September 11th, 2005, 05:00 PM
Important Steps To Take To Ensure Safety.
Security of Hard Drives
Secrets in the computer require the same protection as secrets on paper. Information can usually be recovered from a computer hard drive even after the file has been deleted or erased by the computer user. It has been estimated that about a third of the average hard drive contains information that has been "deleted" but is still recoverable.
When you delete a file, most computer operating systems delete only the "pointer" which allows the computer to find the file on your hard drive. The file itself is not deleted until it is overwritten by another file. This is comparable to deleting a chapter heading from the table of contents of a book, but not removing the pages on which the chapter is written. Some networks may be configured to "wipe" or purge the hard drive when information is deleted, but most are not.
Computers on which classified information is prepared must be kept in facilities that meet specified physical security requirements for processing classified information. If necessary to prepare classified information in a non-secure environment, use a typewriter or a removable hard drive or laptop that is secured in a safe when not in use.
Check with your security office concerning rules for traveling with a laptop on which classified or other sensitive information has been prepared. Laptop computers are a particular concern owing to their vulnerability to theft.
Viruses & Other "Infections"
A virus is a small, self-contained piece of computer code hidden within another computer program. Like a real virus, it can reproduce, infect other computers, and then lie dormant for months or years before it strikes. A virus is only one of several types of "malicious logic" that can harm your computer or your entire network.
Worms, logic bombs, and Trojan Horses are similar "infections" commonly grouped with computer viruses. A computer worm spreads like a virus but is an independent program rather than hidden inside another program. A logic bomb is a program normally hidden deep in the main computer and set to activate at some point in the future, destroying data. A Trojan Horse masquerades as a legitimate software program. It waits until triggered by some pre-set event or date and then delivers a payload that may include destroying files or disks.
Some viruses are high-tech pranks not intended to cause damage. For example, a virus may be designed to conceal itself until a predetermined date, then flash a message on all network computers. Even pranks, however, are not benign. They steal computer memory, storage, and processing time.
Of greatest concern, of course, are viruses and other devices that are deliberately malicious. They are intended to cause serious damage such as deleting files, provide access for an outsider to copy your files, or disrupting the operation of an entire computer network or organization.
From an information security point of view, one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote user to access and control your computer without your knowledge whenever you are on the Internet. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be snuck onto someone's computer by burying it in a game program or other executable script sent by e-mail. Happily, known versions of the program will be caught by a good virus checker.
The virus threat is increasing for several reasons:
Creation of viruses is getting easier. The same technology that makes it easier to create legitimate software is also making it easier to create viruses, and virus construction kits are now available on the Internet. About 200 to 300 new viruses are being created each month, while the old ones continue to spread.
The increased use of portable computers, e-mail, remote link-ups to servers, and growing links within networks and between networks mean that any computer that has a virus is increasingly likely to communicate with -- and infect -- other computers and servers than would have been true a few years ago.
As organizations increasingly use computers for critical functions, the costs of virus-induced downtime are increasing.
A virus or other malicious logic can be transmitted by any software that enters your system. A study of major U.S. and Canadian computer users found that an infected diskette was responsible for transmitting most (87%) viruses. Forty-three percent of the diskettes responsible for introducing a virus into corporate computers had been brought from home. Downloading software from an electronic bulletin board was responsible for 7% of the infections, while miscellaneous other sources accounted for 6%.
You can catch a virus by launching an infected application or starting up your computer from a disk that has infected system files. Once a virus is in memory, it usually infects any application you run, including network applications (if you have write access to network folders or disks). A properly configured network is less susceptible to viruses than a stand-alone computer.
When you interact with another computer, the virus may automatically reproduce itself in the other computer. Once a virus infects a single networked computer, the average time required to infect another workstation in the same network is from 10 to 20 minutes -- meaning a virus can paralyze an entire organization in a few hours.
Not all viruses, worms, logic bombs, and Trojan Horses are transmitted through infected software brought in from outside the organization. Some of the most damaging are implanted by disaffected insiders. For example:
A computer programmer at a Fort Worth, Texas, insurance firm was convicted of computer sabotage for planting malicious software code that wiped out 168,000 payroll records two days after he was fired.
A computer programmer at defense contractor General Dynamics was arrested for planting a "logic bomb" set to go off several months after he resigned from the company. If the bomb had not been detected by another General Dynamics employee, it would have destroyed irreplaceable data on several defense contracts.
Your organization has policies and tools for countering the threat of viruses. In order to avoid security or system maintenance problems, many organizations require that all software be installed by a system administrator. Some organizations require that any diskette you bring into the building be tested for viruses before being used. Others do not. Consult your system administrator to learn the correct procedures in your organization.
Be sure you know how your virus detection software works. If it indicates your system has a virus problem, report it immediately to your system administrator and then to the person you believe may have passed the virus to you. It is important to remain calm. There are many virus hoaxes as well as real viruses, and a virus scare can cause as much delay and confusion as an actual virus outbreak. Before announcing the virus widely, make sure you verify its presence using a virus detection tool, if possible, with the assistance of technically competent personnel.
If you have a stand-alone computer or your organization has few controls on installing new programs or bringing in diskettes, the following procedures will help lower the risk of infection or amount of damage if the worst does happen.
Don't be promiscuous. Most risk of infection by viruses can be eliminated if you are cautious about what programs are installed on your computer. If you are unaware of or unsure of the origin of a program, it is wise not to run it. Do not execute programs or reboot using old diskettes unless you have reformatted them, especially if the old diskettes have been used to bring software home from a trade show or another security-vulnerable place.
Excellent virus-checking and security audit tools are available. Use them and, if possible, set them to run automatically and regularly. Update your virus checker regularly, as many new viruses are created each month.
Notice the unusual. Be familiar with the way your system works. If there is an unexplainable change (for instance, files you believe should exist are gone, or strange new files are appearing and disk space is "vanishing"), you should check for the presence of viruses.
Back up your files. If worst comes to worst, you can restore your system to its state before it was infected.
Using the Internet Securely
You can do many interesting and useful things on the Internet, both in the office and at home, and you can do them securely -- if you understand and avoid certain risks. The two main security risks are drawing attention to yourself as a potential target for intelligence exploitation and unintentional compromise of sensitive information.
September 11th, 2005, 05:03 PM
Chat Rooms, News Groups,Bulletin Boards.
Chatting on the Internet or posting messages to news groups or bulletin boards might seem like a private pastime, but it is in fact a very public activity. Message sent to "Usenet" discussion groups are broadcast to anyone, anywhere in the world, who wants to receive them. These messages are archived so that they are readily searchable by the public. The Deja.com archive contains messages going back to March 1995.
Foreign intelligence collectors and investigators collecting competitive intelligence regularly troll bulletin board, chat room and newsgroup postings to identify individuals or information of potential interest. If someone on the Internet finds that, because of the information you offer, you could be a good "source," he or she will have no problem finding out more about you.
A knowledgeable information collector can identify a great deal of information about you with little more than your e-mail address and a newsgroup or chat room posting. One can probably obtain from online sources your address, phone number, vehicle license plate number, social security number, date of birth, name of employer, eye color, weight, credit report, real estate ownership records, and the names, addresses, and phone numbers of nine to fourteen of your neighbors who may then be called for additional information about you.
Once you are identified as a potential target, a knowledgeable information collector may search for and read your newsgroup, bulletin board, and chat room postings. For an example of how this type information can be used by hackers, see the "Getting to Know You" section in Case 1.
Do not post any information on the Internet that calls attention to yourself as a person with access to proprietary or classified information. This could cause you to become a target.
If you are recognized as a government employee or contractor, your words may carry a weight that you did not intend. The common assumption is that you know more than you do, and that you have access to classified or other sensitive information relating to the subject of discussion, which may or may not be the case. If you are thought to have information of value, you may start to receive e-mail solicitations from people asking questions and offering to provide you with information in return. See How Do I Know When I'm Being Targeted and Assessed?
Do not try to impress others with how much you know.
Do not express any opinion in a way that implies you have insider information, and therefore that your opinion merits greater credence than the opinions of others.
Do not imply or state outright that you have access to proprietary or classified information. A statement such as "I can't say any more, because I have a clearance" is an example of security consciousness gone awry. It targets you as a holder of classified information.
Do not refer to project code words, even though the words may be used in other public media.
Do not provide information about your work, your employer, or job location.
The greatest risk on the Internet is when you "chat" in real time with other users, using typed input that is relayed back and forth. There are several reasons why this can be dangerous:
Live chat does not allow you time to think carefully before you respond. Once the message is sent, it's gone forever.
What starts out as a casual information exchange can quickly lead to much more.
Your message on the Internet may be read by tens of thousands of people worldwide.
When chatting on line or exchanging e-mail, remember that the people you are communicating with are not always who they seem to be. You don't even know what country they are in. Although there are country codes for Internet addresses, they are not always used. For example, America Online is international, and you don't know the home country of a person with an aol.com e-mail address.
Some messages are sent anonymously. Unfortunately, it is not always possible to know which are and which are not. Reputable "remailers" who forward mail anonymously make it clear that their messages are anonymous. Less responsible remailers, however, substitute phony names and addressed, but do not so indicate. Because messages can be forwarded from anywhere to anywhere, you cannot assume anything about message origins. Be wary of responding to messages from anyone whom you do not know personally.
For purposes of pre-publication review, an electronic file is the same as a paper document. If you would need to get pre-publication review for a hard-copy version of something you write, you need pre-publication review before putting the same material on line.
Get pre-publication review for any such document or file that you:
Submit to an online publication
Draft and store on your publicly accessible home page.
Send to another Internet site, regardless of the site or location.
Even though information is unclassified, it may not be appropriate to put on a public Internet site. Before putting information on a web site, see Pre-Publication Review of Web Site Content.
Surfing the Net
The principal hazards of surfing the Internet are discussed in greater detail in other topics. The greatest risk is probably downloading files, as discussed in Viruses and Other "Infections". The wealth of free software available for downloading from the Internet is exciting but does pose risks. Many organizations explicitly prohibit downloading and running software from the Internet. If you want to download a program, check with your system administrator.
When logging in to an Internet site that requires password and user ID, do not use the same password that you use to log on to your office network. The password for your office network requires the utmost protection, while the password used to log in to an external web site is vulnerable to interception unless in it encrypted. Compromise of the one should not compromise the other.
The rapid growth of Internet commerce is driving the development of additional security measures. Protection mechanisms such as Secure Sockets Layer (SSL) and Secure Electronic Transaction (SET) are growing rapidly. SSL sits "between" your web browser and the web server you are communicating with. It can exchange verification of both parties to the communication. It then encrypts sensitive information such as credit card data when making a purchase or personal information filled in on a form to register with a site. SET uses digital signatures to ensure that Internet credit card users and merchants are who they say they are. With SET, your credit card number is never stored on the merchant's computer.
Most browsers have a padlock or key symbol in the lower left corner of the screen to show the security status of the connection. When the padlock is open or the key is broken, no special security precautions are in effect. When the padlock is closed or the key is unbroken, information is being encrypted. The number of teeth in the key signifies the level of encryption. One tooth signifies a 40-bit key; two teeth means a 128 bit key.
Your password is the key to your computer -- a key much sought-after by hackers as a means of getting a foothold into your system. A weak password may give a hacker access not only to your computer, but to the entire network to which your computer is connected. Treat your password like the key to your home. Would you leave your home or office unlocked in a high crime area?
Too many passwords are easily guessed, especially if the intruder knows something about their targets background. It's not unusual, for example, for office workers to use the word "password" to enter their office networks. Other commonly used passwords are the computer user's first, last or child's name, Secret, names of sports teams or sports terms, and repeated characters such as AAAAAA or bbbbbb.
Your computer password is the foundation of your computer security, and it needs to stand up against the tools that hackers have for cracking it. There are 308 million possible letter combinations for a six letter password using all upper case or all lower case letters. A readily available password cracker can check all of them in only 2 minutes 40 seconds.
Here are some simple guidelines for strong passwords.
It should contain at least eight characters.
It should contain a mix of four different types of characters -- upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;" If there is only one letter or special character, it should not be either the first or last character in the password.
It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address.
You should be able to type it quickly, so that someone looking over your shoulder cannot readily see what you have typed.
It should be changed at least every 90 days to keep undetected intruders from continuing to use it.
Almost all computer operating system software programs on the market today that store passwords in encrypted format store the last character in the clear. All password cracking programs know this, so that means one less character for them to crack. This is one of several reasons why numbers and special characters should be toward the middle of your password, not at the beginning or end.
A six-letter password using all upper case letters or all lower case letters has 308 million possible letter combinations. This is easily broken within a couple minutes by automated password cracking programs that hackers can download from the Internet.
With some combination of both upper and lower case letters, a six letter password has 19 billion possible combinations. If you increase the password to eight letters and use both upper and lower case letters, there are 53 trillion possible combinations. Substitute a number for one of the letters, and there are 218 trillion possible combinations.
Substitute one of the special characters for another one of the letters, and you have the recommended type of password -- at least eight characters, including at least one upper case letter, lower case letter, number, and special character or punctuation. This has 6,095 trillion possible combinations -- still crackable, but requiring a more sophisticated program, a far more powerful computer, and far more time.
The password used for logging on to your office computer should be different from the password you use to log in to a web site on the Internet. The password used to log in to a web site is far more exposed to potential compromise. Any time you log in over an external network, your password is vulnerable to being stolen unless it is encrypted. Using a separate and unique password for your office computer helps protect the security of the office network.
Once you have selected an effective password, protect it. Resist the temptation to write your password down. If you do, keep it with you until you remember it, then shred it! NEVER leave a password taped onto a terminal or written on a whiteboard. You wouldn't write your PIN code on your automated teller machine (ATM) card, would you? You should have different passwords for different accounts, but not so many passwords that you can't remember them. Do not allow anyone to observe your password as you enter it during the logon process.
Do not disclose your password to anyone, not even to your systems administrator or maintenance technician. They have no need to know it. They have their own password with system privileges that will allow them to work on your account without the need for you to reveal your password. If a system administrator or maintenance technician asks you for your password, be suspicious.
Use a password-locked screensaver to make certain no one can perform any activity under your User ID while you are away from your desk. These can be set up so that they activate after the computer has been idle for a while. Strange as it may seem, someone coming around to erase or sabotage your work is not uncommon. Or imagine the trouble you could have if nasty e-mail messages were sent to your boss or anyone else from your computer, or your account were used to transfer illegal pornography.
Owing to the important of user identification and the many problems with passwords, considerable research is now focused on the development of biometric identification systems. In the future, password access to networks containing sensitive information will probably be replaced by some form of biometric identification such as a fingerprint scanner.
Desktop:I5 2500K|Asus P8Z68-V|8GB Corsair Vengeance|1280MB Nvidia 560 TI PE|1TB Seagate/60GB OCZ SSD|LG Blu-ray Writer|Corsair 750W
27" iMac:I5 2500S|12GB Crucial DDR3|ATI 1GB 6970|1TB|Superdrive|Mighty Mouse
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)