Monday, November 4, 2013

Information Systems Security Primer – Part III

Here is the third part of Fortune 100 Corporation Security Director Ken Lobenstein’s primer on computer security.

Okay, so in the previous article we mentioned a network. What the heck is that? Well, in its simplest form, it’s two computers with a cable that connects them so they can move information back and forth between them without anyone walking around with a piece of plastic. A lawyer and his secretary; a judge and her law clerk. Now both computers are at risk of picking up whatever the other computer comes across; good or bad. So far, though a pretty simple network to protect. Anti-virus software is probably still all you need. Maybe a third cable to connect a printer to one of them so both people can share one printer. But still not much additional risk.

But wait! You know about legal research software. A sales rep cornered you at a bar meeting and convinced you that life could not go on without a subscription. So now you want to connect your network to their system so you don’t have to go to the law library anymore; the law library comes to your computer. Good for efficiency and, if you learn to use it, good for effectiveness. This used to mean you called the phone company and ordered a second telephone line and went to Radio Shack and bought a modem and when you wanted to do research, you placed a phone call through your modem to their service. You were “on line”! And it was pretty safe and secure. As long as you or your modem dialed the phone number correctly, you always got the research service, not some hacker somewhere you’ve never heard of. And it was pretty easy to set your modem so that it never, ever answered when a hacker ran a program that dialed phone numbers at random looking for a modem that would answer. Of course, gas was a buck a gallon and a new Toyota was $2,500. Then life got complicated and speed became important and we all connected to the Internet! If you’re old enough to remember phone systems from the 60’s (a decade, not your age!), you just went from a private phone line back to a party line. Still good for efficiency and effectiveness but bad for security. Because everything is happening much faster, you can’t just run your anti-virus software once a week or even once a day; it should be running all the time.

Parts 1 & 2 of this series are located at:

No comments:

Post a Comment