf the internet.
Unlikely, eh! What if you didn't open any links that
downloaded things to your computer that you don't
trust. Good idea. Research the companies and sites
you connect to and know their reputation. You wouldn't
expect Sears to have a virus, would you, and you can be
pretty well be assured that they've done all they can
to prevent malicious code.
Here's one that you're not going to like. Erase
your computer and start over. Yes! There is an
absolute way you can be assured that your computer is
safe. Erase the hard drive and reinstall the operating
system, and any programs and files you want to use.
Starting over requires some organization. You need
a list of all the software you use and want to install,
and some sort of back up system for your personal files
(which we should have anyway). Then when you want to
use your computer on the internet, to make a financial
transaction for example, make sure that's the first
stop after you've reinstalled your operating system.
Just organize your banking once a month to coincide
with your computer cleansing.
Granted, that's asking a lot for the home
computer, but business systems should consider it, and
put into place. It might even make sense, if you can
afford it, to have a second computer for financial
transactions only, and then erase it once a month or
so, whenever you process important personal or
financial info on it.
Of course there are some situations where you'll
want to transfer information over the network, be it
the internet or local network. Eighty percent of
internet traffic is on ports other than port 80, which
we all surf for fun and profit.
Let's say you're a water plant and you want a pump
to report to your controller machine, periodically,
flow rates. The pump's electronic sensor connected to
a local machine triggers file storage and then a timer
causes that machine to dial the internet and call your
main office computer, via port 14448 and uploads the
file. Your firewall is so intense on port 14448 that
only the pump can call your computer through that port,
which specifically patterned (enveloped) data.
Let's say your pump also has a regulator, in case
you want to shut it off remotely. You don't want
saboteurs attacking your system and shutting it off
when you don't want to, so once again you pattern and
encrypt the information before it is allowed to out
over port 24223 and switch the pump off. Imagine the
firewall for that and with a little obfuscation you've
reduced the chances to almost zero of a war games
scenario for your pump.
There are no absolutes and your not going to get the
Princeton eggheads, who got most of the government
encryption work in the nineties and early 00's, to say
your pump is perfectly safe. So when you try to sell
that to stock holders at the next meeting, good luck,
because they want everything absolutely secure: no
'ifs' 'ands' or 'buts'. That's your job and you darn
well better do. So you lie for a bigger budget. Well
you don't lie actually. Just when your trying to
explain the budget you describe scenarios that could
happen and find out that's what people want to hear
about security, when you know full and well that your
pump is safe, unless Bob in accounting sells the access
codes, which you don't have any control over, so thank
you very much.
kbushnel.sdf-us.org/contact.html