| Friday's edition of The New York Times newspaper | | | | the server to direct attack. By controlling what has |
| announced the discovery by a team of scientists from | | | | access, you can eliminate most problems. |
| Princeton University that Dynamic Random Access | | | | If something sneaks past your firewall, you need an |
| Memory (DRAM) chips could be made to retain their | | | | intrusion detection system (IDS). There are different |
| data for an extended period of time after being | | | | approaches for making IDS work on a network. The |
| powered down if the chips are cooled. In the | | | | most typical method is based on signature matching. |
| experiments, the RAM chips were cooled using an | | | | Every internet threat has a signature which can be |
| inexpensive can of compressed air, and scientists | | | | thought of as early warning symptoms. An IDS |
| were still able to extract information from the chips, | | | | system constantly monitors your network looking for |
| including the complex encryption keys used to decode | | | | these early warning signs, then alerts you when it |
| files. | | | | discovers a problem. |
| By cooling the chips, the data is literally frozen in place. | | | | Finally, install anti-virus software on every machine and |
| Then it was just a matter of reading the strings of | | | | you have a solid IT security foundation. If you still need |
| zeros and ones that make up the information stored | | | | to have the virtues of anti-virus software explained to |
| on the chip. From the billions of bits of data, the | | | | you then you are still relatively new to the internet. |
| scientists were able to identify and extract their private | | | | Anti-virus is mandatory now. To further expand your |
| encryption keys. This new discovery has industry | | | | defenses, you need to spend time and resources |
| experts clamoring over this wide loophole in computer | | | | educating your staff in proper internet behaviors that |
| security. However, when you think about it, this issue is | | | | will reduce risks. This includes not opening email |
| only related to IT security in the sense that a computer | | | | attachments from unknown senders to avoiding many |
| chip is involved. In fact, this is primarily a physical | | | | adult-oriented websites. |
| security issue. If the would-be thief cannot access the | | | | But all of these practices only protect against virtual |
| physical computer chip, there is no threat. | | | | threats. A physical security system still needs to be put |
| The most successful way to protect anything is with a | | | | in place to protect the physical equipment. I have seen |
| layered security approach. No one method will solve all | | | | companies that spend a fortune on virtual security but |
| problems, so you adopt multiple methods to deal with | | | | then leave the door to the server room unlocked. Strict |
| different weaknesses. First and foremost, let us all | | | | guidelines need to be in place for who gets access to |
| agree that the only 100% secure computer is one that | | | | the equipment that runs your business. |
| is disconnected from everything and is turned off. | | | | I am not downplaying the brilliant discoveries of the |
| Granted, that is not a very useful computer. | | | | Princeton University team. What I am arguing is that |
| The architecture of a layered security for your | | | | this is not an IT security issue, but a physical security |
| computers starts with a solid, reliable and reputable | | | | issue. If the would be thief cannot get the RAM chips, |
| firewall. A firewall restricts access to certain types of | | | | then there is no chance of them stealing the |
| network traffic. A hardware firewall sits on your | | | | information off the chip. If you can control access to |
| network right at the point of internet entry and the | | | | the equipment then you limit the threat. So, start adding |
| software firewalls protect all the network computers. I | | | | layers to your security. The more layers of protection |
| do not recommend a software firewall on a server as | | | | you can throw between your data and a thief the |
| your primary means of defense because you open | | | | greater likelihood you will stay safe and secure. |