Airport Security

 

Image from Unsplash

At Schiphol Airport, you can happily bring your water bottle through security. In Houston you have to take off your shoes. In Vancouver, you must remove the liquids bag from your hand luggage, and in Honolulu, all your electronics must also be removed from your carry-on bag. Unlike elsewhere, in Tokyo your trolley doesn’t travel through the X-ray in a tray. In Singapore you can go to the faster line with your EU passport, with do-it-yourself passport control. And in Dubai you even have to take off your watch. And the iron smoked sausage - well, that's a special case.

I went on a big trip this summer with my family. That involved going through the hassle of airport checks before reaching our seats a lot. Frankly, I don't know if I've assigned the right rules to the right airports above; only about Schiphol and Singapore I am still sure. The point is that there are quite a few differences. And as a result, as a casual flyer you never know where you stand. What do they want unpacked on the X-ray belt? Can I keep my shoes on? Am I going to forget something on the other side because everything is scattered? And that under the often grumpy looks of security staffers (fortunately there are also exceptions) and the pressure of the travelers behind you, who also want to go through this hell quickly and want to put their shoes back on, suspend their trousers with their belts and want mount their backpack.

How easy would it be if procedures and rules were the same everywhere. If you knew in advance where you stand. I have to show my passport there, they want to inspect the boarding pass there, I don't have to take off my shoes and I don't have to unpack anything. Take off your belt, because a metal buckle sets off the alarm. Such simple rules, which you are already presented with when booking your flight, could improve the flow at many airports and reduce traveler stress. The same also applies to matters that are not related to security, such as exactly how much hand luggage is allowed (right now that differs at least per airline, aircraft type and the class booked), the check-in procedure and the seat allocation: sometimes you choose yourself in advance – which may cost you (dearly) – sometimes you can make adjustments at check-in, sometimes you as a family are apparently deliberately spread over the entire plane (you should have paid for those next-to-each-other seats, you know).

How are we doing in that respect in information security? As a user, do you always know exactly where you stand in advance? Or are you often surprised by other rules? Let me start with myself for convenience. It will not surprise you that I rarely run into unexpected rules. I know the regulations, I have often contributed to them myself. If I don't get what I want, I understand why and I know what to do. But let’s have a look at you now, as an 'ordinary' user (as in: not a security professional). You use several systems. With one you do not have to log in at all, with the next it happens automatically (single sign -on), with yet another system you have to log in with your Windows password and then there are also systems for which you have a separate password. You know how your every day systems work. But if you only use some application or website occasionally, it might seem strange to you when you're asked for your Windows password. Is that okay? Yes, it is, as far as an internal system or an internal application is concerned. Briefly explained: those are connected to the Windows user administration (the so-called Active Directory), which is why they ask for your Windows password. Of course, if an external system asks for your Windows password, that's bad! The tricky thing is that sometimes you don't know whether a system is internal or external. Think of that app that you use for work.

Sometimes you want to go to a website and you are not allowed to go there. Others you can visit freely. There is a system of categories behind it. Our supplier scours the entire internet and puts each website in one or more categories, for example government, education, gambling or pornography. As an organization, you set which categories you want to block. As a normal internet user you will not often encounter blockages; however, for gambling or porn, and a few other categories, you'll need to go elsewhere.

Perhaps there are more situations in which you think: that could be a bit clearer. I'm curious about that.

When scanning my hand luggage at Schiphol, the security guard said: “I have seen something in your luggage that I have never seen before. It looks like an smoked sausage made of iron.” Of course my carry-on had to be opened and the culprit came to light: a phone holder for the dashboard of the rental car. That holder consists of a platform, on which the actual holder is placed with a suction cup. The contraption sits on the dashboard and must of course have sufficient weight not to slide. That's why it has a U-shaped weight, which looked like an iron smoked sausage on the scanner image.

 

And in the big bad world…

• Belarusian hackers have been spying on foreign diplomats for a decade.
• researchers secretly watched over the shoulders of hackers for a hundred hours.
• millions of British voters' data have been hacked.
• the Northern Ireland Police have accidentally put personal data of their entire workforce online.
• most DDoS attacks are nothing.
• James Bond has a new way to spy on you.
• facial recognition works better in TV shows than in real life.