Editor's Note
CC History
DSL Modems
Health & Computers
IT Employee
ListProc Web
Pentium 4
Registrations
Security
Fun Stuff
CISN Archive
Questionnaire
Send Feedback


Computing & Information Services Newsletter
 Security
     
 

As the use of the computers and networks has extended widely, there is a corresponding increase about the subjects one must be careful about and one must work on. One of the fundamental topics that must be handled is the issue of security.

Significance of Security

* One of the main reasons of why we should handle the issue of security is our dependency on computerised data, that is, the data transferred to digital environment. The vulnerable point about our computer-related tasks is that while computers are facilitating many of our burdens, we develop a dependency to computers at the same time. For example, keeping the medical information kept on an electronic environment reliable and faultless is a must to continue the vitally important medical services.

* The advancement of technology extends the use of technology. Accordingly, the number of computers increases, and the network that the computers are connected to becomes wider. This means that the area of potential hazards extends as well. Emphasising the fact that security is a significant issue requires one to terminate the potential risks and hazards before they realise themselves.

* The technology of computers changes so rapidly that it is more difficult to give support to any issue of concern. New technologies are, by nature, more complicated than the older ones. This means that the solutions are too far away when encountered with a problem.

* Another factor, why we should consider the security paradigm as a fundamental issue, is that the computer users tend to trust and rely on networks and computerised environments more than before. Although, this seems to be the desired outcome on the whole, it tends to distance the user from finding alternative solutions and renders all the tasks technology dependent.

* As the use of the Internet has extended widely, the means of communication have developed and it is now more easy to gain access to tools for attack. In consequence, the profile of the attacker has changed. People do not need high level of information any more to obtain results.

* The system administrators are generally overloaded with work when they are needed in times of emergency or during the times of attack and the computerised units do not have sufficient resources to answer an attack. Therefore, security issue should be regarded as a protective measure that must be handled with more care, attention and emphasis.

Types of Attacks and Attackers

Types of Attackers

Attackers are disobedient and misbehaving children of the security concept. There are various types of attackers. The differences between these attacker types or the main characteristics that define them are not yet so clear or evident; however, they differ from each other with the types of damage they cause or the methods they use when attacking or their aims to attack. Briefly, they are intruders (the general name of the attackers), hackers (enters into the system by using his/her knowledge, disregards the rules), crackers (enters into the system by using the applications that can be found anywhere easily, disregards the rules); they may be called as joyrider, vandal, score keeper or spy according to their aims.

Types of Attacks

Attackers have got various methods of attacks. For example; buffer overflow, the attacker takes advantage of the errors made during the development of the implementation that is attacked and this causes the implementation to produce unexpected results; configuration errors, the aim of the attacker is to attain incorrect configuration of the services, which causes the people (computers) to access destinations they do not wish to access; administration errors, attacks that occur due to the errors that the system administrators make; password cracking, by implementing various specific methods, attackers reveal the passwords of the system users and intrude into systems by taking the place of the user.

In this article, only a few of the possible types of attacks are told briefly. It should never be forgotten that there are various other ways to attack.

Results of an Attack

Let's examine the results of an attack assuming that the attackers have been successful in attaining their goals; first of all, the continuity of the service that is being attacked will generally be hindered. This means that the institution will lose important values such as time, money and image. Besides all the facts, spying on or the stealing of information belonging to the institution may produce unwanted results.

Precautions

We can never find absolute solutions to our concerns about security, however we can get rid of many problems, especially those problems that are widely known and cause much nuisance, without wasting much time. To achieve this;

  • We should never let any application to run on our servers without our knowledge and we should never offer services on our servers that are unnecessary.
  • We can evade many problems by using the latest versions of the applications that are necessary for the services we offer.
  • The user passwords with priority that we use on our systems and the passwords of our users should not be selected from words that are easily guessed, should not be referring to information such as names, surnames, dates of birth etc., should be complicated enough, but they should be easy to remember as well.
  • The system administrators should have considerable knowledge about the systems they administer, they should follow up the latest developments and they should implement any kind of changes that are necessary as soon as possible. This will prevent possible delays and enable them to offer services without failures.

Have you enjoyed reading this article?

 
     
  - TOP -  
2001 METU CC
Design: CC - INFO