Computer & Internet Safety
Computer Crime Prevention
Computer crime is becoming ever prevalent in our society. More and more, companies and individuals rely on the services and resources provided through networks and computers. Companies may be dependent on the data to conduct business, while individuals may store information that is important to their personal or work-related activities. Due to this, it becomes vital that steps are taken to protect computer systems and the data that's stored on them.
It is important to remember that no system can ever be completely secure. The only network, Web site, or computer system that's 100% secure is one that can't be accessed by anyone or anything, which makes it completely unusable. Natural disasters, malicious, users who make mistakes or motivated criminals can compromise security and/or cause damage. The goal for securing your system should be to balance security with accessibility.
Common Types of Computer Related Crimes
There are a number of common attacks and methods of committing a computer related crime. Some of these are less sophisticated than others, and can be committed by someone with limited knowledge of computers. Others require programming skills and/or an advanced knowledge of how computers and various software can work together to commit a crime.
Computer viruses are programs that can attach themselves to other programs or files. The virus infected files can then become carriers of the virus, or become damaged in some way. The virus may effect computer services, displaying messages or playing sounds, or may crash the operating system so that the computer won't run as expected (if at all).
You can prevent computer viruses by installing an anti-virus program on your computer, which scans files for known viruses. There are a number of these programs on the market, and they can be purchased from software stores or acquired on the Internet. Once installed, you will need to regularly update anti-virus files, which are used to detect and remove viruses from your system.
Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. The culprit can be anyone involved in the process of creating, recording, encoding, examining, checking, converting, or transmitting data.
This is one of the simplest methods of committing a computer-related crime, because it requires almost no computer skills whatsoever. Despite the ease of committing the crime, the cost can be considerable. For example, a person entering accounting may change data to show their account, or that or a friend or family member, is paid in full. By changing or failing to enter the information, they are able to steal from the company.
To deal with this type of crime, a company must implement policies and internal controls. This may include performing regular audits, using software with built-in features to combat such problems, and supervising employees.
Hackers and Crackers
In computer jargon, "hacker" has a variety of meanings, including being synonymous with programmers and advanced computer users. In these cases, it refers to someone who hacks away at a keyboard for long periods of time, performing any number of computer-related tasks. In recent years, hacking has come to mean the same as another term "cracker," which is a person who cracks the security of a system or computer application. Hacking (and cracking) now refers to the act of gaining unauthorized access to a computer, network, Web site, or areas of a system.
A person may hack their way into a system for a variety of reasons; curiosity, the challenge of breaking through security measures, or to perform malicious actions and destroy or steal data. All to often, it involves performing mischief and damaging a Web site or corporate network in some manner.
Commonly, hackers will impersonate a valid user to gain access to a system. If the system requires a username and password before allowing entry, a hacker may take an authentic user's identity. On a network or an office with Internet access, a hacker can impersonate someone else by simply sitting at the unattended workstation of another user who hasn't logged off. It also commonly occurs when someone has an easy to guess username and password, or allows this information to be known by others.
Another common method hackers use to gain access is to guess or crack a username and password that's used to access a computer, network, or Internet account. To prevent being hacked in this manner, you should use passwords that are difficult to guess. You should also make your passwords a mixture of letters, numbers, and special characters (e.g. !, @, #, $, %, ^, &, *). You should change your password at regular intervals, and set a minimal length to passwords (such as being a minimum of six or eight characters).
A logic bomb is a program that runs at a specific date and/or time to cause unwanted and/or unauthorized functions. It can affect software or data, and can cause serious damage to a system. Generally, it will enter a system as hidden content, or may be installed on the system by someone within a company. For example, a disgruntled employee may write a program designed to crash the system one month after he plans to quit the company. When this date and time arrives, the program then executes. In other words, the bomb goes off.
Often, logic bombs aren't detected until after they execute - when the damage is done. However, by installing anti-virus software, firewalls, and other security software, you can block hidden content, and stop the bomb before it becomes a problem. Anti-virus software can detect known logic bombs, Trojan horses, and viruses. Firewalls allow you to set policies on your system that will strip hidden content out of messages, removed file attachments, and so forth.
Trojan horses get their name from the story of the attack on Troy. In the story, the army couldn't get past the gates of Troy to attack. A covert attack was needed, so soldiers hid inside of a giant wooden horse, which was offered as a gift to the citizens of Troy. Once inside the gates of the city, the Trojan Horse opened and the attack began.
In computer terms, Trojan Horses live up to the name derived from the Greek story. Covert instructions are hidden inside of a program. These instructions are embedded in software or email, and may provide any number of undesired or unauthorized functions. Once opened, they may modify or damage data, or send information over the Internet (which can then be used by a hacker for future attacks).
By dealing hidden content in messages or software, you can avoid problems with Trojan Horses. Using anti-virus software, firewalls, and other security software, your system can check for Trojan Horses and prevent them from attacking.
Establishing and Maintaining Computer Security
Computer security involves careful planning, and covers a wide variety of issues. You will need to consider securing your system against malicious attacks from hackers, inexperienced but well-intentioned users, and viruses. Protection from such security risks will include installing special software that is designed for security.
You will also need to consider physical security. This may include locking the computer in a secure room to prevent access and vandalism. Such simple solutions to possible problems can go a long way in protecting your network or home computer.
You should be aware that computer security doesn't only deal with problems caused by people. You should also secure your system against natural disasters (earthquakes, floods, fire, and so forth). Install equipment that will put out fires in the area where your network server is stored, but won't damage the computer. In other words, having a sprinkler system spray water over a network server is a poor method of dealing with the possibility of a fire. Ensure that network servers are in a dry, cooled area, that is structurally sound, and keep backups of all data stored on these systems.
Establishing and maintaining the security of your system requires several steps:
Identify what will require protection. This includes data, software, media, services, and hardware.
Analyze the value of what is requires protection. This will allow you to determine how much insurance is required to replace the system, and also how much money and effort should be spent on security. If your company will go bankrupt without the data on one server, but another server at a different location stores redundant data, then this will help you identify your priorities.
Identify the threats associated with elements of your network or computer system. This will vary from business-to-business, and person-to-person. There may be little risk of someone walking into the computer room in your home, sitting at the computer and accessing data. This may not be the case where you work, where multiple persons use the same computer. Also remember that computers located in different areas of a company may have different risks associated with them. A network server in California may be at risks from earthquakes, but this is a low priority for a server in Canada.
Identify the exposure to risk. This means looking at the risks you've identified, and determining how likely it is that different risks will become an actual problem. Having a hard-drive fail, and losing your data, will generally be a greater risk than a river flooding and washing away the building.
Determine what measures should be taken to deal with the risks. This will often include implementing regular backups of data, storing copies off-site, storing the network server in a secure room, and so forth.
Implement the measures you've decided to use to deal with the various risks. Remember to upgrade and regularly maintain security. This includes updating anti-virus files, upgrading security software, and performing regular backups of data.
From time-to-time, reassess whether things have changed. Determine if your system is at risk from possible new threats, and if new measures need to be taken to deal with possible problems.