Dr. Mudawi Mukhtar,
The Ribat National University
Protecting Digital Information
Our Information is at Risk :-
Digital information is becoming a target for different kinds of threats one of these threats is computer viruses and the other threat is the intended attacks by computer criminals for the purpose of (theft, change, destruction, corruption, etc.).
The reason for these attacks might be psychological, political, economical, or for no reason at all like spreading viruses which strike computers randomly.
According to ASIS individual financial data thefts cost companies an average $356,000 per incident.
The most important question to be asked in this dangerous situation is how to protect our information from these threats?
Computer Viruses :-
The term computer virus was first used in 1983. Since that date computer viruses are increasing every day and becoming a real threat to institutions and individuals who use computers.
There are more than 58,000 computer viruses currently in existence, and it is estimated that 10 to 15 new viruses are discovered each day.
< A computer virus infection brings with it many costs, including the staff time required to eradicate it, expensive hardware, software and file damage, system downtime, and the most difficult cost to assess which is tarnished reputation.
The American Society for Industrial Security (ASIS) indicated that the US corporations lost $59 billion in proprietary information and intellectual property during 2001. But the most alarming fact is that only 139 companies out of 1000 company responded to the survey, which means that the actual amount is much higher than the $59 billion reported.
Other countries of the world are also affected by this phenomenon. In South Korea the number of cyber offenses cases in the year 2001 was 33,289 cases. In the first 8 months of this year (2002) the number of cases reached 39,482 according to the cyber-crime center under the countryís National Police Academy. The senior cyber-crime police officers from 37 countries held, this year, a three-day conference in South Korea for global cooperation to fight online offenses.
Security Procedures :-
(1) Protecting From Viruses :-
To protect your computer from computer viruses you should follow these recommendations:
1- Scan your computer and disks on regular basis using a reputable anti virus software.
2- Never start your computer using diskettes unless you are absolutely sure that it is clean.
3- Create backups of all your work and system files.
4- Purchase your software from a reputable source.
5- Use passwords to prevent other people from using your computer.
6- Check any disk or CD before using it.
7- Do not open any unknown e-mail message and delete it immediately.
8- Check all files before downloading them from the internet.
9- Write-protect the diskettes that are being used.
(2) Classifying Information :-
classify all your information according to the appropriate level of confidentiality (open, confidential, secret and top-secret)
(3) Selection of Personnel :-
People who do the job are the most important factor in securing the information. They should be very reliable and security screened according to the information confidentiality level.
(4) Locking the System :-
The system should be locked and only authorized people are allowed to get into it. The simplest way of locking the system is passwords only. More sophisticated systems use smart cards and/or biometrics in combination with passwords. The strongest method is password plus cards plus biometrics (fingerprints, voice, retina pattern, etc.).
Passwords acts like a key to a computer but they rarely stop a determined criminal. A password should be issued to only one person and kept confidential. Once this person finishes his/her work, the password should be deleted from the system. It is very important to make the password as difficult as possible for crackers to make educated guess and to leave them no alternative other than a brute-force search trying every possible combination of letters, numbers, and punctuations. This kind of search may take them for years before knowing the password even if it is conducted on a machine that could try one million combination per second. A password should be hard to guess, easy to remember, and private.
The restrictions for password are as follows :
a) UNIX : You could use all printable characters (case is significant). The maximum length is 63 characters.
b) VMS : You could use all printable characters (case is not significant). The maximum length is 32 characters. c) Windows : You could use all printable characters (case is significant). The maximum length is 14 characters.
Recommendations for creating passwords :
1- Use mixed characters alphanumeric and non-alphanumeric.
2- Use password that is easy to remember, so you donít have to write it down.
3- Use a password that you could be typed without looking to the keyboard.
4- Donít use your login name in any form (reversed, capitalized, etc.).
5- Donít use your first or last name in any form.
6- Donít use your spouseís or childís name.
7- Donít use words that could be obtained from the dictionary.
8- Donít use all digits or all letters.
9- Donít use a password shorter than six characters.
10- The password should be changed regularly.
11- The password should be removed immediately if an employee, who knows it, leaves the organization or given notice of leaving.
12- Passwords used for remote maintenance should always be avoided.
(5) Writing Documentation :-
Information classification system and application systems must be fully documented in a security book.
(6) Using a Logging System :-
Logging system is one of the most important items for computer crime investigators to look for. A proper logging system must be able to answer these questions :
Who (user), when (time-date), where (place), what (event/activity), additional information depending on the activity.
(7) Making Backups :
The damage of important information is a disaster for any organization. This damage might happen deliberately or accidentally. This is why it is very important to set up procedures for making regular copies of your data and system files to some sort of backup mediums which should be stored in a safe place. If the information is very important, we might need to make several copies and store them in different places. The frequency of information change determine how often we make backups for our data.
(8) Using Fire Walls :
A fire wall is a program intended for securing an internal network from an external network such as the internet. The fire wall enforces an access control policy between two networks. The fire wall system should do the following :
a) Prevent unauthorized users from penetrating the network.
b) Prevent unwanted IP service.
c) Log its activities.
d) Be easy to administer.
e) Prove alarm mechanism.
(9) Using Intrusion Detection System (IDS) :
An intruder is a person who attempts to break or misuse the system. Intruders are two types :
Outsiders : who try to attack through a dial-up lines from outside the organization.
Insiders : who are authorized to use the organizationís network but are misusing their privileges.
The IDS is very beneficial even if you have a fire wall because the fire walls usually do not protect against internal attacks and sometimes fail to detect even the external attacks for many reasons such as :
a) Improper configuration for the fire wall.
b) Hackers can get some packets through the fire wall to make it blind.
c) The software might have a bug.
d) The fire wall can only protect against known problems.
(10) Using an Incident Handling System :
It is very important , even if you have a fire wall and IDS, to have an incident registration procedure. The main steps of these procedures include :
Preparation : Setting policies and training staff.
Identification : Identifying incident and responsible person.
Containment : Survey team and backup system to make the system run.
Eradication : Remove the cause of the incident.
Recovery : Restore the system.
Follow up : develop a follow up report.
Important Prevention Guidelines :
a) Do not connect computers which contain your critical information to the internet.
b) Restrict the way to the internet to one single point of connection.
c) Do not store your password or ID number on the hard disk.
d) Check and update the list of user accounts regularly.
e) Install a fire wall and IDS system.
f) Install an anti-virus software and update it regularly.
g) Do not download file or open e-mail which you do not trust.
h) Be aware of shared files.
i) Be aware of cookies, Java, active X applets, etc.
j) Install only the minimum options.
Abreu, Elinor Mills 2002 : US Firms Announce New Security Technology, www.dailynew.yahoo.com, Sat. 23/2/2002
Andamski, A. 1999: Crimes Related to the Computer Network, Threats and Opportunities. A criminological perspective. www.infowar.com/new.
Chandler, N. 1996 : Profile of a Computer hacker. Florida : infowar.
Cury, David A., Selecting Good Passwords, www.alw.nih.gov
David M.Smith,The Cost of Lost Data, Light House, September 1999
IBM global security analysis lab, York Town Heights, New York.
Interpol, IT Security and crime prevention methods, www.interpol.int, 19/2/2002
Jack Kay, Viruses Explained www.crime-research.org/eng/news/2002/10/Mess1102.htm
Jim Wagner, Data theft reaches estimated $59 billion www.crime-research.org/eng/news/2002/10/Mess0502.html
Kim Yean-hee, World cybercrime experts see need for laws ties www.crime-research.org/eng/news/2002/10/Mess2001.html
Lemos, Robert 2002 : Security Confab Call for US Spending, www.news.com, 21/2/2002
Lyman, Jay 2002 : In Search of theWorldís Costliest Computer Virus, www.newsfactor.com, Thur., 21/2/2002
Parker, D.1998 : Fighting computer crime : A new frame-work for protecting information. JohnWiley & Sons Inc., New York
Rogers, Marc 2000 : Security threats University of Manitoba
Latest internet statistics, www.web-police.org
Security Statistics www.computerworld.com/security/topics/security/story/0,10801,62002,00.html
Weisman, Robyn 2002 : US Security Holes : Donít Blame Technology, News Factor Network, 19/2/2002