Tutorial:Internet
Internet Security
Tips And Tricks
Security is an ever changing arena, and keeping your systems secure means always
staying one step ahead of the hackers. This means understanding their techniques,
and checking out the places where they meet.
By Robert Schifreen
P
reventing and detecting misuse
to your competitors are probably not
depending on the company's areas of
of corporate computer systems
terribly severe.
business. All companies will have cus
is a constant cat and mouse
Among the questions you should
tomer lists, personnel data etc. Other
game. If you're involved in data secu
ask yourself are:
categories include plans for new prod
rity, your best hope is to stay one step
ucts, marketing strategies, reports
ahead of the hackers and try to beat
G
What types of information do we
from consultants into the state of the
them at their own game. This is far
have?
company,
pending
financial
an
more difficult than it sounds, however,
G
Which is the most important?
nouncements such as a flotation or
as modern hackers have many strings
G
Where is it held?
quarterly results, and so on. Not all
to their bow. While some vendors may
G
Could we survive without it?
organisations will possess such data.
tempt you to put all your security eggs
G
If so, for how long?
Make up a list of the types of data you
into the firewall basket, concentrating
G
Who currently has access to which
have.
all your efforts in any single area is just
types of data?
asking for trouble.
G
Conversely, of those who have been
Destination
granted access to specific types of
The ultimate destination of stolen
Know Your Enemy
data, who actually needs that ac
data depends both on the hacker and
cess? Could they manage without
on the type of data. Typical customers
In IT security, as in any other corpo
it? When did they last use it?
for information include:
rate department, you're always short
G
What would happen if the data was
staffed
and
under funded.
It's
lost, altered, or leaked?
G
Business competitors.
important, therefore, that you priori
G
Former staff.
tise your efforts. That way, you can
Ensure that there are individuals (at
G
Rivals in a takeover.
ensure that the problems you deal with
least two, to prevent misuse of power)
G
The press.
first, and on which you spend most
responsible for each category of data.
G
Private investigators.
money, are the ones that really are the
These people should be made aware
G
Other hackers.
most potentially damaging to the com
that it is they who will lose their jobs if
G
Opposing sides in a court case.
pany.
anything happens to the files they are
While poor protection of the details
protecting.
Techniques
of what each staff member has for
Each organisation holds different
lunch might be annoying, for example,
types of information, and each type
Tradition has it that hackers simply
the implications of this data getting out
may need differing levels of protection
steal data files and, if possible, sell
them. Although this was the case 15
years ago, it's no longer entirely true.
Much of today's hacking activity is
In IT security, as in any other corporate
aimed at denial of service attacks, pre
sumably based on the philosophy that
department, you're always short staffed
if the hacker can't gain access to a sys
tem then the legitimate users should be
and under funded. It's important,
denied access too. Programs to perpe
trate such attacks are freely download
therefore, that you prioritise your efforts.
able from the Internet and will crash a
machine instantly. On average, at least
two attacks (or descriptions of possible
Issue 102 (December 1998) page 19
File: T1820.1
PC Network Advisor
Next page >
New! The best sites for quality inkjet printer cartridges and the best sites for cheap inkjet cartridges