Personal tools
You are here: Home Criminal Justice Introduction to Security Chapter 21

Chapter 21

Document Actions
  • Send this
  • Print this
  • Content View
  • Bookmarks

Computer Security

Goal: to introduce the students to the subject of computer security. However, this is nothing more than a very short introduction. This is a field in itself.

At this point, you probably know the basics of what computers do. They take input, process it, store it, and provide output. As I am preparing this lecture, the program Front Page is taking my key strokes and showing me immediate output in the form of what I see on the screen as I type. As I type, I will, from time to time, save what I have done and ultimately, the entire lecture will be saved on a server at Weber State University where you will see the outcome when you log on. You won't see all the font changes I make or the special instructions I am seeing on the Front Page display. What you will see will be what is processed. That's pretty simple.

The types of computers are basically:

Supercomputers (some are found in big research labs and universities)

Main frame computers

Workstations

Desktops

Portables (laptops; notebooks; personal data assistants or "PDAs.") Example, Blackberry devices that are wireless computers.

In most cases, in business, computers are networked through local area networks (LANs) or wide area networks (WANs).

Security concerns are basically in two areas: the physical security of the computers themselves. This means that the computers should be secured using all the measures we have talked about in the course. In addition, you want to make sure they are protected from fire. There should be back-up power and places where data can be stored so that a business can be put back into operation after a disaster, especially one that affects the computers. You may have heard of hot sites, warm sites, and cold sites. Hot sites offer pretty much all of the resources that the actual business has at its own location. All you need to do is get the back-up tapes and you're back in business, computer-wise. Warm sites have some of the essentials. Cold sites offer not much more than office space.

In addition to physical security, there must be measures to deal with the common threats listed on pages 407-410 of the text. There must be other security measures:

Firewalls - these are hardware and software features that protect your system from hackers, viruses, etc. They can employ filters to stop unwanted traffic, such as porno, spam, etc. Sometimes these do nothing more than stop some kinds of attachments, such as .exe files. (These are "executables" that can be used to transmit viruses.)

Passwords- this is a simple but often ignored security measure. Avoid using passwords such as your name, dog's name, dictionary words, etc. Use randomly selected numbers, letters, symbols, etc. "we#!!vr" would be a better password than, say, "dachshund." (Hackers use sophisticated programs that try dictionary words, even foreign words.) And don't write the password down. memorize it. Change it frequently. And don't share it with anybody!

Screen savers - these can be set to activate in a certain amount of time, e.g., three minutes. When you leave your terminal, the screen goes to a picture of daisies so no one can read what's on your screen. It requires a password to get back into your system.

Logging -off - this is very important when you are through with your computer.

Patches - Microsoft and other software companies roll our patches when they find they have vulnerabilities that can be exploited by hackers. Sadly, sometimes they are late getting these out but when you get notified that there is a patch to unload (and you are sure it is from a legitimate source), download it. (At work, your IT people usually roll these out.)

Encryption - this feature can and should be used for sending sensitive information. There are many encryption programs, some good, some not worth a damn. There are symmetric and asymmetric systems. (If you want to know more, send me a note.)

Virus scanners - use them! And make sure they are kept up to date. Don't open anything that you are not sure of. Don't load unknown software or data into your computer. (I got a virus once when I was in grad school and loaded a classmate's notes. The virus was on her floppy disk.)

Here's a relatively new concern: "phishing." Here's what happens: you get an e-mail from, say your Internet Service Provider (ISP). It looks legit. It says there is a problem with your account. It asks you to update information on your credit card, and other matters including passwords, Social Security Number, mother's maiden name (often used by card company's to help verify anyone who calls them about a particular account). You fill all the info in and hit send. But, it doesn't go to your ISP. It goes to an identity thief probably in Russia, the U.K., or some other foreign country. Read the info on ID theft on pages 420-422 in your text.

Other procedures & policies:

No use of outside software or information on company computers (unless approved by management)

No personal use of work computers (unless approved by management)

Don't open a file unless you know what it is! This is how viruses can be spread.

Laptops and other portables offer special challenges because they are portable. They can be stolen for themselves (for re-sale) or for the data that is on them (for industrial espionage). They also allow observation of the data that is being input. Ever watch someone working on their laptop in an airport or on a plane? If you are sitting in the right place, you can see what they are typing or working on. And new wireless connections expose you to other threats.

Bottom line: computer security requires additional knowledge beyond what the traditional security practitioner has. But we're all learning. In some businesses, the Information Technology (IT) department handles computer security. In others, it belongs to Security. In some places it is shared. The important point is someone has to do it. And the people who do it need to stay on top of developments. The bad guys are way ahead of us! The produce more malicious code (viruses, Trojan horses, worms - these are all called "malicious code) than the security people can keep up with.

Assignment: go to bed. It's been another long day! Only two more chapters to go. Then we have the Final Exam time and you are through. I hope you're as excited as I am. No assignment!

Copyright 2008, by the Contributing Authors. Cite/attribute Resource. admin. (2006, February 16). Chapter 21. Retrieved November 21, 2009, from WSU Web site: http://ocw.weber.edu/Criminal_Justice/introduction-to-security/Chapter_21_lecture.htm. This work is licensed under a Creative Commons License. Creative Commons License