Wednesday, April 14, 2010

Technologies and Tools for Security and Control

Access Control

The headlines telling of hackers' exploits in the past year should be enough to convince every company of the need to install firewalls, access controls, and other security measures. With the installation of cable modems or DSL lines, home users must follow the same guidelines. These new connections, which leave your personal computer "always on," are just as vulnerable to attacks as corporate systems.

In corporate systems, it's important to ensure authentication methods are in place so that unauthorized users can't gain access to the system and its data. Because most simple password systems are too weak and make the system too vulnerable, security experts are devising new methods to control access.

Biometric authentication is becoming more popular as a method of protecting systems and data as the technology is refined. While you may have seen the fingerprint or facial recognition techniques only on sci-fi movies, rest assured it may be the next wave of security that's installed in your organization.

If you allow employees to keep certain data on their machines that are not backed up to the mainframe computer, you need to ensure that safeguards are installed on the individual PCs. Make sure you have controls in place for accessing individual data, backing it up, and properly protecting it against corruption. Do you even have a policy about whether employees can store data on their individual terminals?

Firewalls, Intrusion Detection Systems, and Antivirus Software

The four types of firewalls described in the text are:

· Packet filtering: data packet header information is examined in isolation

· Network address translation (NAT): conceals IP addresses and makes it more difficult to penetrate systems

· Application proxy filter: sort of like a fence through which a substitute message passes.

· Stateful inspection: the actual message comes through the firewall but must be identified by the user as passable.

Intrusion Detection Systems

Firewalls can deter, but not completely prevent, network penetration from outsiders and should be viewed as one element in an overall security plan. In addition to firewalls, digital firms relying on networks use intrusion detection systems to help them protect their systems.

In March 2002, Wright Patterson Air Force Base, Ohio, reported over 250,000 unauthorized attempted entries into its computer systems by hackers in a 24-hour period. The intrusion detection systems it had in place allowed authorities to track the hacker attempts and thwart damage to its critical data and systems.

Antivirus Software

While most computer users, especially home users, know they are supposed to have antivirus software installed, they may be negligent in keeping it up-to-date. Because new viruses are unleashed almost every week, antivirus software needs constant updating — at least once a week. Many brand-name software programs have an automatic update feature that users should take advantage of.

Securing Wireless Networks

It's becoming more important for wi-fi users to protect their data and electronic transmissions as wireless networks and their access points proliferate around the country. Security is easily penetrated because of the very nature of the spectrum transmission used in wi-fi. Unless users take stringent precautions to protect their computers, it's relatively easy for hackers to obtain access to files. Stronger encryption and authentications systems for wi-fi than the original Wired Equivalent Privacy (WEP) is being installed in newer computer models. But individual users still carry the responsibility to make sure passwords are changed from the original and encryption systems are used to help protect data.

Encryption and Public Key Infrastructure

Most people are reluctant to buy and sell on the Internet because they're afraid of theft, fraud, and interception of transactions. To help ease the mind and make transactions secure, many companies are using very sophisticated methods of protecting data as they travel across the various transmission mediums.

Watch any World War II movie and you'll see episodes of the good guys intercepting coded messages from the enemy. The messages were scrambled and almost impossible to interpret. But the good guys always won out in the end and unscrambled the message in time to save the world. Now we use sophisticated software programs to encrypt or scramble transmissions before they are sent. The sender and recipient have special software programs they can use to encode and decode the transaction on each end.

Encryption software programs incorporate authentication and message integrity in its program to ensure senders and receivers are protected against many of the computer crimes committed on networks and the Internet.

Usually you can't tell if a transmission is authentic when you receive it over the Internet or network. Digital signature software can create a method of verifying that the message, document, or file has not been altered between the time it left the sender and you received it. The Electronic Signatures in Global and National Commerce Act authorized the use of digital signatures and promises to enhance electronic commerce and make it easier to do business digitally. You must be careful though as digital signatures can be forged or altered the same as an old-fashioned hand-written signature can be forged.

Another way of providing authenticity to network transmissions is by using a digital certificate. Just as your personal signature is connected to you, a digital certificate provides a way of proving you are. GlobalSign.com has lots of information about its digital certificate product and other useful information about this technology. You can get a demo certificate, find someone's certificate, or get more information about how to use your own certificate.

Two methods companies are using to make online transactions more secure are Secure Socket Layers and Secure Hypertext Transport Protocol. The next time you're on an e-commerce or e-business Web site, look in the address text box of your browser and notice if the address begins with https:. If so, the site incorporates one of these two security measures. Public key infrastructure (PKI) is another method for providing secure authentication of online identity and makes users more comfortable transacting business over networks.

Ensuring Software Reliability

Even though your system may appear to be working normally, you should still verify that it is working according to the specifications. Walkthroughs are an excellent way to review system specifications and make sure they are correct. Walkthroughs are usually conducted before programming begins, although they can be done periodically throughout all phases of system development.

Once a system has been coded, it is much harder and more expensive to debug it. We're beginning to sound like a broken record but it's important that you understand and remember that the more work you do before the programming phase begins, the less trouble you'll have later. You can't just start pounding the keyboard and hope everything turns out okay.

As organizations move more toward electronic business and e-commerce, they need to spend more time in the testing phase and do it in realistic terms. As your digital firm is building a new site, or even revamping an old one, you can't afford to underestimate the amount of traffic the site will generate, or overestimate it's stability. Toys-R-Us, Inc., learned that lesson the hard way in December 1999. Their site wasn't tested enough, under realistic conditions, and proved to be a complete failure. It cost the company not just millions of dollars but millions of dissatisfied customers who never came back for a second try.


NOOPUR GARG

BBA/4536/07

No comments:

Post a Comment