Hi there dog boy. You have it badly wrong when you tot up the number of web references to a person and correlate it with their level of IT knowledge. Some of the people who taught me things about IT security have no web profile at all. In fact some are so obscure I doubt if I could find them again myself unless I "needed" to.
It is possible to secure an IT system beyond the possibility of compromise. No-one, not even the American CIA, can afford the time, money and inconvenience to do that however. Remember "beyond the possibility" is a very big ask. When the possibility of kidnapping someone with access, along with their entire family is greater than zero, I'm sure you can see a "possibility" presenting itself. The North Koreans are alleged to have done this on occbuttion.
Now I can't stand on my record as Mark claims to. One of my systems was hacked, and in a very spectacular fashion. The perpetrators got past the (very basic, against my advice) gateway security and vandalised the system. Unfortunately for them they didn't notice my surveillance system and I met most of them in person in the ACT Magistrates Court. They were all convicted. Defence in depth. I can recommend it highly.
In many of my roles I am pushing sh*t uphill with a paddle pop stick trying to get people to take security seriously. I guess when the first one gets convicted of kiddie love and loses job, house and car they may all snap to. It will happen one day. Just a matter of time.
Real security is such a pain in the arse almost no-one does it. The trick is to have as much security as your people and processes can stand. Any more and they simply ignore the rules. Then you have none.
For real security on a network you are talking extremely low power transmission on a fibre optic running in continuous clear conduit so it is visible from end to end. Then you TDR the run at random times just to make sure nothing disturbs the fibre. Of course full hardware link encryption is maintained as well. Individual files have their own file level encryption too. And there are biometrics for building, room and workststion access. But you are talking serious money to maintain that level of security, because it doesn't just include software and hardware. The major expense is the maintenance of security on the people who use and maintain it. You have to watch them and protect them. Almost no secrets are worth that cost. Only one organisation in Oz that I know of goes to this trouble.
Back to your suburban doctor and his small network. Likely as not he will employ a local computer shop to maintain it. Who are they? Are they trustworthy? Do they have a relationship with anyone who's confidential records are on file? For that matter, who cleans the building? Who waters the plants? People major in the IT and communications aspects of security but often fail to see the more obvious, and much more likely threats.
Thats enough for now. I'm a fanatic and I dribble on endlessly on this topic. Suffice to say, sensible security makes your IT system safer than your paper system.
DM personal opinion only
