Clark Atlanta

University

Department of Computer and Information Science

Education Training and Awareness

 

Information Security Protection

 

The term “security” is used by us in many areas of our daily lives.  An “intrusion detection system” secures our house from intruders and warns neighbors and police.  “Financial Security” involves investments that grow in value over time and adequately fund our future.  “Physical Security” for an individual would mean keeping him or her away from potential physical danger.  Each term has a specific meaning in the context it is used and similarly does the phrase “Information Security”, which describes the method of protecting information from misuse and destruction.

 

Goals and Objectives of Information Security

 

There are three main goals that should be achieved by practicing proper information security techniques:

 

· Confidentiality: It ensures that information is accessed only by authorized people. 

· Integrity: It means that information can be modified only by authorized people or only in authorized ways.

· Availability: It means that information is accessible to authorized people at appropriate times.

 

Information Security Strategies

 

There are several methods we employ to protect and secure our valuable assets, for example, we choose to put them in a bank, in a safe or vault.  Similarly, information is highly valuable and should be kept protected.  A computer that lacks proper software that secures it is totally vulnerable to all kinds of attacks that violate our privacy.  There are three strategies we can use to prevent our information from being misused.

 

· Prevention: This can be achieved by installing proper software that makes the computer containing valuable information more secure. 

· Detection: This can be achieved by keeping the computer system updated with the latest security patches and virus definitions so that any new threats can be detected and prevented.

· Recovery: This can be achieved by formulating a backup plan in the event the computer system and data is corrupted or damaged by an attack.  It could include installing software that would restore lost information or having backups of all data.

A good understanding of the above mentioned goals and strategies can help us implement these concepts of security in various aspects of our everyday life.

E-mail Attachment Protection

 

In today’s digital age, the tedious and time-consuming process of writing letters has been very pleasantly replaced by electronic mails, also known as emails, which provide a more efficient and instant means of communication.  It is widely used in corporations, homes, offices, between friends and family members and has become the primary medium of information exchange.  As a result of this, it also leaves enough room for vulnerability as those individuals who are not very familiar with the concept of information security are left open to malicious attacks.

 

Along with text messages, e-mails today are carriers of greeting cards, fliers, documents and several other textual embellishments.  The naïve user sees an attachment in an email and immediately proceeds to open it, without realizing that the attachment may be a potential hazard.  If the attachment contains a harmful virus against which the user has no protection, then the user could fall victim to information loss and damage.

 

Steps to ensure protection against e-mail attachments:

 

· Verification: This step requires the user to verify the source/ sender of the email with the attachment.

· Virus Scan: This step requires the user to scan the verified attachment using a trusted antivirus software whose virus definitions have been updated.

· Notification: Once the virus scan confirms an infected attachment, the user should not try to open the document and instead should proceed to delete it and notify the sender of the infected document.

Spam and Protection

 

Spam, also known as junk mail, is used by many soliciting companies and is usually send to a huge list of people who do not want to be on the receiving end of such unwanted advertising.  Although spam may seem totally harmless, there is still sufficient reason why we should be careful because spam wastes valuable storage space as well as time for those who have to download the messages.  It also becomes an expensive task for ISP’s who try to fight spam.

 

Steps to ensure protection from Spam:

· Never reveal email address to websites: Many websites use information of users against them by selling their email addresses to other spammers. 

· Do not spam. We must realize that we all receive plenty of jokes and forwards on a regular basis.  As a result, before we choose to forward jokes, we should take a moment to think if the individuals on the receiving end would appreciate it.

· Invest in a spam-blocking application. There are plenty of applications available today that claim to irradicate spam.  It makes sense to invest in an application that has received good user ratings and frequently scan the inbox for spam

Antivirus and Firewall Protection

 

The purpose of a firewall is to keep “malicious” things outside a protected environment.  A firewall is a device that filters information exchanged between an entity and the outside world.  In the context of modern day computing, a firewall is executable code that runs on a dedicated system and is the point where traffic is channeled. 

 

With the advent of modern day hackers who can create havoc on a user’s machine, it is really important for the user pc connected to the internet to be protected against them.  A modern day pc connected to the internet has approximately 65,000 ports through which a hacker can gain access into the pc.   A firewall usually blocks these ports and limits access to the pc from the outside world by making it invisible to other computers in the local or wider area network.  Although firewalls can prevent outside access to the pc and information contained within it, it will not prevent the pc from being infected by viruses and Trojans.  Like most antivirus software's, firewalls also need to be maintained and regularly updated. 

 

There are plenty of firewalls available in the market today.  It is best for the naïve user to invest in a firewall that is very user friendly and efficiently monitors incoming and outgoing traffic on the pc.

Password Security

 

The use of passwords is the most common line of defense used against unwanted intrusion.  Today however, there are plenty of applications available on the internet that use common techniques of brute force and dictionary attacks to crack user passwords that are fairly weak.

Passwords can be categorized into strong and weak passwords.

Strong Passwords:

· Usually 8 or more characters long and include both upper and lower case letters.

· Contain symbols and can be typed in very quickly without anyone remembering it by seeing it being typed.

· Changed frequently and not repeated for several applications.

Weak Passwords:

· Usually contain the name of the password user or their family member’s name.

· Contain repeated letters or numbers or words that can be guessed very easily.

· Are saved using the remember password option provided by the web browser

· It is therefore best to have a password that combines letters, numbers, symbols and are changed very frequently

Computer Viruses

 

By definition, a computer virus is a software program that possesses the ability to replicate itself and damage information and other programs stored on the computer.  There are new viruses being created every day and for the common user who is naïve to this knowledge, it can pose a very serious threat to their privacy and sensitive information.  Viruses today are capable of deleting files, erasing entire hard drives, damaging hardware and sending their copies out through email attachments.  As a result it is imperative that one acquires the knowledge required to protect one’s self from such malicious code.  This can be achieved by following the three steps of prevention, detection and eradication.

 

· Prevention: This can be achieved by investing in an efficient anti-virus software available in the market.  Once installed it is necessary to update the virus definitions from the manufacturer’s website.  It is highly advised that the user updates the software as soon as updates are available from the manufacturer.  This will ensure the virus definition files are up to date, enabling the anti-virus software to detect any latest threat.

· Detection: Once installed and updated, it is recommended for users to keep scanning the computer at least once every week.   This will ensure that any hidden viruses or worms would be detected and removed.

· Eradication: Once the anti-virus software issues a warning mentioning the presence of a virus, the user must immediately act and either quarantine or delete the infected file.  Most modern day anti-virus software quarantine by default.

 

Thus, following the above mentioned steps would ensure the prevention of any malicious virus attack and damage.

Computer Backups

 

Most computer users at some point in time have received the annoying message from their computer that an application has stopped responding or that the entire system needs to be restarted.  On several occasions we fall victim to the dreaded “blue screen” that signals the beginning to a system crash, loss of data and sometimes the need to invest in a new hard drive.  As much as we hope that such unfortunate instances never occur in our lives, computers are machines and failure is inevitable.

 

In order to protect the important data we have stored on our computers, we must “backup” or copy the data onto a different medium which could be a disk or another hard drive from where we can retrieve the data if lost.  There are two backup methods that can be used to ensure data recovery.  One involves manually copying all the important files onto a disk or a drive and the second involves the use of an application that stores an image of the disk drive or data.  The later option actually makes a more efficient backup method because the entire image of the computer is stored and it provides easy recovery when required.

 

Things to remember to ensure an efficient backup

 

· Data should be backed up on several different media such as floppy disks, CD-R and external hard drives.

· The computer should be scanned for any kind of virus infection before backup.

· Backup should be performed once a week to keep the data current.

· Backup should be tested occasionally to ensure that they provide accurate recovery.

 

Following the tips mentioned above can ensure that data lost from system failures can be easily retrieved as no one can tell when a computer system might malfunction.  So, it is best that we stay prepared.

Identity Theft

 

Identity theft is regarded as one of the fastest growing, non-violent crime in the United States of America.  It occurs when an individual’s social security number, bank account or credit card number is stolen and his information used to open several credit accounts.  Many times we discard information such as old bank statements and credit card bills without realizing the potential threat they can cause if someone extracts the information they need from that and use it against us.

 

However, there are many precautions that can be taken to prevent identity theft.  Some of them are listed as follows:

 

· Using strong passwords that are very difficult to guess provides protection from intrusion in the personal or professional workspace.

· Private information such as social security number, credit card numbers and bank account numbers should never be written down on paper or typed into a chat applet.

· All paperwork such as billing statements and ATM transactions should be shredded using shredders.

· Check credit card bills and bank statements to verify all purchases and charges and also keep checking credit report frequently to see any fraudulent use of information.

 

If a victim of identity theft, one should immediately contact the police and file reports as well as contact the credit bureaus to notify them of fraud.  Following these steps can ensure the prevention of misuse of someone’s reputation and good name.

Security Threats

 

Personal information is precious and should be kept protected from individuals with malicious intentions.  With the ever increasing hacking attempts on computer security, it is imperative that we understand the threats we are exposed to so that we can prevent ourselves from being vulnerable to them.  Identifying threats is important, but it is equally important to understand the vulnerabilities in our information system.  Threats that plague information systems can be categorized into the following categories:

 

· Natural Threats: These are environmental threats such as floods, tornadoes, earthquakes.

· Intentional Threats: An example of this is when someone tries to damage information or property on purpose.  Identity theft, credit card information theft are also examples of intentional threats.

· Unintentional Threats: These include the accidental deletion of files or modifications of applications.

 

Once familiar with the different threats that we are vulnerable to, it is best that we proceed to acquire all the security patches available for the different Operating Systems we use.  These security patches prevent the operating systems from being vulnerable to hacking attempts and should be downloaded and installed as soon as they are made available.  It is also recommended to invest in an efficient anti-virus and firewall application that will filter the connection between the user machine and the outside world and make the user machine invisible to others.  A good anti-virus application can efficiently remove any infected file or program running on the computer.  Although no computer can be totally secure and safe, knowing the vulnerabilities our systems have and being equipped with the tools to act against them gives us a chance to keep our information protected.

Ethics in Cyberspace

 

There are various kinds of computer crime being committed every second over the internet and the majority of the criminals are actually young individuals who fail to distinguish between crime in the real-world and crime in cyberspace.  The reasons why it is difficult for young children to apply ethical reasoning when they are in a virtual environment are the characteristics of anonymity and distance.  Children often feel that it does not matter what they are doing online because no one is seeing them or going to find out.  This is actually a misconception as today any user is easy traceable.  Because of the distance that the internet provides between people, often young children behave in ways they would not in front of someone or face-to-face with them.  They fail to realize that their actions have the same consequence online as they would in the real world.

 

Parents or responsible individuals can promote proper cyber ethics by taking time to talk to their children about the potential harm that can be done to someone through the internet and the kind of vulnerabilities they are exposed to.  They should explain to their children that their actions have the same consequence and impact as they would in the real world.  Providing a model of ethical behavior and highlighting areas where ethical behavior makes a difference also helps to clarify many misconceptions a young mind has.  Monitoring a child’s use of the internet and applying restrictions on them till they are old enough to differentiate between good and bad behavior also help promote proper cyber ethics.