What is computer security?
Computer security is the process of preventing and detecting
unauthorized use of your computer. Prevention measures help
you to stop unauthorized users (also known as "intruders")
from accessing any part of your computer system. Detection
helps you to determine whether or not someone attempted to
break into your system, if they were successful, and what
they may have done.
Why should I care about computer security?
We use computers for everything from banking and investing
to shopping and communicating with others through email or
chat programs. Although you may not consider your communications
"top secret," you probably do not want strangers reading your
email, using your computer to attack other systems, sending
forged email from your computer, or examining personal information
stored on your computer (such as financial statements).
Who would want to break into my computer at home?
Intruders (also referred to as hackers, attackers, or crackers)
may not care about your identity. Often they want to gain
control of your computer so they can use it to launch attacks
on other computer systems.
Having control of your computer gives them the ability to
hide their true location as they launch attacks, often against
high-profile computer systems such as government or financial
systems. Even if you have a computer connected to the Internet
only to play the latest games or to send email to friends
and family, your computer may be a target.
Intruders may be able to watch all your actions on the computer,
or cause damage to your computer by reformatting your hard
drive or changing your data.
How easy is it to break into my computer?
Unfortunately, intruders are always discovering new vulnerabilities
(informally called "holes") to exploit in computer software.
The complexity of software makes it increasingly difficult
to thoroughly test the security of computer systems.
When holes are discovered, computer vendors will usually develop
patches to address the problem(s). However, it is up to you,
the user, to obtain and install the patches, or correctly
configure the software to operate more securely. Most of the
incident reports of computer break-ins received at the CERT/CC
could have been prevented if system administrators and users
kept their computers up-to-date with patches and security
Also, some software applications have default settings that
allow other users to access your computer unless you change
the settings to be more secure. Examples include chat programs
that let outsiders execute commands on your computer or web
browsers that could allow someone to place harmful programs
on your computer that run when you click on them.
Computer security risks to home users
What is at risk?
Information security is concerned with three main areas:
Confidentiality - information should be available
only to those who rightfully have access to it Integrity --
information should be modified only by those who are authorized
to do so Availability -- information should be accessible
to those who need it when they need it These concepts apply
to home Internet users just as much as they would to any corporate
or government network. You probably wouldn't let a stranger
look through your important documents. In the same way, you
may want to keep the tasks you perform on your computer confidential,
whether it's tracking your investments or sending email messages
to family and friends. Also, you should have some assurance
that the information you enter into your computer remains
intact and is available when you need it.
Some security risks arise from the possibility of intentional
misuse of your computer by intruders via the Internet. Others
are risks that you would face even if you weren't connected
to the Internet (e.g. hard disk failures, theft, power outages).
The bad news is that you probably cannot plan for every possible
risk. The good news is that you can take some simple steps
to reduce the chance that you'll be affected by the most common
threats -- and some of those steps help with both the intentional
and accidental risks you're likely to face.
Before we get to what you can do to protect your computer
or home network, let�s take a closer look at some of these
Intentional misuse of your computer
The most common methods used by intruders to gain control
of home computers are briefly described below. More detailed
information is available by reviewing the URLs listed in the
References section below.
Computer Security Tips and Help
- Trojan horse programs
- Back door and remote administration programs
- Denial of service
- Being an intermediary for another attack
- Unprotected Windows shares
- Cross-site scripting
- Email spoofing
- Email-borne viruses
- Hidden file extensions
- Chat clients
- Packet sniffing
1. Keep your passwords strong, and keep them in your head.
2. Don't open it - you don't know where it's been...
3. Get anti-virus software. Use it. Keep it up to date.
4. If you can't trust the source you're downloading from, you can't trust the file.
5. Don't leave a computer you're logged into unattended or unprotected.
6. Data on paper is the same as data on the screen.
7. Your operating system needs to live and breathe. Don't let it get stale.