I did some work for the Pakistani government regarding web hosting, and it was imperative to them that communications be secure. my current employer asked me to write a little note about the integrity of internet based communications.. here is what i have so far
whenever i discuss private information with my contacts with the pakistani government, we prefer to chat via text messaging to keep a log of our conversations. however, we authenticate ourselves before each session by calling each other and exchanging a verbal key. we then use an encrypted tunnel to exchange our text messages, which preserves the privacy of our discussion.. Once an instant messaging based communication is ended, we call each other again and validate that the text based discussion has ended and that we will then validate the records of the discussion. the logs we maintain are exchanged via email through the same secured and encrypted tunnel to compare for inconsistencies. Once compared, another phone call is then placed to validate that their is no inconsistencies in the digital exchange. This process of authenticating our identities, privatizing our exchanges, and validating what was exchanged allows us to securely pass important information with utmost integrity.
I've learned, especially with my studies for my Security+ certification, that any exchange via the internet that does not follow these procedures cannot be trusted. It is incredibly easy to "spoof" accounts and identities via the internet that anybody would be a fool to trust anything they receive that does not follow these or similar rules. (such as email with encrypted certificates and has Being that the process of securing the conversation at the level I have outlined is impractical for everyday usage (like myspace, aol im) I have learned to give people I talk to the benefit of the doubt regarding the integrity of the messages I receive. By giving others (that may very well be honest communicators) the benefit of the doubt but keeping aware of the risk of corrupted communications, I can have fun talking to people without being so paranoid that I turn people away.
However, I always keep in the back of my mind the idea that messages I receive could be falsified and messages I send may be intercepted, read and discarded by unintended recipients before the intended recipient may recieve the message. Considering that I am already incredibly paranoid about communications over the internet, I am usually very discouraged by the integrity of a perceived identity when someone is not willing to authenticate themselves over a medium outside of the scope of internet based text exchanges. (such as phone calls, web cams, or face to face meetings). It is simply not responsible to maintain any trusted relationship with an identity that persists as unnauthenticated because the risk of the communications channel being corrupted is too great. Once a communication has reached a certain threshold (which is decided on a case by case basis) and the other party continues to refuse to authenticate to a level of my approval, I will shift the content of the communication to a state that is undesirable by the recipient as to stress the need for authentication or halt further communications. Once an indentity is authenticated, I will resume normal, stable, and worthwhile communications as originally intended.
whenever i discuss private information with my contacts with the pakistani government, we prefer to chat via text messaging to keep a log of our conversations. however, we authenticate ourselves before each session by calling each other and exchanging a verbal key. we then use an encrypted tunnel to exchange our text messages, which preserves the privacy of our discussion.. Once an instant messaging based communication is ended, we call each other again and validate that the text based discussion has ended and that we will then validate the records of the discussion. the logs we maintain are exchanged via email through the same secured and encrypted tunnel to compare for inconsistencies. Once compared, another phone call is then placed to validate that their is no inconsistencies in the digital exchange. This process of authenticating our identities, privatizing our exchanges, and validating what was exchanged allows us to securely pass important information with utmost integrity.
I've learned, especially with my studies for my Security+ certification, that any exchange via the internet that does not follow these procedures cannot be trusted. It is incredibly easy to "spoof" accounts and identities via the internet that anybody would be a fool to trust anything they receive that does not follow these or similar rules. (such as email with encrypted certificates and has Being that the process of securing the conversation at the level I have outlined is impractical for everyday usage (like myspace, aol im) I have learned to give people I talk to the benefit of the doubt regarding the integrity of the messages I receive. By giving others (that may very well be honest communicators) the benefit of the doubt but keeping aware of the risk of corrupted communications, I can have fun talking to people without being so paranoid that I turn people away.
However, I always keep in the back of my mind the idea that messages I receive could be falsified and messages I send may be intercepted, read and discarded by unintended recipients before the intended recipient may recieve the message. Considering that I am already incredibly paranoid about communications over the internet, I am usually very discouraged by the integrity of a perceived identity when someone is not willing to authenticate themselves over a medium outside of the scope of internet based text exchanges. (such as phone calls, web cams, or face to face meetings). It is simply not responsible to maintain any trusted relationship with an identity that persists as unnauthenticated because the risk of the communications channel being corrupted is too great. Once a communication has reached a certain threshold (which is decided on a case by case basis) and the other party continues to refuse to authenticate to a level of my approval, I will shift the content of the communication to a state that is undesirable by the recipient as to stress the need for authentication or halt further communications. Once an indentity is authenticated, I will resume normal, stable, and worthwhile communications as originally intended.
