1. Introduction The problem of security of a computer and the data or information it may contain, has received much publicity since it became apparent that a computer can play a major role in processing and storing secret, private or proprietary information. They can, therefore, possess tremendous capability for effective dissemination, and thus sharing, or useful facts.
2. Security It can be considered as to managerial procedures and technological safeguards applied to computer hardware and data to assure against either accidental or deliberate unauthorized access to, and dissemination of any data held in a computer system.
(a) Security Measures:- These can be clearly divided into two environments.
(b) Security of large computer centers/automated data processing centres.
(ii) Security of personal computer in automated office environment.
3. Security of Large Computer Centre.
(a) Risk Factors Factors disturbing the function of a data centre can be either intentional or unintentional. Unintentional disturbances are caused by the forces of nature, computer failures or other similar factors. Intentional disturbances are deliberately caused by employees, visitors or intruders. The disturbances can be divided into the following categories.
(i) Interruption of production, data communications etc.
(ii) Leakage of information to unauthorized persons.
(iii) Damage to information, equipment, constructions or persons.
(iv) Stealing of information or equipment.
(b) The purpose of the security measures is to ensure an undisturbed functions of the data centre by protecting equipment, spaces, information and personnel. To achieve this, the supervision and protection mechanism should :-
(i) Prevent disturbances.
(ii) Detect disturbances at an early stage.
(c) Prevention of Disturbances. The prevention of disturbances and damages is important, even if it has only a limited effect on intentional damage done by “professionals”. Some preventive measures are presented below:
(i) Security checks When new employees are hired, their background and experience should be checked from reliable sources. This should apply to office cleaners, sub-suppliers, service personnel, etc., who often have unlimited access to the computer rooms.
(ii) Job rotation Through proper job rotation it can be ensured that the same person does not handle a risk-prone duty for too long.
(iii) Supervision of use Rights of use of a device/eqpt can be limited or controlled by ensuring that terminals, copying machines, etc. are equipped with locks, programs and files can similarly be protected by passwords.
4.. Topology Security.
(a) Private Circuit Topologies
(i) Its use time division to break the two wire pairs into 30 separate channels. Time division is the allotment of available bandwidth based on time increments. This is extremely useful, as a E1 is capable of carrying both voice and data at the same time.
(ii) There are two common ways to deploy leased lines or E1s. The circuit constitutes the entire length of the connection between the two organizational facilities (such as a branch office and a main office).
(iii) The leased line is used for the connection from each location to its local exchange carrier
(iv) Connectivity between the two exchange carriers is then provided by some other technology, like frame relay.
(v) The first of these two options creates the more secure connection, but at a much higher cost. Using a private circuit for end-to-end connectivity between two geographically separated sites is the best way to insure that your data is not monitored.
(vi) While it is still possible in sniff one of these circuits, an attacker would need to gain physical access to some point along its path.
(vii) The attacker would also need to be able to identify the specific circuit to monitor. Telephone carriers are not known for using attacker-friendly labels like "Bank XYZ's. financial data: monitor here." The second option is simply used to get your signal to the local exchange carrier. From there, your data would travel over a public network, such as frame relay or X.25.
5. Private Circuit (Information Security).
(a) According to a recent forester research, a lot of large companies are monitoring their employees’ outgoing e-mail.
(b) In fact, they are recruiting special staff just for this job. The justification offered to reduce the financial and legal risks associated with outbound e-mail. Someone sitting at mail server can easily read mail without you are knowing about it. Moreover, when you send out e-mail it travels from your mail server and passes through various SMTP servers over the Internet. This means that anybody with access to those servers can read your mail. Your firewall can’t do anything about it because it is only limited to protecting your network’s boundaries. Anything that goes out of it is beyond the firewall’s control.
(c) There are ways and means of protecting information, most well known process is ‘ENCRYPTION’. The information traveling over all comn chs can be encrypted. Encryption alone, however doesn’t resolve the problem.
(d) How do you know that the person or website at the other end is indeed the right one and not an imposter?
(e) Take an online transaction, be it with a bank or an commerce site. How do you know that your transactions are safe? Moreover, how does the bank or e-commerce site knows that you are who claim to be? Both parties must know each others identity in order to transact. Enter Identity management.
(f) All this may found simple, but the implementation of information security solutions is not. For instance, which encryption algorithm should you use when sending out mail and which one for stored data. Is SSL encryption sufficient for your e-commerce site? What should you check with your ISP when setting up VPN connections between various sites.
No comments:
Post a Comment