Computers are at a constant risk of compromise from all angles of operation. Some types are more prone to attack than others. The main focus of an attack is to affect as many machines as possible with very little effort. This fact is the main reason why Microsoft Windows is the number one target, it has the largest install base in use. A few simple and easy measures can be taken to place a strong resolve against compromise Maintain the knowledge that you may have a secure computer with the best policies, the strongest passwords, and tightest firewall, NOTHING IS HACK-PROOF. If the attacker wants to get in bad enough, they will figure a way. This is not to say forget it, I can never be safe on the web, but to make yourself a poor target for hackers. To ensure the best security for your system; do not attach it to the Internet, be the only person who uses it, forget Windows or Mac OS, write your own programs. That design is far from practical, modern business necessitates global communication for that competitive edge. We must use the global Internet, and communicate by E-Mail, and visit sites that have the potential to corrupt our data. Computer security is a proactive way to manage your computer operations in a way to yield the smallest possible profile for compromise
|
"To be prepared for war is one of the most effective means of preserving the peace" - George Washington |
In short be ready for compromise, and know what kind of attacks are possible. Know where they can come from, and how these threats can impact your operations. Know your enemy...
Virus: A computer program designed to replicate itself to other parts of your computer. Some results being performance degradation, other results can include data corruption and even system failure. Viruses can be spread by E-Mail, file attachments, home-burned CD/DVD-ROMs, and downloaded files.
Worm: Another type of computer program that is geared more towards theft of information, rather than destruction. The quieter the worm operates, the smaller the chance it could get discovered. Worms use computer networks as the vehicle to infect large amounts of systems simultaneously. Worms play a significant role in identity theft.
Trojan Horse: Provide the target host with a logical "fake-out". The program imitates the look and performance of a legitimate program, whilst doing another job all together. This may involve erasing your hard disk, or stealing your information out of Microsoft Wallet to some FTP site in Russia. Non-de script and sublime are how worms operate.
Phishing: Not to be confused with the past time of Neo-hippie concert-going. Phishing is an online solicitation of a user to submit personal information through an act of narrative trickery. As Flavor-Flav put it, "Don't believe the Hype". Chances are if you receive an email from someone in Nigeria offering you a cut of half a millions dollars, it's a scam right along with online bridge sales.
Social Engineering: The act of directly engaging the target user into disclosing sensitive data through formality, or direct pursuit. A classic example was to call the target user while acting as a member of the IT department. Claim you are the new network administrator, and ask for the password, so you can do some work on their machine. It was surprising how well that used to work. Better yet, ask a user for their credentials over an instant messaging session. There is a reason AOL will never ask you for your password.
Un secure Behavior: Often users provide the nails for their own security coffin. Actions such as keeping poor passwords, keeping old passwords, keeping passwords in places that are easily found, or determined. These risks are why IT departments and software developers use tools such as "Lock the desktop", and "Control-Alt-Delete to Login" to force compliance to secure computing standards.
Spy-ware This threat is not necessarily a destructive operator. Spy-ware is a short term program used to collect information about the target computer and it's user. Many operating systems are configured so that the initial user account is also the systems administrator. As a result, the spying utility can execute tasks in the security context of the logged in user. Spy-ware is primarily designed to attack computers that use Microsoft Windows.
What you can do to prevent comprimise...
Summer is once again upon us and the University. To all of the faculty and staff travelling abroad with their laptops, please take precaution on securing your property and your data. Laptops are designed to be portable, but they are not indestructable. The portability factor lends the laptop prone to easy theft. Most of the time users often do not take the proper measures to backup their data. Passwords are not a dead-lock against foiling any potential thief from obtaining your data once he/she has stolen your laptop. PC or Mac, it is very easy to unlock a user or administrator password. What you can do...
Wireless computer networks are the future of digital technology in American homes. With the advent of affordable broadband internet acces, the public has made their data access requirements public and more open. The network model that wireless follows is not much different from a radio station. To connect, one needs to know the frequency and be close enough. Wireless network architecture embodies it's biggest security flaw, open-access. To provide security, the designing engineers included a security protocol called "WEP" (Wired Equivalent Privacy). WEP's security flaws were discovered quickly by hackers and other online miscreants. Since WEP was compatible with all operating systems, it quickly became the de-facto way of securing wireless networks. WEP is a BAD way to secure any wireless network. Any recent wireless networking device comes with another security protocol called "WPA" (Wi-fi Protected Access).
DO NOT set up your wireless network with WEP, use WPA in a combination with a MAC address filter.
Keep your computer updated: Whether you are using Microsoft Windows or Mac OS, or even Linux, all of these platforms have utilities designed to keep themselves current.
Older versions of Microsoft Windows: Windows 9x, NT, and 2000 are considered legacy versions of the Windows platform. 9x (95, 98, & ME) are no longer supported by Microsoft. Any support request for these products will result in a suggestion to upgrade to XP or Vista. DO NOT use Windows 9x or NT4 on the public Internet. Windows 2000 is now in "extended support" from Microsoft. That basically means any support for Windows 2000 will come from a paid, case by case basis. Microsoft is no longer develping for Windows 2000 and does not seek to improve the security posture of the operating system. Microsoft ignored many security vulerabilities on Windows XP, the predecessor does not stand much of a chance for improvement either. As much as I love Windows 2000, it would be best to move client computers to Windows XP.
How to set up Automatic updates?
Windows XP Family (October, 2001): Microsoft Windows XP came with automatic updates enabled for automatic download and prompt the user to install. This was further supplemented by Window Update 3.1 with allowed the user to update Windows and continue to work on their original tasks at the same time. The latest revision of the Microsoft updating scheme is called "Microsoft Update", which is not included with any operating system, but available as a free download from Microsoft's web-site.
Windows Vista Family (January, 2007): Microsoft's latest client operating system has received luke-warm reception, at best, with the buying public and the tech crowd. Six different versions, hardware/software incompatibilities and high prices have caused more than just sticker shock. Vista is tauted to be the most secure version of Windows to date, as was 2000 and XP. The case is that Windows Vista brings numerous security enhancements to the table, but the overall security posture does not rest on just those new things. Vista still needs constant Windows updates, anti-virus software, and care when used online. The 'User Account Control' (UAC) helps Vista users operate the computer with a focus on enhnaced security.
Apple Macintosh Operating Systems (Mac OS): Apple's platform does not enjoy the install base that Microsoft Windows currnetly has on the computer market. This has yielded a small benenfit of a low profile for attack. Macs are not known for running enterprise-level, mission-critical applications, and are seldom seen as worthwhile targets. This does not mean Macs are above reproach, just slightly less prone to common attacks. Apple has their own version of Microsoft's "Windows Update" for Mac OS X, called "Software Update".
It is not only important to keep your computer's operating system updated, but the software it runs. Applications like office suites, java consoles, and the MS-DOS command prompt have yielded a treasure trove of opportunity to unscrupulous individuals. Chances are that an application will cause itself to update at the most in-opportune time. Trust me, there is nothing more inconvenient than having to restore your system from complete failure. Microsoft Office is the predominant productivity suite in use today. The capabilities that the programmers in Redmond Washington have given to these applications are endless. Microsoft office is available for all Windows and Macintosh computers.
Microsoft Office is not the only choice in productivity suites. There are numerous alternatives to the popular but, expensive suite of applications. Sun Microsystems has their "Star Office", the Linux folks have a suite called "OpenOffice.org". No matter what you choose to use for an office suite, the fact is that they all must be kept up to date with periodic updates.
Use Anti-virus Software: The Internet today is the largest communication portal in history. Countless of individuals use it's resources for business, research, most often for purposes that are unscrupulous. Viruses are computer programs written to perform a task just like any other program. These devices are designed to exploit know weaknesses and vulnerabilities in the systems we use everyday. In short, if you cannot place Anti-virus software on the computer, DO NOT attach it to the internet. This principle is as basic and steadfast as bringing a parachute when skydiving.
Most store bought computers will come with some kind of anti-virus software in the form of a free trial for a specific period of time. Just after you get used to the protection the software provides, you are asked to pay for it. Not only is it important to have anti-virus software, but you must update it very frequently. An Anti-virus program is only as good as what it knows, these are known as it's virus definitions. Anti-virus software manufacturers periodically release definitions almost daily to keep their products up to date against the latest threats. Every program contains measures to update the virus definitions at a regular interval.
Just like any item that is in public demand, Anti-virus software manufacturers place a decent cost on their product. That cost is not usually a one time fee, but an initial cost followed by a subscription fee. This fee allows the user to continue to receive new Anti-virus definitions on a regular basis. This is not the software to be tight in the check book. Compared with the cost in time, and money recovering lost data, the fifty dollars you spend here could pay dividens numerous times over.
The University provides on/off campus users with antivirus software from Norton. All users employed and enrolled at the University are allowed to use this software for the duration of their association. Norton Antivirus can be obatined in one of two ways. Either from the PennConnect CD or from the University computing web-site.
Firewall Your Computer: A firewall on your computer plays the same role that a castle's walls did in the Middle Ages. Computer-based firewalls are software components that filter incoming/outgoing transmissions. Microsoft Windows XP and Apple Mac OS X operating systems all come with built-in firewalls. The main point to broach is with the remaining Windows 2000 computers. As great as Windows 2000 Professional is, it lacks any for of built-in firewall.
Windows 2000 was designed by Microsoft for business users and corporations. The intended place of use was on a business/corporate network. These networks are implemented with a layer of hardware level security in the form of some "black box" device. As a result of this design aspect, Microsoft did not include any kind of self-defending capability.
The best security solution for Windows 2000 is to upgrade the operating systems to Windows XP Professional. If this cannot be done, then all measures to protect Windows must be taken. The first measure is to install a third party firewall product. "Zone Alarm" by zonelabs.com makes a great free firewall utility. Another product is "Kerio Personal Firewall", available at kerio.com.
SPAM: The modern blight on Internet communication. SPAM is a tool used to solicit web connections from a massive amount of addresses on the public Internet. The reasons for these irratating and sometimes offensive messages are usually financial in nature. Spammers often receive a small dividend from any live address their mass-mailing programs produce. SPAM is not one hundred percent preventable, but measures can be taken to reduce the amount you find in your inbox.
What you can do:
Computer Security-related websites:
This page was last edited on October 3, 2007