Computer Security

Ruben Kurniawan

Prof Kuperman

CS 426 semester proj

4/22/2004

A Series of Lessons on Computer Security

Computer and internet being pervasive today, security measurement must be heightened to the level where hackers and virus are playing. One way virus or worms can spread is through e-mail attachments. So: do not open attachments until you are absolutely sure what they are and who they are from! "[1] Many privileges in life, such as driving, drinking or owning a firearm, require responsibility. Using a computer and the Internet is no different."

Speaking about virus, despite a survey founding that 99% large businesses use anti-virus software and almost 60% of firms update this protection software automatically to keep current with new threats, half of firms and 68% of large companies were caught out by viruses during 2003. Therefore, on top of installing an anti-virus software, firms had to be sure that the systems were kept updated to block loopholes that worms exploit [2].

[3]Back in the 1980s, the way to avoid computer viruses was to ask, "Whose floppy disk am I loading onto my computer?" Two decades later, we should be asking instead, "Whose desktop, laptop, or PDA is connecting to mine? Should I trust that individual to have installed proper patches and antivirus protection?" In most cases, the answer is no. The preventive measure is to scan a computer before connecting into a system.

[4]A survey on information security came up to say that 79% of people unwittingly gave away information that could be used to steal their identity when questioned. Further study found that, on average, a person uses 20 online sites that require them to use password and therefore most of them use familiar names that be easily remembered such like pet's name, own name, etc. Between ignorance of the need to protect online identity and being fed up with the password system, people are compromising their security by laxing their guards against identity thiefs.

[5]Supercomputing giants such as university and research places has become routine target attack for hackers to exploit. Simply because of the openness that academic institutions provide and their huge bandwidth makes them more attractive than regular computer centers. [6]A particular example was Purdue University System that was infiltrated recently; it has discovered that no damage is found but that encrypted password was exposed. It soon orders its students to immediately change their passwords. The need for increased security has also been enforced by law such as [7]The 2002 Sarbanes-Oxley Act that holds executives liable for computer security by requiring them to pledge that companies' "internal control" are adequate, and auditors are starting to include cyber security in that category.

[8]Another type of threat comes from the exploit that is within the browser itself. Loopholes in browser could be a way for hacker to covertly obtain personal information about you through using a malicious website. To trust a website now businesses have to be absolutely certain, and an instrumental tool is Verisign which is design to manage PKI(public key infrastructure)[9].

Finally, the net itself is has yet to be scrutinized. [10]Discovered vulnerability

...