2016-08-22

Are Closed Systems the Answer?

bug caution
So in the latest spate of malware exploits, the Starwood, Marriott and Hyatt hotels have been hit compromising customer card data.

I keep wondering how an external payload seeps into a corporate server and can only surmise that intermingling of the private network with the public domain lay at the crux of the issue.

If you have a system which can neither write to nor be written to from the internet ... it would follow in my mind at least that the propensity for malware and virus payloads would become seriously diminished.

The write processes from web forms and cgi scripting could then be sanitized from an intermediate server within exploit detection matrices prior to making it to the closed system without impeding ecommerce transactions beyond a minimal few additional seconds.

This would leave an internal exploit as the culprit and pare down the forensics to a fairtheewell.

Now then, why aren't the two segments segregated more adequately in an attempt to keep people out of point of sale and registration data in the first place ?

We don't seem to be learning from past mistakes.