Internet Security & Server Security. The Internet is the new battleground. In the past, we thought of wars as mainly fought between traditional standing armies, navies and air forces, (with perhaps a dash of ‘intelligence’ thrown in for good measure). It was also relatively easy to control the narrative on the home front media, etc, unlike it is today. Then the world wide web, and the internet came along, and the world changed. Internet security is now a topic, alongside server security, network security, and IT security. You get the general idea.
Today we live in a world, where (in practice) the internet knows no borders. Some large corporations have a great deal of influence over our online activities. Then there are causes, whose financial backers are unknown, and whose agendas are not always clear. Toss in a few ‘freedom fighter’ organisations, or activist causes. Sprinkle with political activists of one sort or another, out to change the world.
Criminals have adapted to the internet with even more ease than the advertising industry has. So have ‘state’ sponsored organizations. At times it is hard to tell the difference between the later two, especially when a company or a government department finds its company server under attack, or more often that not, the company server is under attack, but they do not know about it…. (Later the hack may be successful, and the company loses its secrets or proprietary data, customers lists, credit card numbers, etc., or perhaps it is ransomed. Many novels and TV shows like to use the backdrop of this murky world to place spy novels. There is simply so much scope in this field for any author to work with.
The problem is though, the science fiction of yesterday is the reality of today, or the near future. Along the way various governments are accused of tampering with elections, or simply looking to help their home county industries with a little ‘R&D’ advancement, etc. The upcoming 5G era will make this situation much more interesting, the potential is indeed limitless. Militaries may also face vulnerabilities, should their equipment operating systems, and communications systems be compromised. Security services may face similar threats and challenges. Add the topic of social media to the above mix, and then stir. Then things get even more interesting!
Today criminals even set up call centres in other countries, and target Canadians, pretending to be the Government of Canada. The CRTC seems to be having some recent successes against them. Still Canadians are now no longer trusting if anyone now phones them claiming to be from the government.
In terms of passwords, they should contain a random mix of uppercase, lowercase, letters, numbers, and special characters. Do not recycle a password for use on two or more systems. Passwords should be ten or more characters in length, longer is better. Passwords should be changed every 30 days.
Also, be cautions of who you employ to manage your IT security. It does no good if your systems are secure, and then you grant access to the wrong people. People are not always whom they seem to be. The HR Dept can quickly undo all the hard word of the IT Dept.
My best advice to all companies, government departments, and such, is that if you operate servers, mainframes, and IT systems of any sort, ensure that they are well secured against intrusion attempts, and constantly monitor them for such activity. The internet is a battleground, so be on your guard 24/7 against those who mean you harm. Many attacks happen after hours, or on weekends or holidays, when monitoring staff may be few, or absent, though work day intrusions are very common as well. Be proactive, be safe, be secure. Check you access logs regularly, and see not only who accessed your system, but who tried to. Block IP addresses which have been used to try and brute force access your systems, (and if you do not know what that means, then you need to find out — quickly).