Cougar Mountain Software Support Productivity Tools
cms2SC DataSecurity
 For Cougar Mountain Software Support's
Professional Version (V2012, V2011, V2010, V2009, V12-V7)

Data security

The primary threat to data security is illegal computer hackers. Studies show that the largest percentage of hackers are young men motivated by status with other hackers, malicious intent or the excitement of a challenging game. There have also been even more harmful cases of corporate spying and embezzlement of funds.

Accounts on both multiuser machines and micro computers can be protected by passwords. Passwords can be very effective or not effective at all. Insecure password include ones that are easily guessed, never changed, shared or written down somewhere. Some systems, particularly UNIX, have password files which are encrypted but readable by all users. Hackers have developed automated programs, such as "crack", to break the passwords in these files by raw brute force, trial & error techniques. Since it could take months to crack well chosen passwords, some systems use a password aging system that requires all users to set new passwords periodically. There are also programs to prevent users from setting easily guessed passwords such as words in the dictionary, common names or permutations on the account name.

Systems holding data belonging to multiple users, such as UNIX or Windows NT, set an owner for each file and permissions defining who is allowed to read or write to it. Many hacker attacks are centered around finding flaws in the file permission system. There are ways to set default permissions and ways to control how much individual users can control their own file permissions.

Since most security attacks are now initiated from a remote location via the network, many organizations now separate their internal networks from the internet with a firewall. A firewall is a piece of software running on a dedicated machine with two network boards. The software can filter which network traffic is allowed to pass between the internal and external networks. This is a very effective security measure, but there is an unfortunate tendency for organizations to make the firewall their only security measure making any breach of security across the firewall a breach for every machine in the whole organization. An even higher level of security can be achieved by not having any connection between the internal network and the internet or not even having an internal network.

Data encryption provides a second layer of security. Once someone gains access to data, that data is useless if it has been scrambled by an encryption program which requires a second password to unscramble it. Passwords themselves should always be stored in an encrypted form. Today's encryption systems are similar to military code systems but not as sophisticated as the systems used by the armed forces. Almost all encrypted data can be unencrypted without the password by the use of a very large amount of time on very powerful computers. Security is provided by making the encryption complex enough that no one would be likely to have enough computer power to break say a message about the merger next month in less than six months, at which time the message is no longer valuable.

There must always be someone able to fix a computer system by using a second password protected account called "system", "administrator", "root" or "super-user" which bypasses the file permission system. One of the most serious security attacks is one which gains the password to this account. As well as particularly stringent security for this account, the encryption systems mentioned above ensure that there is a second layer of protection against this type of attack. This also provides for a segmented internal security system, if such is necessary.

Email is particularly insecure. Mail messages are simple ascii files that travel across the network where no password is necessary to get to them. Email is easily forged and can be altered. Of course, no one would have any particular reason for tampering with many personal messages, but people conducting sensitive business transactions over email would be wise to use some sort of email encryption system, such as PGP. These systems have several functions including encrypting the message itself, verifying who sent the message and verifying that it was not tampered with.

Audit trails are a means for the system administrators to find out if security has been breached and how much damage was done. Audit trails are records made by various pieces of software to log who logged into a system, from where and what files were accessed.

 

 
Tips & Tricks
 
1.
Be wary of files that you execute as they may contain a malicious application. This method of infection is commonly used by hackers.
2.
Disable file/printer sharing whilst not in use as this may provide an opening for hackers to gain entry to your PC.
3.
If in use, secure your File/Printer sharing with permission accounts and passwords to make unlawful entry more difficult.  
4.
Do not run unnecessary applications that require an internet/network connection. Leaving them running in the background is like leaving your front door open.
5. Get a Firewall. Firewalls are a useful tool for blocking attacks and preventing illegal entry into your PC as they monitor and inform what comes and goes from your computer.

 

 












 

 

free site statistics