Hacker News new | past | comments | ask | show | jobs | submit login

Security through obscurity? Old technology and keeping disconnected from the Internet are probably decent additional security measures, although they shouldn't rely on it. Like the article says though, we still want these computers to be new enough to actually work



"Old technology and keeping disconnected from the Internet are probably decent additional security measures, although they shouldn't rely on it. "

It's called an airgap, and is easily the most effective countermeasure to cyber attacks, and, in conjunction with physical security and careful 2-man control/people management, should certainly be relied on.


The airgap technique didn't work so well for the Iranians. Stuxnet was designed to jump gaps via USB keys. Luckily, 8" floppies don't have enough capacity for a virus.


> Luckily, 8" floppies don't have enough capacity for a virus.

I'm positive you can fit an interesting virus on a double sided one (the most common I believe).


You're right - I forgot my MS-DOS history. Ahh, the days of 5-1/4" floppies and boot-sector viruses.

"Your PC is now Stoned!" http://en.wikipedia.org/wiki/Stoned_(computer_virus)


Airgaps aren't perfect, but are you suggesting their network would have been more secure without the airgap?


Assuming you have an impenetrable perimeter is a common reason for failing to secure the interior of a network. i.e. "It doesn't matter if we use Windows XP/don't patch things/don't use encryption because it's airgapped." Then, once someone does breach your impenetrable perimeter (through an insider, side-channel, whatever), the whole thing falls.

So yes, a network designed with the assumption that it will be constantly barraged with attacks is probably more secure than one designed be people who (subconsciously or not) discount the possibility of malicious traffic ever occurring.


It's a common meme - back in 1999, when I was running IT in a startup, a lot of the recent engineers who had come from Stanford were offended by our firewall. There claim was that our network should not have a firewall rule, because, by having a firewall, we believed that we were somehow "less vulnerable" than if we had no firewall, and that if we eliminated the firewall, then all of our servers, desktops, etc... would be secured, and, if someone were to get inside our network, they would not have any advantage.

The reality, is that you want to do both - have a rock solid firewall, and secure your internal servers.

In the case of a Nuclear Missile Silo, I'd like to believe that as much as possible was run with switches, dials, and manual controls which require physically penetrating the perimeter of the silo, and having all sorts of advanced credentials, procedures, and codes to actually accomplish anything. (Said PAL codes being supplied by the President or their designate).


Stuxnet also targeted more recent machines/networks. It'd be far harder to convince Lt. Smith to insert an arbitrary 8" floppy disk into their TS work computer than a USB drive.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: