Posted on Tue 07 June 2016

security strategies

These are the basic strategies for securing what you care about. I will make certain assumptions: you are living in the early 21st century; you are living in a highly connected information state; you are not intent on committing crime, and therefore have no reason to spend an outsized portion of your wealth on security; you are not a particularly attractive target.

An “individual attack” is an attack against you in specific, with some degree of research being focussed on you.

An “organized mass attack” is an attack originating from an organization that does not focus on you in particular but is systematic and pervasive. Policies, regulations and laws can be organized mass attacks.

An “automated attack” is an opportunistic attack executed by computers against any visible target.

  1. Hope. They say that hope is not a strategy, but it is. Hope is the default strategy for most people, most of the time. “If I am not much different from my neighbors,” they think, “then I have a low chance of being singled out for attack.” Historically, hope is successful for most people, most of the time, and is absolutely no use for the people who are actually attacked. Hope is the cheapest strategy, if successful. It is a very expensive failure. Hope is overwhelmed by any individual attack, organized mass attacks, and automated attacks.
  2. Hide. You can try to remove your footprints and live in a hole. Serious hiding requires disconnection from your friends, community and society. The disconnection is costly in social terms, and that can lead to economic and psychological damage. Hiding involves avoiding institutions which collect and store data, including banking and credit cards, store loyalty cards, and restricts your use of many services and commercial transactions. Hiding does not require a large investment of money, but requires careful attention to detail and many non-default lifestyle choices. If it fails, hiding provides very little protection over hope. Hiding is vulnerable to individual attacks and is of variable use against mass organized attacks and automated attacks.
  3. Barricade. You can build walls. Carefully inspect what comes in and what you send out. Choices range from simple walls to defense in depth. Firewalls, adblockers, script blockers and physical privacy walls are all examples of barricades. You can accept certain connections and not others, judging each one on value versus risk. Barricade requires investment in both money and attention. A wall which fails does not necessarily open all the other avenues of attack. Well-maintained barricade systems offer resistance to individual attacks, and lots of resistance to automated attacks. Mass organized attacks may work around them.
  4. Chaff. You can spread disinformation, trying to reduce the value of attacking any individual target by flooding the space with fake targets. Chaff is rarely used as a primary defense, but it is frequently part of a campaign of hope or hiding. Chaff usually does not cost much money, but some time is needed to execute various campaigns. A neglected chaff strategy is indistinguishable from hope. Hope has a low cost of entry and a low expectation of success.
  5. Counterattack. Difficult and risky.

© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.