A serialized private portal is a unique operating environment that can be identified when it is in use. The methodology overcomes many inherent cybersecurity weaknesses including:
- Browsers – performing secure and public activity the exact same way is an easy exploitation. Browsers are content-mining applications and there is no reason to believe that content-mining has stopped when secure activity is being performed.
- Website portals – A secure environment, inherently, has a known user group. If all users are known, exposing the access portal to anyone other than these users is a security failure
- Data-Only Authentication – In addition to data credentials the serialized operating environment can independently prove the presence of the portal device, a second non-data factor.
- Cached data on a local device – Anything on an Internet-connected device cannot be considered secure including stored data, installed software or the device itself.
A serialized personal portal cannot be Internet-connected device dependent, Internet devices are compromised during manufacturing. Further, it cannot use installed software, the installed software can be discovered and compromised. It must not leave any residual data on a device for this exact same reason. Simply put, nothing on a potentially compromised device can be considered trustworthy.
An Occam’s razor approach to identify cybersecurity weaknesses leads to the same conclusion every time. In a binary environment, the default choice provided one path for cybersecurity. Every decision is binary.
The decision until the cybersecurity weakness arrives:
Provide digital access
Yes
Place portal on public website
Yes
Use Data-Only Authentication
Yes
Permit guessing identity
No
Guessing is the only option with public access
No
Deploy a Serialized Personal Portal to known users
Yes
Verify portal device presence before executing a command
No
Continue using an Informed Guess for Identification
No
Internet access would not be available
An Occam’s razor approach has identified the first mistake at the decision right after granting digital access to a secure service…cybersecurity could not go wrong any faster!
If something is secure, EVERY user is known. Therefore, granting public access compromises security. There is no need to look further for the starting point of failed cybersecurity. Granting access to anyone beyond known users fails basic security concepts and protocols. But after the mistake of granting unknown entities access to an alleged secure portal, things really went off the rail.
All knowledge and every standard that required more than data for authentication has not only been ignored but was repeatedly rejected because it was inconvenient. Seat belts are also inconvenient, yet the use of this security has saved lives and has been mandated. Using a device to prove presence exponentially increases security. If the choice is secure or convenient, which is more important. Today convenience rules.
The failure to prioritize the most basic security protocols that have been known, recommended and placed in standards is astounding. The drive to mitigate this failure has cost more than eliminating the problem in the first place. 600 billion dollars in cybercrime losses in 2017 alone.
The one single consistent weakness in cybersecurity is clearly the guess that is required by Indirect Assertion of Identity. In a binary environment, there are only two choices. Guessing is not the correct choice.
More information about how to create a Serialized Personal Portal to provide Direct Assertion of Identity is described in “Physical Presence Technology – A Complete Explanation”.
The question every data owner and every cybersecurity practitioner needs to ask is:
Should a secure action be based on an informed guess? If not, there is only one valid solution…STOP GUESSING IDENTITY!
Article by channel:
Everything you need to know about Digital Transformation
The best articles, news and events direct to your inbox
Read more articles tagged: Cyber Security, Featured