Net Security: A look in the future…

Jakob Nielsen in his article on security points out that user education is not the solution to the increasing Internet security problems nor is the problem similar to locking your door. Normally we lock the door for an average intruder, definitely not for KGB or FBI. However we have to protect our computers against most malicious and determined crackers at all times. Educating the users can only prevent a small spectrum of the problem. As the attacks become more and more sophisticated, it will be harder and harder for individuals to keep up-to-date with the latest means of protection, not to mention the overwhelming amount of information he will have to deal with. Additionally certain software’s are prone to vulnerabilities, which allows malicious coders to exploit them without requiring any lapse from average Joe.
To combat this scenario he suggests securing the computers and all its processes etc. However that is easier said then done.

A simple approach would be to use the misappropriate metaphor, we used earlier, of locking the door and make it more appropriate. A Russian criminal most likely would not attack my house in San Francisco because he has to fly few thousand miles and then he may have to deal with the local police, which is an unknown entity to him. He will be out of his home base and faced with several uncertainties, which makes the plan unfeasible.
So I only have to worry about local thugs.

Internet unfortunately doesn’t give me this security. Most ISP simply provides a connection and allows you to manage your security on your own. In case of a new virus you would almost always find that corporations are much less affected than individual users. Because they belong to a “house” which is well protected by “trained guards” or security personnel. However such a luxury is not available to average Joe.

ISP’s on the other hand have the capability and means to protect their customers and create a virtual protected community where the “residents” can live in peace. They can regulate inward access to the users of the community yet allow full outbound access. They can protect against outside thugs, which limits the users to protect against local thugs only. And this security can be made in layers like community, city, state & country. It would be extremely hard, if not impossible for any cracker to overcome this multi-layered security scheme. Also it limits the damage of a breach to a limited virtual area in cyber space.
This however restricts the ability of users to host their own websites on their computer. Firstly most users do not access Internet to host their site. Secondly such sites can be accommodated by ISP’s by locating them in areas, sealed from the rest of the community or host them on special servers. In fact it might be a good idea to separate the concept of web access from web hosting.
Even web access to any website can proceed through multiple layers of security checks, which scan against malicious attacks and identifies and isolates the attacker at the source.

Such a scheme can be started on a very small scale. Any ISP can start providing such secure access. The strong benefit to customers will soon drive others to follow suit. The strength of the scheme increases as more ISP’s join the fray.

This will however convert the web from “wild west” to a society of today. The days of unbridled anonymization will be gone, except through using specialized services like Freenet.

In conclusion I am proposing to structure the net similar to society of today and consequently will be subject to similar laws.