| > | | | | that has been altered in subtle ways (imagine your |
| This article explores computer security, aiming to give | | | | accounts with 10% taken off each figure), a website |
| businesses an insight into why they must be proactive | | | | that is 'owned' by a teenager in another country or an |
| in protecting their systems. There are many aspects to | | | | office full of computers that no longer do the job for |
| security on the Internet and a lot has been made | | | | which they were intended. |
| recently of the security of e-commerce transactions. | | | | Almost worse than losing all your data (because we |
| Whilst many of the security issues that a website | | | | know you keep a regular backup), is having your |
| administrator faces are similar to those that your | | | | system infected with a worm program. In some cases |
| businesses computers are threatened with, this column | | | | this can leave your computer unknowingly sending an |
| will concentrate on how and why you should secure | | | | attack the way of all your contacts. Alternatively, your |
| your internal IT investment. | | | | computer could be under the complete control of a |
| The Internet in its current state is similar to a city with | | | | third-party, who is using your processor, memory and |
| no locks on the doors of its houses, where computers | | | | hard-disk for their own purposes. |
| can be thought of as houses and the networks | | | | What can I do to stop it? |
| making up the Internet, the city streets. Computers as | | | | Just as it is not the councils responsibility to stop |
| they are sold today are inherently insecure, allowing | | | | burglars coming down your street, in the UK there is |
| access to anyone with a bit of curiosity or malicious | | | | very little responsibility on ISPs to prevent attacks. If |
| intent. As businesses come to rely more and more on | | | | your systems are not locked (with firewall software), |
| electronic information (not least e-mail), the potential | | | | alarmed (with an intrusion detection system) and |
| disruption caused by a data burglary, informational | | | | insured (by taking a daily backup) you have no-one to |
| arson attack or digital graffiti has reached a level that | | | | blame but yourself. |
| businesses should not ignore | | | | There are three pieces of software that every |
| The threat | | | | business needs to at least consider. I cannot |
| Any computer on the Internet exposes a series of | | | | over-emphasise the need for an up-to-date virus |
| ports through which information flows. By default these | | | | scanning program. Most reputable products will scan |
| are all open and unlocked. Whilst many of them may | | | | for and remove some Internet worms and some |
| lead to empty rooms or brick walls, an attacker will | | | | Trojan horses; however they will not detect other |
| only need to find one port vulnerable to attack for the | | | | types of attack. For those attacks a good firewall |
| whole system to be compromised. | | | | package is essential. Installing one of these programs is |
| Even if your ports are secure; intruders can get into | | | | akin to fitting locks to your doors and windows. Finally |
| your computer in a Trojan horse. A piece of software | | | | an intrusion detection system (IDS) is similar to an |
| disguised as something useful can contain a malicious | | | | alarm system, warning you of a potential attack. |
| sub-program to install a backdoor into your system. | | | | In my opinion all businesses should have a solid |
| Often these programs claim to give something for | | | | anti-virus policy as well as a good firewall. Whichever |
| free or display small games whilst an attacker has a | | | | solution you choose at the end of the day, you must |
| good nose around | | | | fully understand its capabilities or it will be as effective |
| One of the most worrying developments has been the | | | | as not having anything at all. |
| proliferation of automated attacks. These can be run | | | | Keep an eye on patches |
| from an attacker's computer, scanning hundreds or | | | | Most electronic attacks exploit a mistake in the |
| thousands of computers in a day; or can be the | | | | program code of the software you use. Responsible |
| self-replicating Internet worm. These are a hybrid of | | | | software vendors will issue a 'patch' that resolves |
| virus programs and computer security attacks. In | | | | each issue as soon as it is brought to their attention. |
| worst-case scenarios, they can bring whole segments | | | | You will find that many software companies have |
| of the Internet to a standstill. | | | | e-mail lists that you can subscribe to in order to be |
| Attacks on your information can be carried out for as | | | | notified of new problems and patches. |
| varied reasons as an arsonist burns things, a robber | | | | This patching mechanism makes up the software |
| steals things or kids spray-paint walls. An electronic | | | | industry's response to the hacker community. If you |
| attack could leave you with no data (imagine losing | | | | are applying your patches diligently, the security of |
| your accounts the day before your filing date), data | | | | your computer systems depend on how far ahead |
| that has been altered in subtle ways (imagine your | | | | either side is. It is therefore good practice to have a |
| accounts with 10% taken off each figure), a website | | | | complete security audit of your systems by an |
| that is 'owned' by a teenager in another country or an | | | | external consultant twice a year or more often if you |
| office full of computers that no longer do the job for | | | | rely heavily on your data. |
| which they were intended. | | | | It won't happen to me |
| When we drive a car we are accepting and using a | | | | Your business network is constantly being probed by |
| set of standards that have evolved since the turn of | | | | hackers on the Internet looking for ways into your |
| the century to ensure safety, convenience and fair | | | | data. Most attacks occur without the user even |
| access for all users of the road system. Some of | | | | knowing that a system is compromised. Our systems |
| these standards are globally accepted (for instance a | | | | at FWOSS get probed three or four times a week, so |
| road is made from tarmac and wheels are made from | | | | our firewall is invaluable in ensuring they get no further. |
| rubber) whilst others vary from country to country (for | | | | What can I do in the case of an attack? |
| example if we drive on the left or the right). The | | | | Of course your regular backup provides your ultimate |
| practical upshot of these standards is that a car | | | | safety-net, but as the effects of different electronic |
| designed and built for use in one country can be safely | | | | attacks are so varied there are no hard and fast rules |
| used in another (possibly with a little bit of | | | | to recovery. |
| inconvenience). | | | | It is very much a case of prevention being better than |
| The aftermath | | | | cure; therefore you should think about installing an |
| Attacks on your information can be carried out for as | | | | anti-virus program, firewall and intrusion detection |
| varied reasons as an arsonist burns things, a robber | | | | system. You should keep a daily backup; check if your |
| steals things or kids spray-paint walls. An electronic | | | | systems need patching weekly; and have a security |
| attack could leave you with no data (imagine losing | | | | audit bi-annually or more frequently. |
| your accounts the day before your filing date), data | | | | |