Security

A long word about security….

security


The revolutionary Elastos Smart Web Scheme is the most secure idea currently known to prevent not only unauthorised access to data but also denial of service attacks.

Reference to the Elastos Whitepaper will introduce anyone curious to the new ways Elastos has to offer for security assurance.

Fraud:

There remains, however a threat which plagues Enterprises. It is the internal threat posed by Fraud. The criminal actions of a person or people otherwise authorised to use an ordering and financial system may be detected and virtually eliminated by imposing certain restrictions, checks and balances in a system. Thus organisations use Internal Auditing to verify transactions, in particular their appropriateness and authenticity. However it has still been the domain of certain Technical Employees and System Administrators to have access to the entire database (Superusers). The use of Block Chains, an idea originating with Bitcoin, the “crypto-currency”, removes the possibility of anyone at all editing the database of transactions on the “Blocks”. Thus a financial transaction journal (for example) running on a BlockChain is completely immutable. You have to perform any corrections via the normal (internally and externally auditable) accounting processes.

IT Cloud Solutions Australia also employs other standard methods such as ensuring separation of Order and Requisitions functions from Accounts Payable functions, as well as other safeguards against internal fraud.
~

Bulk Data Storage:

In general, Off-Device Data Storage itself and Cloud Operations, in combination with Device-Based Blockchains, are neither particularly restrictive in terms of (authorised) accessibility, nor expensive. It is, in fact, very safe and secure when done properly. The unique “hash” signature of each data file (eg Documents, Images, Audio, Video) stored on the Cloud – Amazon S3 storage – is recorded (together with the main auditable data) on the Blockchain (Sidechain) and compared to the hash whenever retrieved to check for tampering.
“One of the keys to Computer Security is to assume that every connecting device is potentially hostile to your server.”

Therefore we remain vigilant but confident.

Our standard meets or exceeds ISO 27001 and ISO 27002 (Information Security Management Systems, including Best Practice Recommendations).

Thanks to:

Elastos Foundation, (since 2008)

the Unix Operating System (since it began to escape from AT&T’s Bell Laboratories in the early 1970’s)

and the Open Software Foundation (1984 – 1996), whose members helped set it free

unix

the Free Software Foundation (since 1985)

and of course Linus Torvalds,

who originally licensed and studied an educational version of the Unix Operating System for PC’s (or “microcomputers”) called “Minix” from Andrew S Tanenbaum in the form of a book with included source code – on Floppy Disks – (published by Prentice Hall) for $US69, based on the 1980’s series IBM/Intel-XT Personal Computer Architecture. (Unix was written originally for Minicomputers and Mainframes in networked multi-user environments). On January 5, 1991 he purchased an Intel 80386-based (“80386” CPU or processor) IBM PC XT/AT “clone” computer before obtaining his MINIX copy, which in turn enabled him to begin work on Linux. He commenced work on Linux in mid-March, 1991 (see below “Tanenbaum” link).

MINIX:

Relationship with Linux

Linus

Early influence “…The design principles Tanenbaum applied to MINIX greatly influenced the design decisions Linus Torvalds applied in the creation of the Linux kernel…. Torvalds used and appreciated MINIX, but his design deviated from the MINIX architecture in significant ways, most notably by employing a monolithic kernel instead of a microkernel. This was disapproved of by Tanenbaum in the Tanenbaum–Torvalds debate. Tanenbaum explained again his rationale for using a microkernel in May 2006…”

[Nevertheless Tanenbaum (see the above link) admits that the demand for performance from users of Linux outweighed the capacity of a microkernel system and militated in favour of developing a monolithic kernel, for practical reasons. The reasons for Tanenbaum’s preference for a “microkernel” lie in its security advantages. -Ed.]

“..Early Linux kernel development was done on a MINIX host system, which led to early Linux inheriting various features from MINIX, such as the MINIX file system.

Samizdat claims In May 2004, Kenneth Brown of the Alexis de Tocqueville Institution made the accusation that major parts of the Linux kernel had been copied from the MINIX codebase, in a book called Samizdat. These accusations were rebutted universally—most prominently by Andrew Tanenbaum himself, who strongly criticised Kenneth Brown and published a long rebuttal on his own personal Web site, also pointing out that Brown was funded by Microsoft.

Licensing
At the time of its original development, the license for MINIX was considered to be rather liberal. Its licensing fee was very small ($69) compared to those of other operating systems. Although Tanenbaum wished for MINIX to be as accessible as possible to students, his publisher was not prepared to offer material (such as the source code) that could be copied freely, so a restrictive license requiring a nominal fee (included in the price of Tanenbaum’s book) was applied as a compromise. This prevented the use of MINIX as the basis for a freely distributed software system.

When free and open-source Unix-like operating systems such as Linux and 386BSD (386BSD is an ancestor of Apple’s MacOSX -Ed.) became available in the early 1990s, many volunteer software developers abandoned MINIX in favor of these. In April 2000, MINIX became free/open source software under a permissive free software license, but by this time other operating systems had surpassed its capabilities, and it remained primarily an operating system for students and hobbyists….” Wikipedia (see “MINIX” link above). the Unix/Linux open-source ecosystem (since 1991), all contributors, under the various open source based licences, past and present.

linux

and our own Risk Management Practices

@IT CloudSolutions