Computing: Security Primer
Almost everybody is now aware that there is wave after wave of attacks on their computer systems. For most users the greatest threat is simply viruses arriving via email, but there are many other “attack vectors”. Increasingly the security, information technology and law enforcement communities believe that organised crime is behind some attacks. No longer are hacking attacks simply the domain of the teen “script kiddy” in his parents' basement. There is real money at stake (in other words: your money!).
The larger and more famous your organisation is, the more attacks you are likely to suffer. Microsoft fends off hundreds or thousands of attacks a day. But all users need to keep their computer systems safe. A small company which is infected by a virus and in turn infects all their clients will find it very difficult to re-establish their credibility even if there is no lasting damage. An attack which leaves data damaged could take months or years to recover from.
While securing a computer system can be highly complex, with many factors involved, and whereas security is a never-ending process, fortunately a small number of basic principles will save the average business a lot of trouble. They are:
Anti-Virus and Spyware Protection
The need to install and maintain an anti-virus program can't be overstated. Many antivirus vendors are now releasing updated virus signature databases daily, or hourly when there's a major outbreak.
An increasing threat is so-called Spyware. Some antivirus products detect and remove it (such as McAfee Managed VirusScan), but dedicated Spyware removers (such as Malwarebytes) are usually required. Like anti-virus products, anti-spyware products require frequent updates.
Patches (Software Updates)
The greatest risk to the average user is from virus and other malcode (malicious code) which are able to enter your system via a fault in a piece of software. Why is this the greatest risk? Because you could be innocently surfing the web or reading email and in the background all sorts of crazy things are going on; made possible because the software you are using has faults which give rise to security holes.
Microsoft's Windows operating system is most famous for this, but it is by no means unique and virtually every piece of software you have ever used or are likely to use will contain a fault which allows something to happen which should not be allowed to happen. Sometimes the faults may be benign or hard to exploit, and sometimes they are dangerous and easy to exploit. But a fault is a fault, and in some cases, even anti-virus software can't (initially) stop a virus if it can exploit a severe software fault. (This is because anti-virus software assumes that software works a certain way. If there is a fault, by definition it is not behaving as expected.)
Famous viruses/worms such as Blaster, CodeRed, Nimda, BadTrans and SQL Slammer all exploited faults in software which either enabled the virus to run totally unattended or made it easier for the virus to run. Viruses are using more and more vulnerabilities to enter systems (for example, W32/Gaobot.worm can exploit 10 different software vulnerabilities according to CA). If one attack vector does not work, it will use another, and another and so on. Installing the updated software significantly impedes their progress or stops the attacks from working altogether.
So how do you know what software to install to fix your system of faults? In the case of Windows, you can simply visit http://windowsupdate.microsoft.com and it will identify the updates you need. Specific information about each piece of software you are using is much harder to obtain. But broadly speaking, you need to ensure you are using the latest version, and/or have the latest patches installed.
A complication is that simply because you have all the available patches does not mean you have all faults fixed. For example, updates are no longer published for older software such as Windows 95 and Office 97. Windows 98 and Windows NT 4.0 will soon or have already followed suit. Whereas in the past it may have been possible to keep using an old piece of software because “it did the job”, these days upgrading to get the latest security technology is very important.
There is also something to be said for the fact that by far the greatest quantum of problems have arisen on newer operating systems, in particular Windows 2000 and Windows XP. Users still with, say, Windows 95 and Internet Explorer 4.0 are almost invulnerable from the attacks that target the later versions. So simply installing the latest version is not a panacea and in practical terms is much worse unless you take the appropriate steps (such as installing patches and service packs). But the fact remains that later versions are more secure in design and updates are published to fix faults which are not published for older versions. Is it possible to simply wait until an operating system appears that is 100% secure? Perhaps, but it might mean that you need to keep using Windows 95 until Windows 2010 comes out — not a very practical solution. So the answer is generally to keep your systems rolling forward: sticking with older versions is not a good principle.
See What is a Firewall?.
Worms such as Blaster, CodeRed and SQL Slammer were only successful because they were able to directly send certain types of data to unpatched systems. Any system with a firewall would not have been fallen victim to these worms, even if the system was otherwise vulnerable through a lack of patches or passwords.
Use quality passwords. See Choosing A Password.
Always use different passwords for different services. Virtually everything has a password: your network login, email, online/telephone banking, Ebay, online shopping; the list is almost endless. The temptation is to use a single password for everything to make it easier to remember. This is a recipe for disaster, for two reasons:
If you receive an attachment in email, or a request to click on a link and provide some login details, you should be immediately suspicious. Too many viral outbreaks arise simply because people did not stop and think what the attached file might be. A lot of problems simply do not occur if users do not click everything in sight. But not all problems can be magically solved this way and that is why it is still necessary to use software updates, firewalls and anti-virus software.
Another aspect of vigilance is understanding who the enemy is. The internet is awash with viruses, hackers and spam but many businesses will suffer their most egregious losses from employee fraud and theft. For example, can your contacts database be copied by an employee? Maybe your business is a happy ship today but there are many businesses with an employee who left under a dark cloud and then turned up at their competitor with a CD full of private information. Check with your software vendor as to the safety of your database systems from internal theft and attack.
No amount of protection, updates and highly complex passwords will help you if your notebook is stolen from your car or if a file server in your office is easily removed. Entire networks can be compromised if a hacker can physically put a floppy disk into a server and force a reboot. Physical security is critically important because simple, old-fashioned theft is still the technique of choice if you are being specifically targeted by hackers.
Potentially the single most important thing you can do to secure your systems is to ensure data is backed up and taken offsite. If you suffer a virus attack, or theft or any number of problems your only recourse may be to restore data from a backup. Because new viruses are always appearing, and new faults in software are being discovered, you can never assume that, at any moment, your system is 100% secure and therefore you can't assume that your system won't be attacked and that data loss will occur.
Not only are very recent backups important, older backups can be important too. What if you are attacked by a virus today and you only realise an important file is missing six months later? You will have overwritten all your backup media, unless you keep archival backups as well as emergency backups. CD-R media is best for this as it is cheap and long lasting. Minimally you would make an archival backup monthly, but depending on your environment perhaps weekly or daily is more appropriate.
Copyright © 1996-2019 Cadzow TECH Pty. Ltd. All rights reserved.
Question/comment about this page? Please email email@example.com