Security Tips: Internet Security
Security has always been a big concern for networks, but the growth of the Internet and the World Wide Web has given it much higher visibility. It is no longer sufficient for network engineers to use well known techniques to keep intruders out. Now desktop users must be aware of security issues as well and be proactive about using them, or they may put their entire network at risk. There are several major areas of security that should concern the desktop user in today's environment. They are: password security; data protection; virus protection; intrusion protection and exploit protection.
In the past, little consideration was given to security by desktop users, because the design of networks was such that the average desktop user wasn't exposed to much risk and the operating systems used were not designed with security in mind. The typical desktop user had a computer that ran Windows, OS/2 or the Macintosh operating system and was networked using proprietary protocols that constituted very low levels of risk from external attack. Access to the Internet was reserved for more secure operating systems, which at that time were UNIX and mainframes.
Today, almost every computer on campus is connected to the Internet and exposed to security risks all the time. Any weakness in the operating system (and every OS has them) may result in an open door for attackers to enter the network and steal information, illegally use resources or destroy data. It's difficult to find a computer that doesn't have a web browser, yet web browsers are the vehicle for many exploit and intrusion methods. Even email presents a risk, because attachments can be used to deliver viruses, worms and trojans that threaten the network in a number of different ways.
Although UNIX and mainframe security is more seasoned than the security architecture of newer operating systems like Windows NT, Linux and MAC, even they can be exploited by a knowledgeable attacker. New exploits and weaknesses are being discovered regularly, and even though system patches are released quickly, if the user isn't aware of them or hasn't updated their OS, they are still exposed to the risk. Network engineers can install the patches themselves, if they have access to the desktop, but often users (or tech support) must do this because the engineers do not have access.
Patching the OS only addresses one aspect of the problem. A computer running an OS with all the latest patches installed will still be vulnerable if the browser has not also been patched. Even if both the OS and the browser are up to date, email can still be used to introduce various exploits into a network or create open doors for later entry. Passwords left lying around (written on sticky notes taped to the monitor, scribbled on a pad and left in an unlocked desk drawer, given to an employee or colleague in the mistaken belief that there is no other way to share information) present a productive avenue for attackers to enter a network and exploit its resources.
It is essential for the user to understand the nature of these risks and to understand what their responsibilities are with regard to security. Each and every computer user should consider implementing these security procedures on every computer they have access to, including their personal computers at home.