The same is true for corporate applications (and devices like printers). If they're not secure on a public network, securing the corporate network won't reduce their risk that much: they're still exposed to potential breaches elsewhere in the corporate network.
If you leave your gun and someone 'steals' it to kill others - I don't think so.
It's all about intentions of third party which is one of many paradoxes of the law system.
Or I could rent appropriate storage space at a gun club, store the weapons that way.
It's a completely different gun culture to what is seen in the US, and personally I like it a lot more.
The Australian government would rather you get beaten, raped, or murdered in your home than enable to safely and effectively defend yourself.
What implement would you use that would be safer (for yourself) than a firearm? What would be more effective?
Better yet, what would you do as a weaker individual when confronted with two or more aggressors?
I don't know about you, but I don't pretend to be tough enough to "take em!" Nor would I want my wife to try and fend off those who have already committed felonies against my property.
Baseball bats, batons, mace, knives, etc. are heinous, laughable, or otherwise ineffective tools for self-defense.
Simply put: the firearm is an effective equalizer. It enables a mother to defend her family against multiple aggressors at otherwise completely unfavorable odds.
I value the lives of myself and loved ones far more than someone who has violated the rights to my property. I refuse to cede any advantage that might make the difference in my survival.
The question you should be asking yourself is not "Do I need a gun?" (the answer to which seems to be "yes", which should worry you more than that you might not be allowed to have one) but "Why do I need a gun?".
Incidentally, in Germany you can get a gun license for self-defense reasons. But only in very well-defined, very rare and very extreme circumstances.
If the average person needs a gun, the society is extremely broken. In some parts of the world -- mostly the so-called third world but apparently also many places in the US -- the society really is that broken.
The long-term answer to a broken society isn't arming the populace. It's fixing the society so it's no longer broken.
Guns turn many non-violent crimes into violent crimes already, just by being widely available. If a criminal has to expect to face a frightened, potentially very lethally armed individual in the course of their crime, they are more likely to plan for that eventuality and bring a gun or lethal weapon when they wouldn't have had to otherwise.
The only thing more worrying than a frightened normal person with a gun is someone who is already in such a mess that they knowingly engage in an activity where they will likely have to face such a person (or some theoretical hard-boiled vigilante, though that's the far less likely encounter in practice).
Instead we need to prevent those crimes in the first place. I know this is a very un-American concept, but every crime is a failure of society. Not just because the powers that be should have interfered in the process of committing that crime but because the criminal shouldn't have been allowed to become a criminal in the first place.
An overwhelming amount of crime is the direct or indirect result of social problems and drug politics. Society being broken isn't normal, even when it seems pathological. Prevent crimes and you save lives, give people guns and your best chance is that you add more "bad people" to the bodycount.
There are exactly two groups of people we want to have the legal permission to use lethal weapons in the course of their duty: soldiers and the police.
Soldiers sacrifice their humanity to protect society from external harm. They're trained to overcome their natural inhibition to murder people in cold blood because that's what they are up against. That's why we should respect veterans, we shouldn't aspire to become like them. They're essentially trained to act like sociopathic murderers if necessary. It's a failure of mankind that we still need them at all.
The police on the other hand shouldn't kill people. The act of shooting to kill in hostage situations is called "Finaler Rettungsschuss" in German -- literally, a "final rescue shot" or more figuratively a "last resort". During normal duty a police officer shouldn't even unholster their weapon -- which seems obvious if you consider that you should only aim a gun at something you plan to destroy.
In the UK, normal police officers don't even carry guns on them in the first place -- although the terrorism scare has led to heavily armed policemen (in effect, untrained soldiers) showing up in various places. This should seem obvious: the chance of facing an armed criminal willing to seriously injure or kill police officers is extremely low and if someone seeks out to specifically do so they'll likely not give sufficient advance warning to shoot them.
But of course this isn't very helpful in the US where you can't even expect the police not to harm or abuse you.
Yes, it's probably legitimate to want a gun (and want to be trained in its use and learn to use it against other humans) in places like some parts of the US. But I think it's solving the wrong problem. You're trying to fix a broken pipe with band-aids. Just think: if your society is so broken you need a tool for murdering humans just so you're reasonably safe in the course of your normal life today, what will it be like tomorrow? And what are you doing to change the course -- at least for yourself and your loved ones?
My front door doesn't even lock, and i'm happy that way.
That said, it's better not to own a gun.
Moreover, there is a staggering number of firearms that predate any sort of government record-keeping. It's not like these are muskets and black-powder revolvers, either - most of the designs for hunting rifles and shotguns are nearly unchanged from models that were available a century ago.
All firearms I have purchased privately, been gifted, or manufactured also do not fall under this category.
You can easily limit the bandwidth guests can use so it is not noticeable to you anyway.
For example in the above column he repeats an urban myth: that running an open WiFi access point provides an affirmative defense against prosecution for things like piracy, hacking, or child porn.
I call it an urban myth because, personally, I have yet to find a court case in which such an argument was made, let alone one in which it was a determinant in the verdict. It's endlessly repeated online, with seemingly no evidence that it is true. (If someone reading this is aware of such a case, please reply with it! I would love to know.)
Also be aware that this was written when WEP was the state of the art in encrypting WiFi, and long before tools like Firesheep were widely available. You can't expect Schneier to make security arguments that will be true forever. Today it is so easy to snoop on open WiFi traffic that any given 11 year old could do--and today WPA2 is sufficently good to stop that.
At the same time, Bruce can be really right about things too, like how to properly secure a laptop. If anyone could run open WiFi and still be secure, it's a security expert. As opposed to my dad, who until recently was running Windows XP SP1 on his computer. He benefits from an encrypted WiFi signal as the first layer of the security onion.
I'm not worried. It is extremely unlikely that there are any kiddie-porn fans in my neighborhood to begin with, much less any within range of my wifi signal.
not quite what you're looking for, but effectively the right thing. an ip address does not identify you personally, the same way a drivers license does.
^ FTA. Not "ignorant", but more flippant. Not everyone has options when it comes to ISPs.
Google did not just throw away this layer, but replaced with device authentication. They are essentially using two factor authentication.
If you have the resources of Google it's a bit different, especially if all of the software is custom and developed internally.
You can still have location-aware servers that can talk to eachother directly. This should be done over an encrypted channel as much as possible.
As to firewalls, on each server only allowing access from those ports applications run on is probably a good start. Better still would be publicly facing machines that act as reverse-proxies to backing servers that run said applications.
As intimated only approved machines (likely with client certificates and pinning to mac addresses, and probably only a limited number of accounts beyond that) can tighten things farther.
Putting your exposed (internal use) applications facing the internet doesn't mean unlocking all the doors. There are ways to mitigate and reduce the effects of a 0-day vulnerability in practice. The fact is that by making it all available anywhere, makes you think of the risks in a way that is actually better in practice than just believing because you are behind a hard shell it isn't easy enough to get to the soft-gooey center.
A hardened system involves more than firewalls and vpn access. A properly hardened system should be able to run over the internet. TLS channels with certificate/mac pinning alone can go a long way in terms of communications, and is far more than a typical firewall/vpn setup would offer for protection. This goes from SSH to your internal services. For that matter not exposing anything beyond SSH, and requiring tunnels for all communications may be simpler still.
Mix in LDAP for access, with accounts, machines and certificates all tied together and you have a pretty good base recipe for a hardenned system. That said, this isn't the only approach, just me rambling on about the ideas. There is overhead in terms of development, operations and management to setup such a system. Not everyone can implement such a system, given what they may be starting from. A smaller company would have an easier time for many cases than a larger company. It may require the use of a windows terminal server behind a secured channel in order to keep some critical applications (likely wrt finance). Other applications may be excessively costly to migrate, and others still may not have the necessary protections.
Given that most internal applications are web based these days it is slightly easier than at any other time in computing history.
Does this include the firewall and VPN?
I think you want all your applications to authenticate the device and the user before proceeding to anything. This looks indeed impossible with third party closed source apps (if only because you can never be sure there is no backdoor).
Then, even if you authenticate every remote peers using TLS client certificates, you have to follow closely the vulnerabilities of your TLS implementation... But that should not be less manageable than to make sure your firewalls are reliable.
Seems easy enough: don't allow the app to bind to a port on any interface besides loopback, then put an authenticating reverse proxy in front of it that can actually receive remote connections.
If it's an HTTP service, you can use nginx with client SSL certificates. For other protocols, spiped might be a good choice.
TLS implementations having serious problems as the last few years proved it. We need a more fundamental change in security protocols and implementations, using reliable crypto (for example elliptic curve cryptography) and implementing them in safer languages (like Rust).
Edit: Great talk at lisa in 2013: https://www.usenix.org/conference/lisa13/enterprise-architec...
As some other folks have pointed out (and contrary to what the headline implies), there's isn't just setting your firewall to allow 0.0.0.0/0. In particular, pay attention to the Device Identity (client cert) and the Access Proxy parts.
> "The new model — called the BeyondCorp initiative — assumes that the internal network is as dangerous as the Internet."
Of course, there's a certain irony that Google isn't fond of remote workers. :)
That's slightly self-centered. Nobody cares about you or their co-workers so much that they are offended if you don't want to work (or bask) in the team's presence.
People are tribal by nature, and one of the ways humans feel a sense of belonging is through overcoming common conflict (i.e. Tuckman's stages). While not impossible, it's much harder to have common conflicts if you're just not there.
People were tribal before communication tech.
That said the company success will depend on how frequently the information can be mixed up. That said, some roles do not need as much communication as others, especially in mature business and niche positions.
our entire team is remote. it's really obvious when someone isn't at their computer. it's basically the only hard requirement of the job beyond the work product - be at your computer when you say you are going to be at your computer.
It's the same reason why almost every company programs in blub vs. lisp, haskell, erlang, etc. The skill level of employee can be hard to find who can do those things. Companies already feel supply constrained with engineers, now imagine you add the haskell requirement and you need to hire 1000 of them.
Startups can leverage this disadvantage sometimes by not having a statistical management requirement and start with a foundational advantage. There is also the case of using haskell killing your startup although because of tool problems, and big companies being able to make small special R&D type teams that can use Haskell, so it's definitely a balance.
I remember doing a quick fix for one of the attractions at the melenium dome - the core part of the work was working out on paper all the permutations and what should happen the coding at a terminal was the trivial part.
BTW the program correctly run first time and was delivered in less than a day.
For example, "water cooler" conversations. In a physical office these happen because people are conditioned to make small talk. That is not the case virtually, as it's easy to spend an entire day in a chat room with a co-worker and never interact with them.
As a remote worker I actually want to have this routine, meet people, this is why I go to a coworking space.
The benefit of remote work is that you can have much more choice in the company you work for, without having to move to SF/NY/London/Paris/<some other crowded and overpriced area>.
That would be true if most companies allowed remote work. In my experience, only a few do. Even fewer have a "remote first" culture, where you don't miss important discussions if you're not in the office.
I guarantee that the company that can scale up effective remote working that has severed the tether to co-located organizational structure will be wildly successful. Unfortunately, I think it will also have major social repercussions similar to the impact that autonomous transportation has the potential for causing.
Aside from that, hangouts, lync and the like do make communicating remotely very nice. I've wanted for years the ability to actually share a project session with someone via Visual Studio (or something similar)... so that you can work in the same visual space... if you're on the same file, you can see eachother's edits/changes real time... if you're in other files, you can just flow...
I don't think it all requires that people be in physical proximity, but there are advantages to being a closer team. I often find that 3-4 developers in the same room can dramatically outperform teams that are disconnected from each other. But then again, I think that if your project can't be distilled into units of work/services worked on by 3-4 developers you're doing something wrong.
Those are not necessarily solely financial incentives, but they function to compound and combine with already established systems of corporate organization, personnel structures, and general status quo operations and processes. In that scenario, the co-located work paradigm was not only supported and strengthened where remote working was not, but it also set an expectation that thar be government breast milk in tumultuous times.
I am no corporate tax, accounting, or financial expert; but what I can say is that it seems to be the forest that can't be seen for all the trees.
$10,000 in gross profit - 20% in taxes = $8,000 net profit
$10,000 in gross profit - $1,000 rent = $9,000 - %20 taxes = $7,200 net profit
The net rent was $800 instead of $1,000 but not free.
Tribal? Yes, unapologetically so.
- lots of information is ambient at the team place
- because not all people are that concentrated at home
- because working alone is difficult sometimes (especially when you're under stress)
- because you're harder to contact (yes, some people are afraid to call a colleague at home)
- because people don't like to have 4 simultaneous chat sessions with colleagues
So a day of remote work certainly help, but I'd venture to say that's a maximum for many. Of course there are people who a re remote 100% of the time, but not everybody can do that. You have to love your work for that, and many people don' t /love/ their work...
It's hard to fully trust a person that is remote. Are they keeping your data safe?
Another solution is the idea of Amazons virtual workspaces for remote workers, this allows the company to have more control over the computer that the employee is using.
Thinking out loud, if I suddenly removed the firewall perimeter security from my network, moved security to devices/servers directly, dropped my NAT, switched to ipv6 with all publicly routable addresses, my network infrastructure simplifies incredibly. However, I do have to still protect my network to ensure network quality of service/availability and protect my devices/equipment from "public attacks". I guess the principal here is, the surface area that can be attacked is the same if you can penetrate the layered security approach - it all ends in the devices and equipment.
The fact that all devices/equipment can now have an publicly routable/addressable IP in ipv6 solves the problem of running out of address space, and would fit hand in glove with such an architecture.
Put another way, the network becomes just the network, without the need to discern between the intranet/LAN, the extranet/WAN (or DMZ) and the Internet/WAN.
Almost no one can actually route "publicly routable" IPv6. When it becomes a standard feature of DSL/cable, maybe.
Most companies run on stuff that is not their own. Microsoft Exchange running on Windows running on VMWare running in some 3rd party datacenter is a fairly modern way to host an email server. In that situation, everything is out of your hands BUT the network edge. You don't audit Microsoft's code bases, you don't specify how Webmail works, you don't control the discovery, disclosure, or patching of critical vulnerabilities.
Sure maybe the firewall/IDS/VPN only keeps amateur griefers out, but there are way more of those than APTs.
And folks will only have limited insight into the internals of all this 3rd-party software. But if you have a gated network, then you can use a tool like NetWitness to characterize and alert on your traffic--and just your traffic.
However, this doesn't say much about their datacenters which will still be heavily firewalled. IPMI, SSH, and other access wouldn't be shared over a wide open WAN. The "Cloud" (see: datacenter) LAN will still be protected traditionally.
This article doesn't have enough information in my opinion.
No separation of their cloud hosting and internal services would greatly simplify administration at the cost of having to beef up security mentioned in the article.
It also means you allow your device to be managed remotely by the company (i.e. purged if lost/stolen).
Google is right here though, this makes things easier for employees and probably saves them money (no vpn); unfortunately most orgs don't have the staff/expertise to pull something like this off.
More importantly though, I think google builds all their enterprise web apps in-house (speculating). Most orgs who do have intranet apps use 3rd party off the shelf software so pulling off Google's BeyondCorp architecture is less likely as they can't control or easily modify how they work. Ergo, VPNs are here to stay.
Even for those orgs who write their own internal applications: do you really want to expose your internal analytics dashboard to the internet?! GASP.
> squeaky bum time
Never heard this expression before. Quick search defines it as "An exciting part of a sporting event, particularly the final minutes of a close game or season". Unfortunately, I still don't really get the reference. Could someone spell this out for me?
I was really sick one day and I had no problems doing my work from home. Also, one of the great joys of working at Google is the availability of code labs that are individualized instruction to learn different aspects of their infrastructure and technology in general. I spent a ton of time when at home working through code labs that were relevant to my job. No problems with remote access.
However, I completely agree with the previous post that the user devices need to be considered untrusted. This is a huge problem with the Google approach. Certificate distribution and management on thousands of employee owned devices is not practical nor scalable.
Does it make a difference?
If my company starts selling cloud hosting and then I announce my company will be hosting its internal applications in "the cloud" (i.e., in my own data centers), what are the security implications for my company?
Are they the same if some other company asks me to host their applications in my data centers?
Is this article a PR piece (or "submarine" as PG calls it)?
What do you think?
Meant to be sarcastic? Google is in this market. Doesn't strike me that there is any chance they'd use MSFT or Amazon for infrastructure.
I applaud the idea and the effect of forcing security to be dealt with. But I don't know how feasible it is for corporations without their own B or C blocks.
It wouldn't be hard to add a global reverse-proxy/load-balancer HA cluster at the actual network edge forwarding traffic to individual applications' own load balancers.
It certainly would be helpful if there was a single point to handle the device-level authorizations, but again, many existing systems aren't necessarily designed to play well with others.
The sequence of packages needed to authenticate is different any time.
When you are talking about a company like Google that basically owns a large part of the internet (backbones, CDNs, hosting services) "moving stuff to the internet" it means a lot less than a non IT company like a bank.