Make your own free website on Tripod.com
 

Computer Security and You
Rich Christie <Rich@Philosophers.net>


Computer Security is a broad topic that commands respect yet hardly ever gets it. It is more than protecting networks from hackers, or preventing young Billy from visiting sexually explicit sites when he comes home from school. Computer Security is a never ending war. When you're not protecting from hackers, crackers, and viruses, you've got to also protect the system from yourself. In this paper, I will attempt to make you as a reader more informed of the theory of Computer Security, and it's relevance to you- just as security is important in your daily life. You never know when the next victim could be you.

Just as with anything else, there is a need for security. Without security, there is a greater potential for chaos to run rampant. In stores, banks, etc., without some form of security, they have a higher risk of loss. With computers, without some form of security you are bound to have some form of disaster, whether it is natural or caused.

The first line of defense in computer security is training and awareness. This will prove to be the most effective asset in securing your computer or network. Not everyone needs to become a Computer Security Specialist, but you should have a general idea of what threats and potential dangers there are. Educating yourself in computer security is not a difficult task, though it does require you to keep current. Knowing the latest virus that is being passed around, being able to catch some of those wide open holes in your computer/network's default settings, and knowing what to do in case of an emergency will help you. Even a little knowledge can go a long way. You'll learn not to accept files from strangers (especially executable files such as *.exe, *.bat, *.com), not to give out personal or detailed information about yourself or your computer system to those who do not need to know, and how to spot a social engineer, i.e., someone trying to trick you into revealing something that they shouldn't know to use to their benefit or against you. It is also a good idea to make sure that anyone else that uses your computer is also aware, because disasters don't discriminate on who is behind the keyboard.

After you have acquired the knowledge you feel you need, it is now time to learn how to apply what you've learned. Install the latest anti virus and anti trojan software, update your system with the proper patches, and establish strong computer security policies and procedures, tailored to your needs. For example, if the computer in question is your home computer and it is not on a LAN, there is no need for you to have file/print sharing enabled. It is important to keep in mind that the more "services" you're computer has to offer, the greater the chance of a malicious cracker finding it and exploiting it.

Download and install cryptography software, and you may wish to have various software packages since some of them do different things. For example, you may wish to use Pretty Good Privacy (PGP) for e-mail, Norton's Secret Stuff for files on your hard drive, and Fortify to add extra strong encryption to your Netscape web browser. So if at any time data is intercepted, stolen, or in some way gets into the wrong hands, they will not be able to use it inappropriately. This is especially useful with personal and confidential files, and if you engage in e-commerce.

You may also want to consider using a program that truly eliminates a file from your system, as just "deleting" it only removed the reference to the file but it can be recovered by the right person with the right tools, and of course someone wanting to steal your data would be that person with those tools. An excellent program called BCWipe will allow you to delete a file for good, without trace, so they snoops will not be able to recover it. There are numerous other program that do the same thing, but regardless of which one you use one thing is for certain- just deleting the file won't work.

As for the problem with young Billy visiting sexually explicit sites, well, either let boys be boys or install software such as 'Cyber Patrol' or 'Net Nanny' to filter out unwanted sites, though be aware: these programs are often easily bypassed if the kids has a strong working knowledge of the computer and they can sometimes filter out sites that need not be filtered out, and are only blocked because of a flaw in the software.

If you feel the need, there are also many security software suites available that have a combination of methods for protection, including security over a network such as The Internet. An example of this would be Lockdown 2000, as well as others. Security on The Internet is extremely important, for obvious reasons. You'll run into many, many more threats than you would ever have before- from hostile webpages (sites with embedded code to crash your browser or system), viruses and trojan horses, crackers, cyber stalking, and so much more. As a computer user with a basic knowledge of computer security, you'll be able to repel and safeguard yourself against approximately 80-90% of them easily, since a large majority of those that wish to do severe damage and crash computers know very little. The few that do have a lot of knowledge about computer systems will generally not target personal computers, or at least not as much. It goes along with the theory "simple things for simple minds". Those with little knowledge are often amused at how they can run a program and crash a computer system.

For anyone with an interest in computer security, I recommend the book The Underground Guide To Computer Security by Michael Alexander (ISBN: 0-201-48918-X). It covers a lot of the basics of computer security without going too far in depth so you'll lose interest, as it is not very technical at all and written in very clear language. To take a step up from that and get slightly more involved, I recommend Protection and Security On The Information Superhighway by Frederick B. Cohen (ISBN: 0-471-11389-1), Frederick B. Cohen is renowned for his work in Anti Virus studies, and is consider the father of virus research. His book has slightly more of a technical side to it, but it is still very fascinating.

After you've got the basic concepts of computer security, it will be time to specialize, though only slightly. This means you'll want to pay more attention to what directly concerns you, but also be aware of what other threats there are. For example, if you're running Windows 98 then of course you should pay attention to all Windows 98 security alerts, but you should also keep current on what threats there are for say, Windows NT and Linux.

Now that you've got a little more understanding of some of the basics of computer security, remember the following things:
 


Overall, just have good common sense. CS = Computer Security = Common Sense. Here are some URL's to many of the sites I mentioned:

 http://www.cert.org
 http://l0pht.com
 http://www.microsoft.com/security/
 http://www.rootshell.com
 http://netsecurity.miningco.com
 

And of course for young Billy..
 http://www.cyberpatrol.com/
 http://www.netnanny.com/

Software such as
BCWipe
Pretty Good Privacy,

Etc., should also be easy to find at just about any software archive site such as

http://www.download.com
http://www.zdnet.com

If you have any further comments, questions, or suggestions, please feel free to e-mail me.