Originally Posted By: chaosmagnet
Originally Posted By: chickenlittle
Why would you connect a sensitive computer system to the public internet?
If I was worried about securing it I would simply cut all outside connections.


Once upon a time DOD had itself a very nice secure network, which they got all infected to hell and gone by connecting it to the Internet. It seems that this is a lesson that people have to learn the hard way.

Keeping something disconnected doesn't completely eliminate the possibility of malware infection, unless you fill the network and USB ports with epoxy and post an armed guard to keep people from digging the epoxy out. Frequently, when sensitive systems are compromised, it's via an authorized channel, such as a software update that was infected with malware.


We were taught in the military that the closest you could get to a "safe" computer in the real world was to have it turned off 24/7, unplugged from everything, and sealed in a locked room under armed guard. And even then it wasn't totally safe.

You can take the most secure computer the military has, in the most secure room possible, with no internet connection to it... and then let a 18-year-old E-1 walk in with a video game he wants to load onto it and it all goes to crap right then. Seen it firsthand more times than I could count.