Username: Save?
Password:
Home Forum Links Search Login Register*
    News: Keep The TechnoWorldInc.com Community Clean: Read Guidelines Here.
Recent Updates
[November 08, 2024, 04:31:03 PM]

[November 08, 2024, 04:31:03 PM]

[November 08, 2024, 04:31:03 PM]

[November 08, 2024, 04:31:03 PM]

[November 08, 2024, 04:31:03 PM]

[October 17, 2024, 05:05:06 PM]

[October 17, 2024, 04:53:18 PM]

[October 17, 2024, 04:53:18 PM]

[October 17, 2024, 04:53:18 PM]

[October 17, 2024, 04:53:18 PM]

[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]
Subscriptions
Get Latest Tech Updates For Free!
Resources
   Travelikers
   Funistan
   PrettyGalz
   Techlap
   FreeThemes
   Videsta
   Glamistan
   BachatMela
   GlamGalz
   Techzug
   Vidsage
   Funzug
   WorldHostInc
   Funfani
   FilmyMama
   Uploaded.Tech
   MegaPixelShop
   Netens
   Funotic
   FreeJobsInc
   FilesPark
Participate in the fastest growing Technical Encyclopedia! This website is 100% Free. Please register or login using the login box above if you have already registered. You will need to be logged in to reply, make new topics and to access all the areas. Registration is free! Click Here To Register.
+ Techno World Inc - The Best Technical Encyclopedia Online! » Forum » THE TECHNO CLUB [ TECHNOWORLDINC.COM ] » Ethical Hacking / Security / Viruses » Viruses
  Information Security for SMEs
Pages: [1]   Go Down
  Print  
Author Topic: Information Security for SMEs  (Read 929 times)
Daniel Franklin
TWI Hero
**********


Karma: 3
Offline Offline

Posts: 16647


View Profile Email
Information Security for SMEs
« Posted: October 02, 2007, 12:29:15 PM »


This article explores computer security, aiming to give businesses an insight into why they must be proactive in protecting their systems. There are many aspects to security on the Internet and a lot has been made recently of the security of e-commerce transactions. Whilst many of the security issues that a website administrator faces are similar to those that your businesses computers are threatened with, this column will concentrate on how and why you should secure your internal IT investment.

The Internet in its current state is similar to a city with no locks on the doors of its houses, where computers can be thought of as houses and the networks making up the Internet, the city streets. Computers as they are sold today are inherently insecure, allowing access to anyone with a bit of curiosity or malicious intent. As businesses come to rely more and more on electronic information (not least e-mail), the potential disruption caused by a data burglary, informational arson attack or digital graffiti has reached a level that businesses should not ignore

The threat Any computer on the Internet exposes a series of ports through which information flows. By default these are all open and unlocked. Whilst many of them may lead to empty rooms or brick walls, an attacker will only need to find one port vulnerable to attack for the whole system to be compromised.

Even if your ports are secure; intruders can get into your computer in a Trojan horse. A piece of software disguised as something useful can contain a malicious sub-program to install a backdoor into your system. Often these programs claim to give something for free or display small games whilst an attacker has a good nose around


One of the most worrying developments has been the proliferation of automated attacks. These can be run from an attacker's computer, scanning hundreds or thousands of computers in a day; or can be the self-replicating Internet worm. These are a hybrid of virus programs and computer security attacks. In worst-case scenarios, they can bring whole segments of the Internet to a standstill.

Attacks on your information can be carried out for as varied reasons as an arsonist burns things, a robber steals things or kids spray-paint walls. An electronic attack could leave you with no data (imagine losing your accounts the day before your filing date), data that has been altered in subtle ways (imagine your accounts with 10% taken off each figure), a website that is 'owned' by a teenager in another country or an office full of computers that no longer do the job for which they were intended.

When we drive a car we are accepting and using a set of standards that have evolved since the turn of the century to ensure safety, convenience and fair access for all users of the road system. Some of these standards are globally accepted (for instance a road is made from tarmac and wheels are made from rubber) whilst others vary from country to country (for example if we drive on the left or the right). The practical upshot of these standards is that a car designed and built for use in one country can be safely used in another (possibly with a little bit of inconvenience).

The aftermath Attacks on your information can be carried out for as varied reasons as an arsonist burns things, a robber steals things or kids spray-paint walls. An electronic attack could leave you with no data (imagine losing your accounts the day before your filing date), data that has been altered in subtle ways (imagine your accounts with 10% taken off each figure), a website that is 'owned' by a teenager in another country or an office full of computers that no longer do the job for which they were intended.

Almost worse than losing all your data (because we know you keep a regular backup), is having your system infected with a worm program. In some cases this can leave your computer unknowingly sending an attack the way of all your contacts. Alternatively, your computer could be under the complete control of a third-party, who is using your processor, memory and hard-disk for their own purposes.

What can I do to stop it? Just as it is not the councils responsibility to stop burglars coming down your street, in the UK there is very little responsibility on ISPs to prevent attacks. If your systems are not locked (with firewall software), alarmed (with an intrusion detection system) and insured (by taking a daily backup) you have no-one to blame but yourself.

There are three pieces of software that every business needs to at least consider. I cannot over-emphasise the need for an up-to-date virus scanning program. Most reputable products will scan for and remove some Internet worms and some Trojan horses; however they will not detect other types of attack. For those attacks a good firewall package is essential. Installing one of these programs is akin to fitting locks to your doors and windows. Finally an intrusion detection system (IDS) is similar to an alarm system, warning you of a potential attack.

In my opinion all businesses should have a solid anti-virus policy as well as a good firewall. Whichever solution you choose at the end of the day, you must fully understand its capabilities or it will be as effective as not having anything at all.

Keep an eye on patches Most electronic attacks exploit a mistake in the program code of the software you use. Responsible software vendors will issue a 'patch' that resolves each issue as soon as it is brought to their attention. You will find that many software companies have e-mail lists that you can subscribe to in order to be notified of new problems and patches.

This patching mechanism makes up the software industry's response to the hacker community. If you are applying your patches diligently, the security of your computer systems depend on how far ahead either side is. It is therefore good practice to have a complete security audit of your systems by an external consultant twice a year or more often if you rely heavily on your data.

It won't happen to me Your business network is constantly being probed by hackers on the Internet looking for ways into your data. Most attacks occur without the user even knowing that a system is compromised. Our systems at FWOSS get probed three or four times a week, so our firewall is invaluable in ensuring they get no further.

What can I do in the case of an attack? Of course your regular backup provides your ultimate safety-net, but as the effects of different electronic attacks are so varied there are no hard and fast rules to recovery.

It is very much a case of prevention being better than cure; therefore you should think about installing an anti-virus program, firewall and intrusion detection system. You should keep a daily backup; check if your systems need patching weekly; and have a security audit bi-annually or more frequently.

Articles Source - Free Articles
About the Author

Thom is the operations director for Fire Without Smoke Software (FWOSS) ltd.

Logged

Pages: [1]   Go Up
  Print  
 
Jump to:  

Copyright © 2006-2023 TechnoWorldInc.com. All Rights Reserved. Privacy Policy | Disclaimer
Page created in 0.118 seconds with 24 queries.