|
|
|
Introduction
|
[******NOTE******
The information presented in
these pages has become somewhat
outdated and is best viewed
for historical interest
only. However, security and
privacy have continued to be major
issues and many solutions are now
available to users. An excellent
up-to-date discussion of the
concepts of Privacy, Security, and
"Virtual Private Network" services
(VPNs) are offered by IVPN
, and by Anonymster.
See PCMagazine's comparison
of a number of VPN paid services
and their discussion
of free VPN's, and Andrey
Doichev's analysis of current
top free VPN's
. Encrypted storage of
information has become a major
concern as well, particularly with
the proliferation of cloud-based
storage (see discussion by PCMagazine
for an analysis and
comparisons). Finally,
well-informed and articulate
presentations of a number of
timely security topics can be
found in the Information
Security Blog published by
Comparitech.
************]
Consider
that there are over 1 million more computers
in the world today than there were just a few
short years ago.
Now consider that the amount of data
stored in computers, both private and
government owned, is staggering, and probably
well in excess of 10 million gigabytes. The
number of people with access to the Internet
is estimated at well over 35 million and
growing daily; (and) If you consider that the
number of existing computer viruses has been
estimated at well over 7,400, with new viruses
appearing each year... It is no surprise that
the safeguarding of computerized data has
become an integral part of our highly
technological society.
We as a society are now becoming
aware of the dangers faced once we turn on our
computers.
Media has focused on computer
security of big businesses and how they have
been breached, yet individuals do not stop and
think about their own personal computer
safety. Information can be stolen or damaged, access of personal
computers can be gained without permission,
viruses and worms can enter creating problems
for a user, and our computers may be
susceptible to cyber attacks from hackers. Yet
most computer users are new to the technology
or do not realize the dangers at hand.
This is why users need to learn how
to keep their personal computer safe.
. |
|
Access
Security
|
|
The first safety
precaution that a user can take is to secure
access to their computer.
If you want to keep people from using
applications of your personal computer or have
information that you wish to keep secure, then
security measures should be taken.
This is quite simple to do if you are
serious about controlling the access to your
computer.
Install software security packages
that use passwords to ensure only authorized
users have access. In most cases, a password
is your first line of defense against prying
eyes. That means you have to be smart about
choosing one that will be easy to remember,
but hard to guess. Some password guidelines to
follow when choosing a password are:
·
Length of passwords should be eight
characters
·
Avoid words found in the dictionary
and include at least one numeric character
(six character passwords may suffice for non-
dictionary words)
·
Choose passwords not easily guessed
by someone acquainted with the user (for
example, passwords should not be maiden names,
or names of children, spouses, or pets)
·
Do not write passwords down anywhere
·
Change passwords periodically
·
Do not include passwords in any
electronic mail message
Access to this software is
readily available and users are encouraged
to use password control capabilities that
are part of many data base management
packages.
Another precautionary measure to
take is to periodically review overall
access controls to determine weakness of the
system.
An important note is taking special
care when choosing passwords for
applications with access to extraordinary
system capabilities (for example, the
ability to read personal or restricted data
or the ability to modify system software). For
most regular personal computer users this is
suffice.
If a computer contains confidential
or sensitive information more drastic
measures should be taken, such as
encryption.
.
|
|
Encryption
|
|
A good data access
control system should have the power to
deprive information from unauthorized users
even if they manage to break some site or
system access barriers (if there are any).
This demand dictates the use of data encryption. Encryption
is particularly interesting for the personal
computer users because PCs, due to their
hardware and system software design, are
vulnerable to unauthorized access.
Here is some background of what encryption
entails and how it works to some extent.
Modern encryption is achieved
with algorithms that use a "key" to encrypt
and decrypt messages by turning text or
other data into digital gibberish and then
by restoring it to its original form.
The reason encryption is effective
is that the longer the "key," the more
computing required to crack the code. To
decipher an encrypted message by brute
force, one would need to try every possible
key. Computer keys are made of bits of
information, binary units of information
that can have the value of zero or one. So
an eight-bit key has 256 (2 to the eighth
power) possible values. A 56-bit key creates
72 quadrillion possible combinations.
New technology has now made it
possible for 128-bit keys, which is
currently thought of as uncrackable without
a great amount of effort.
As you can see, encryption can
provide personal computer users with the
level of data secrecy that can satisfy even
the most demanding requests. However, the
site or system access control measures must
not be neglected. Ideally, encryption should
be a security layer after the site or system
access controls mentioned earlier.
Encryption is not the only option
for security.
Another popular security
application is that of firewalls.
.
|
|
Firewalls
|
|
A firewall
is a system or group of systems that enforces
an access control policy between two networks.
The actual means by which this is accomplished
varies widely, but in principle, the firewall
can be thought of as a pair of mechanisms: one
that exists to block traffic, and the other,
which exists to permit traffic. Probably the
most important thing to recognize about a
firewall is that it implements an access
control policy. If you don't have a good idea
what kind of access you want to permit or
deny, simply have someone or some product
configure a firewall based on what they or it
think it should do, therefore making policy
for you.
A
good question to ask before obtaining a firewall
might be what a firewall protects against? Some
firewalls permit only Email traffic through
them, thereby protecting the computer against
any attacks other than attacks against the Email
service. Other firewalls provide less strict
protections, and block services that are known
to be problems.
Generally, firewalls are configured to
protect against unauthenticated interactive
logins from the "outside" world. This, more than
anything, helps prevent vandals from logging
into your PC. More elaborate firewalls block
traffic from the outside to the inside, but
permit users on the inside to communicate freely
with the outside.
For most users the extent of
computer security is quite small.
Most users may not even feel the
need to encrypt their files or use firewalls
to prevent outside interference.
If you are looking into encryption
or firewalls, there are organizations to
help you find the right security measures
for you.
As for users that there is no need
for that technology, a more important matter
is the concern of viruses and worms.
Viruses and worms are the concerns
of the majority of personal computer users
and you should be aware of what you can do
in the their prevention.
.
|
|
Viruses
and Worms
|
|
A computer virus is a
piece of software that has been written to
enter your computer system and "infect" your
files. Some viruses are benign and won't harm
your system, while others are destructive and
can damage or destroy your data. A worm is a
small computer program that can replicate
itself, and like a worm, wiggle its way
through a computer network until unleashed
onto the Internet. The two main ways viruses
and worms can enter your system are through
files added to your system from floppy disks
(or other removable media like Zip disks) and
from downloading from the Internet or private
bulletin boards.
You can also get a viruses and worms
through an e-mail attachment, but not from a
plain text email message alone.
For more information on viruses you
can go to these two sites Timberwolf Software
or 4virus. Here are six steps to follow in order to protect
yourself from viruses and worms.
1.
Get anti-virus software and update it
frequently because new viruses appear all the
time.
2.
In general, you should be very wary
about inserting floppy disks from unknown
sources into your disk drive, especially if
the disks have been shared by several other
people.
Sometimes you have no choice. In those
cases, the second thing you should do (after
putting the disk in your drive) is to scan the
disk with anti-virus software.
3.
Download with care. To be safe,
download all files into a special folder on
your hard drive. Then be sure to scan those
files before you open them.
4.
Scan attachments before reading them. While
it is impossible to get a virus simply by
reading an email message, it is very possible
to get one through an attachment.
5.
Save shared files in RTF or ASCII
format.
If you want to share data on a network
server, and you want your computing experience
to remain perfectly virus-free, save all files
in RTF or ASCII format.
6.
Back up everything.
Back up your work files and system
configuration files regularly. Store these
backups in a safe place, separate from your
hard drive.
By following these six
easy steps you should be able to keep your PC
from being infected by a virus or worm.
The important thing to note is that
updating your anti-virus software is the most
important step due to the appearance of new
viruses and worms weekly.
A variety of packages and updates can
be gained through the Internet.
Two great sites to get anti-virus
packages are Norton.com and McAfee.com.
.
|
|
Protection
From Hackers
|
Hacking and cyber attacks have
become an increasing concern in our computer
society today.
Hackers have
the advantage over computer users because they
are ahead of security technology, yet you as a
user can still take some precautions to lower
your susceptibility to hackers. Use anti-virus
software and update it often to keep
destructive programs off your computer. Don't
allow online merchants to store your
credit-card information for future purchases. Users
should also use a hard-to-guess password that
contains a mix of numbers and letters, and
change it frequently.
Use different passwords for different
Web sites and applications to keep hackers
guessing. When purchasing
items off the Internet, users must be very
wary and only send credit-card numbers to
secure sites; look for a padlock or key icon
at the bottom of the browser.
Confirm the site you're doing
business with.
A security program that gives you
control over 'cookies' that send information
back to Web sites should be used.
As mentioned before in a previous
section, users could install firewall software
to screen traffic if you use DSL or a cable
modem to connect to the Net.
There is no full-proof method to
prevent your PC from being hacked, but with
security being taken seriously you can reduce
your chances of being violated.
.
|
|
Conclusion
|
Computer technology has been
advancing at a rapid pace and has compromised
security in the process.
Even though security software lags
behind the technology advancement, most
personal computer users do not deal with new
advancement in technology.
For these users, taking the proper
precautions can help protect their PC and the
information it contains.
Most users are unaware of the dangers
they face once the computer is turned on, but
with some basic knowledge and effort from the
user, computers can be secure.
.Back
to Psybersite |
|
This
project was produced for PSY 380, Social
Psychology of Cyberspace, Spring 2000, at
Miami
University. All graphics in these
pages are used with permission or under fair use
guidelines, are in the public domain, or
were created by the authors. Last
revised:
Comments and Questions to R. Sherman.
|
|
