Security Issues and Strategies

Chapter 8 – Computers: Understanding Technology (Third

edition)

Network and Internet Security Risks

• Unauthorized access– UserID is normally public, so password is the only

secure part– System backdoor – created by the programmers of

the system

• Denial of service (DoS) attacks• Information theft

– Users often do not enable security for wireless devices

– Data Browsing – e.g IRS and tax returns

Hardware and Software Security Risks

• Power interruptions can damage computers – surge protectors

• Stolen hardware and software– Employee theft– Employee loss – e.g. laptops are more easily

taken than traditional computers and this has led to some widely-publicized incidents of possible compromise of sensitive data

Recent Laptop Thefts that Exposed Large Amounts of Sensitive Data

• Personal data of 26.5 million U.S. veterans was on a laptop taken from the home of a U.S. Department of Veterans Affairs employee

• A laptop that belonged to an Ernst & Young employee was stolen from a vehicle. The computer contained personal information of 243,000 Hotels.com customers.

• An unencrypted hard drive containing names, addresses and Social Security numbers of American Institute of Certified Public Accountants (AICPA) members was lost when it was shipped back to the organization by a computer repair company. Potentially 330,000 members were affected.

Source: Wikipedia, July 9, 2007

Security Strategies

• Physical security• Firewalls – used on computers connected to

internet, will allow web browsing but prohibit some other forms of communication

• Network sniffers – displays network traffic data• Antivirus software• Data backups – rotating backup allows one to

keep several versions rather than a single one• Disaster recovery plan – remotely located data

backups and redundant systems

Security Strategies (cont.)

• Authentication – Personal identification numbers, usernames

and passwords• User IDs and Passwords – passwords must be

easy to remember but hard to guess. The following also increase security

– Longer passwords– Increase in number of choices for each keystroke –

requirement for an uppercase letter, a lower case letter, and a number thus increases security of password

– Changing passwords more often (maybe)

– Smart cards

Security Strategies (cont.)

• Monitoring and auditing– Keystroke loggers and internet traffic trackers– Video surveillance

• Biometric authentication– Fingerprint– Hand geometry– Facial recognition– Voice – Signature– Iris and retinal– Keystroke dynamics – how an individual types

Security Strategies (cont.)

• Data encryption – Intelligence agencies want to limit use of

encryption technology so it can decipher communications in particular instances

– Secure Sockets Layer (SSL) protocol is used on sites where the URL starts with https rather than http