Avast is well known for their free antivirus software, but they've also expanded their product line to include Internet security software.
While it's certainly not a bad transition, avast Internet Security 2012 emerged only with average results during our tests. In fact, due to it's lackluster firewall, avast came in towards the end our list this year. Without a solid firewall, we can't consider avast an effective Internet security suite.
TOP FEATURES
Nice User Interface
Lite Resource Usage
Good Real-time Protection
On the plus side, avast has adequate real-time protection as well as decent scanning functions. Email protection and anti-phishing were only average, but they've got a nice user interface with plenty of easy-to-use settings. We just hope to see better performance to go along with those nice options in the future.
For overall Internet security, avast Internet Security 2012 isn't going to cut it this year. With a poor firewall, average real-time protection, and questionable technical support, we're forced to send avast to the back of the line.
20 Ekim 2011 Perşembe
AVG Internet Security 2012
VG has come a long way through their well known free antivirus software. They've since branched out and created a worthy Internet security suite.
While their free antivirus software has served many consumers over the years, it serves only as light protection, since it lacks firewall software, download protection, and several other critical features.
A more heavy-duty Internet security suite was needed sooner or later, and this year AVG comes out with a respectable product: not perfect, but respectable.
The features that didn't stand up to our rigorous tests included: IM protection, anti-phishing, and AVG's inconsistent customer support.
TOP FEATURES
Good real-time protection
Adequate firewall
Nice user interface
On the plus side, AVG's durable antivirus engine proved top-notch. Their real-time protection proved to be as good as their best competition. The firewall for AVG Internet Security 2012 was not as strong as we'd like to see but reasonably secure.
The manual and USB scanning were thorough, although AVG doesn't automatically prompt for an automatic scan of USB drives. Even still, the majority of our malware threats were easily detected and cleaned.
Their customer support is set up via a third party company, which can make serious technical support somewhat confusing.
Despite some issues and being outmatched at some tasks when you compare antivirus software performance head-to-head, AVG Internet Security 2012 proves itself a worthy competitor and a very reasonable choice to secure your PC.
While their free antivirus software has served many consumers over the years, it serves only as light protection, since it lacks firewall software, download protection, and several other critical features.
A more heavy-duty Internet security suite was needed sooner or later, and this year AVG comes out with a respectable product: not perfect, but respectable.
The features that didn't stand up to our rigorous tests included: IM protection, anti-phishing, and AVG's inconsistent customer support.
TOP FEATURES
Good real-time protection
Adequate firewall
Nice user interface
On the plus side, AVG's durable antivirus engine proved top-notch. Their real-time protection proved to be as good as their best competition. The firewall for AVG Internet Security 2012 was not as strong as we'd like to see but reasonably secure.
The manual and USB scanning were thorough, although AVG doesn't automatically prompt for an automatic scan of USB drives. Even still, the majority of our malware threats were easily detected and cleaned.
Their customer support is set up via a third party company, which can make serious technical support somewhat confusing.
Despite some issues and being outmatched at some tasks when you compare antivirus software performance head-to-head, AVG Internet Security 2012 proves itself a worthy competitor and a very reasonable choice to secure your PC.
Kaspersky Internet Security 2012
Kaspersky continues to grow as a household name every year, and for good reason. Over the years, they've completely rebuilt what it means to be an antivirus engine, while increasing the overall user experience.
The top testing labs around the world have given Kaspersky high awards and certifications:
West Coast Labs
Anti-Malware
OPSWAT
Virus Bulletin
AV-Comparatives
AV-Test
Kaspersky Internet Security 2012 is just as strong as ever when it comes to antivirus and firewall protection, but they still aren't as refined as some of their competitors when it comes to overall usability.
For one thing, their user interface is still full of nagging issues that should have been easily fixed, but weren't.
Protection against zero-day threats, and emerging viruses is strong according to tough, independent testing around the world. Their firewall is top-notch, and their cloud-based antivirus protection is on the move.
However, there are several holes in certain key areas that could make or break your final decision about Kaspersky Internet Security: their antiphishing scored lower than even Internet Explorer's in some tests. Their social network protection isn't as holistic as it could be. And their tech support is rife with problems.
We still like Kaspersky for its sheer protection power, but it's sliding back on our list this year due to some missteps that are too much to ignore.
The top testing labs around the world have given Kaspersky high awards and certifications:
West Coast Labs
Anti-Malware
OPSWAT
Virus Bulletin
AV-Comparatives
AV-Test
Kaspersky Internet Security 2012 is just as strong as ever when it comes to antivirus and firewall protection, but they still aren't as refined as some of their competitors when it comes to overall usability.
For one thing, their user interface is still full of nagging issues that should have been easily fixed, but weren't.
Protection against zero-day threats, and emerging viruses is strong according to tough, independent testing around the world. Their firewall is top-notch, and their cloud-based antivirus protection is on the move.
However, there are several holes in certain key areas that could make or break your final decision about Kaspersky Internet Security: their antiphishing scored lower than even Internet Explorer's in some tests. Their social network protection isn't as holistic as it could be. And their tech support is rife with problems.
We still like Kaspersky for its sheer protection power, but it's sliding back on our list this year due to some missteps that are too much to ignore.
BitDefender Internet Security 2012
BitDefender comes through again this year with another excellent antivirus software. BitDefender Internet Security 2012 continues to be that same great antivirus protection but with a new an improved user interface.
How well does BitDefender Internet Security 2012 actually protect your computer? Let's put it this way: all of the top testing labs in the world have given BitDefender high scores for excellent real-time antivirus protection, resource usage, and virus removal. They put BitDefender through the ringer, and it keeps coming up strong.
Our system resource tests showed BitDefender to be light to average when scanning your system. We found no significant system drain.
We like the new, clean user interface. It's much easier to use and find any information you need.
Customer service continues to be a problem with BitDefender, but they provide adequate self-help options that will satisfy most people.
Overall, BitDefender remains one of our top choices yet again this year. Why? It's light, it's easy to use. It's stable. And most importantly, it has one of the best records for protecting your computer against viruses and other malware.
How well does BitDefender Internet Security 2012 actually protect your computer? Let's put it this way: all of the top testing labs in the world have given BitDefender high scores for excellent real-time antivirus protection, resource usage, and virus removal. They put BitDefender through the ringer, and it keeps coming up strong.
Our system resource tests showed BitDefender to be light to average when scanning your system. We found no significant system drain.
We like the new, clean user interface. It's much easier to use and find any information you need.
Customer service continues to be a problem with BitDefender, but they provide adequate self-help options that will satisfy most people.
Overall, BitDefender remains one of our top choices yet again this year. Why? It's light, it's easy to use. It's stable. And most importantly, it has one of the best records for protecting your computer against viruses and other malware.
14 Ekim 2011 Cuma
Shore up your system
In addition to using good anti-virus tools, there are steps you can take to protect yourself and your computer.
To combat viruses, worms and similar threats:
Switch to a non-Microsoft email program. Many mass-mailing worms are written specifically to exploit vulnerabilities in Outlook Express and Microsoft Outlook. You can guard yourself against such threats by using an alternative email client such as Thunderbird or Eudora.
Beware attachments! Never open an email attachment from someone you don't know. Don't open attachments from people you do know, unless you're expecting the attachment. Don't open attachments directly from within your email: save them to your desktop first and open then from there. Before you open any attachment, right-click it and choose the anti-virus scanning option from the pop-up menu (most anti-virus programs add such an option when you install them).
Turn the reading/preview pane off. Most email programs display part of an email in a viewing pane beside the list of received email. Switch this viewing pane off. Sometimes your system can get infected merely by displaying code in this window.
Run a full system anti-virus scan weekly, at a minimum.
To keep adware and spyware off your system:
Pay for software instead of opting for the free, advertising supported version.
Avoid surfing on the fringe. Porn sites, crackz and warez (pirated software), file swapping and other on-the-edge sites are havens for unscrupulous people.
Use a non-Microsoft browser. Internet Explorer has proved itself to be hideously susceptible to attack and infestation. One of the best defences against a variety of threats is to use an alternative browser, such as Firefox. It's free from the Mozilla Foundation, the same organisation which also offers the freeware email client, Thunderbird. Use the two together, or install the Mozilla Suite which combines browser, email, chat and Web editor.
Never, ever click OK on a pop-up window or dialog box when you're browsing without reading it thoroughly. Use the close box to close such windows.
Use safe emailing practices.
To avoid phishing scams:
Never click on links in email you receive from an unknown source or from a known source seeking financial or sensitive information. Instead, type the address directly into your browser. Links in email can be dummied to look as if they're taking you one place when they are, in fact, taking you somewhere else.
If you have any doubt whatsoever about an email apparently from your bank or other financial institution, either go directly to the bank's Web site or get on the phone and speak to someone at the bank directly.
Be sceptical of any email which asks you to update your log-in details or other sensitive information.
Never click any link in spam.
To manage spam:
Never open spam email.
Never buy anything advertised in spam, even it seems like a really good deal. If you wonder why spammers indulge in a process which seems tailor-made to infuriate potential customers, it's because some people actually buy spam goods.
Never divulge more information on Web site forms than is absolutely necessary.
Always read a site's privacy policy before you sign up or purchase goods.
Don't get hijacked:
Use a non-Microsoft browser.
Never click OK on pop-up windows online without reading them thoroughly.
Adjust your browser's settings to prevent ActiveX and JavaScript programs from running.
To keep others from prying:
Set up multiple logons for your family PC and use a password on each log on.
Always use strong passwords. Not sure what constitutes a strong password? Visit Web Passwords Made Easy
To combat viruses, worms and similar threats:
Switch to a non-Microsoft email program. Many mass-mailing worms are written specifically to exploit vulnerabilities in Outlook Express and Microsoft Outlook. You can guard yourself against such threats by using an alternative email client such as Thunderbird or Eudora.
Beware attachments! Never open an email attachment from someone you don't know. Don't open attachments from people you do know, unless you're expecting the attachment. Don't open attachments directly from within your email: save them to your desktop first and open then from there. Before you open any attachment, right-click it and choose the anti-virus scanning option from the pop-up menu (most anti-virus programs add such an option when you install them).
Turn the reading/preview pane off. Most email programs display part of an email in a viewing pane beside the list of received email. Switch this viewing pane off. Sometimes your system can get infected merely by displaying code in this window.
Run a full system anti-virus scan weekly, at a minimum.
To keep adware and spyware off your system:
Pay for software instead of opting for the free, advertising supported version.
Avoid surfing on the fringe. Porn sites, crackz and warez (pirated software), file swapping and other on-the-edge sites are havens for unscrupulous people.
Use a non-Microsoft browser. Internet Explorer has proved itself to be hideously susceptible to attack and infestation. One of the best defences against a variety of threats is to use an alternative browser, such as Firefox. It's free from the Mozilla Foundation, the same organisation which also offers the freeware email client, Thunderbird. Use the two together, or install the Mozilla Suite which combines browser, email, chat and Web editor.
Never, ever click OK on a pop-up window or dialog box when you're browsing without reading it thoroughly. Use the close box to close such windows.
Use safe emailing practices.
To avoid phishing scams:
Never click on links in email you receive from an unknown source or from a known source seeking financial or sensitive information. Instead, type the address directly into your browser. Links in email can be dummied to look as if they're taking you one place when they are, in fact, taking you somewhere else.
If you have any doubt whatsoever about an email apparently from your bank or other financial institution, either go directly to the bank's Web site or get on the phone and speak to someone at the bank directly.
Be sceptical of any email which asks you to update your log-in details or other sensitive information.
Never click any link in spam.
To manage spam:
Never open spam email.
Never buy anything advertised in spam, even it seems like a really good deal. If you wonder why spammers indulge in a process which seems tailor-made to infuriate potential customers, it's because some people actually buy spam goods.
Never divulge more information on Web site forms than is absolutely necessary.
Always read a site's privacy policy before you sign up or purchase goods.
Don't get hijacked:
Use a non-Microsoft browser.
Never click OK on pop-up windows online without reading them thoroughly.
Adjust your browser's settings to prevent ActiveX and JavaScript programs from running.
To keep others from prying:
Set up multiple logons for your family PC and use a password on each log on.
Always use strong passwords. Not sure what constitutes a strong password? Visit Web Passwords Made Easy
Pack your toolkit
That daunting list of threats may leave you feeling demoralised, certainly weary. The good news is you don't have to fight the onslaught on your own. There are some handy software tools you can use to help secure your system. Keep in mind, though, that even with excellent software defences installed you'll need to keep your guard up.
While some good security tools are free, be prepared to spend money on securing your computer. This is one area where it doesn't pay to be penny pinching.
So, what should you pack in your security and privacy toolkit? Here's a good starting list:
Anti-virus software. There are some useful free anti-virus tools, but over the years they have not proved to be the best line of defence. You're better off going with one of the well-known products with a proven track record, such as PC-Cillin, Norton AntiVirus 2005, Eset NOD32, and Kaspersky Anti-Virus. Make sure your anti-virus software protects your email and guards against Web site threats, as well as monitoring your system for infection from other sources.
Use your anti-virus program's update feature at least a couple of times each week. (Click the image to see a full-sized screenshot.)
Anti-spyware and anti-key-logging software. When it comes to anti-spyware tools, adopt the boots-and-braces approach. Because of the rapid proliferation of spyware threats, no software program can keep up with the flow, so it pays to install at least two anti-spyware programs. The good news is, two of the best tools available are free, Spybot Search & Destroy and Ad Aware. Note, though, that the freeware version of Ad Aware is significantly less aggressive than the commercial version. If you're really worried about spyware (and you should be), buy a copy of Ad Aware SE Professional or the equally good Spy Sweeper 3.0.
If you use Internet Explorer, a risky activity in itself, install the free BHODemon as well, to stop unwanted programs installing within IE.
A spam blocker. Top choices are Ella, EmailProtect and Norton AntiSpam. If you use Microsoft Outlook as your email client, upgrade to version 2003 if possible; it has very good built-in junk mail handling. Thunderbird email also has decent junk filters.
A firewall. A firewall monitors incoming and outgoing traffic between your computer and the Internet, and prevents any unauthorised activity. It's your best defence against being turned into a zombie, and can also trap the activity of spyware and key loggers. Windows XP has a built-in firewall which has been vastly improved with Service Pack 2. Still, it doesn't do a complete job of monitoring traffic, so you should install a third-party scanner instead (don't use two software firewalls concurrently). Check out Outpost Firewall Pro and BlackICE PC Protection. If you have a high-speed, always-on connection, you should consider using a hardware firewall in conjunction with your software firewall. Many cable/DSL routers have a hardware firewall built in.
If you share your computer with others or keep sensitive information on an easily accessible desktop or notebook computer, add password protection to your data. Darn! Passwords is an excellent and affordable password manager which will let you protect your passwords, PINs, serial numbers, account numbers and more.
Your entire toolkit should cost no more than $200, and probably much less than that as it's likely you already have at least some of these tools installed. If you're starting from scratch, you can reduce the cost by buying one of the security suites, such as Norton Internet Security or PC-Cillin. Each of these combines anti-virus, firewall, and anti-spam components with additional features such as anti-spyware or parental controls.
While some good security tools are free, be prepared to spend money on securing your computer. This is one area where it doesn't pay to be penny pinching.
So, what should you pack in your security and privacy toolkit? Here's a good starting list:
Anti-virus software. There are some useful free anti-virus tools, but over the years they have not proved to be the best line of defence. You're better off going with one of the well-known products with a proven track record, such as PC-Cillin, Norton AntiVirus 2005, Eset NOD32, and Kaspersky Anti-Virus. Make sure your anti-virus software protects your email and guards against Web site threats, as well as monitoring your system for infection from other sources.
Use your anti-virus program's update feature at least a couple of times each week. (Click the image to see a full-sized screenshot.)
Anti-spyware and anti-key-logging software. When it comes to anti-spyware tools, adopt the boots-and-braces approach. Because of the rapid proliferation of spyware threats, no software program can keep up with the flow, so it pays to install at least two anti-spyware programs. The good news is, two of the best tools available are free, Spybot Search & Destroy and Ad Aware. Note, though, that the freeware version of Ad Aware is significantly less aggressive than the commercial version. If you're really worried about spyware (and you should be), buy a copy of Ad Aware SE Professional or the equally good Spy Sweeper 3.0.
If you use Internet Explorer, a risky activity in itself, install the free BHODemon as well, to stop unwanted programs installing within IE.
A spam blocker. Top choices are Ella, EmailProtect and Norton AntiSpam. If you use Microsoft Outlook as your email client, upgrade to version 2003 if possible; it has very good built-in junk mail handling. Thunderbird email also has decent junk filters.
A firewall. A firewall monitors incoming and outgoing traffic between your computer and the Internet, and prevents any unauthorised activity. It's your best defence against being turned into a zombie, and can also trap the activity of spyware and key loggers. Windows XP has a built-in firewall which has been vastly improved with Service Pack 2. Still, it doesn't do a complete job of monitoring traffic, so you should install a third-party scanner instead (don't use two software firewalls concurrently). Check out Outpost Firewall Pro and BlackICE PC Protection. If you have a high-speed, always-on connection, you should consider using a hardware firewall in conjunction with your software firewall. Many cable/DSL routers have a hardware firewall built in.
If you share your computer with others or keep sensitive information on an easily accessible desktop or notebook computer, add password protection to your data. Darn! Passwords is an excellent and affordable password manager which will let you protect your passwords, PINs, serial numbers, account numbers and more.
Your entire toolkit should cost no more than $200, and probably much less than that as it's likely you already have at least some of these tools installed. If you're starting from scratch, you can reduce the cost by buying one of the security suites, such as Norton Internet Security or PC-Cillin. Each of these combines anti-virus, firewall, and anti-spam components with additional features such as anti-spyware or parental controls.
Family, friends and colleagues
If your computer sits in an office shared with others or if your family computes together, there's a risk someone will get interested in what you're up to. Some of those things – tracking financial information, your secret diary, your Christmas purchases – you may not wish to share.
With the threats from viruses and spyware, it's all too easy to forget that some of the biggest threats to your privacy and security are posed by people who can physically get their hands on your computer.
Zombies and DoS
If you've read this far and are thinking "I'm safe – there's nothing on my computer except a bunch of games," have another think. There are people out there who couldn't care less about the information stored on your computer, but they are certainly interested in your computer itself.
Spammers, hackers and virus writers have a vested interest in keeping their identity secret. To stay hidden, one tactic they use is to find unprotected computers on the Internet and use those computers to launch attacks or send spam. Your humble Internet-connected home PC is thus a valuable pawn in their schemes.
Hackers use a piece of code called an agent or daemon to control remote PCs without the owner's knowledge. They then use one or thousands of controlled PCs, known as zombies, to launch attacks on juicier targets. Zombie PCs are crucial in Denial of Service (DoS) attacks, designed to bring the Internet or a part of it to a standstill.
As well as hackers, spammers may find your computer a useful way station. Some spammers seek out vulnerable PCs and, when they find one, install a complete email server on it. They then use this hidden mail server to deliver tens of thousands of spams.
With the threats from viruses and spyware, it's all too easy to forget that some of the biggest threats to your privacy and security are posed by people who can physically get their hands on your computer.
Zombies and DoS
If you've read this far and are thinking "I'm safe – there's nothing on my computer except a bunch of games," have another think. There are people out there who couldn't care less about the information stored on your computer, but they are certainly interested in your computer itself.
Spammers, hackers and virus writers have a vested interest in keeping their identity secret. To stay hidden, one tactic they use is to find unprotected computers on the Internet and use those computers to launch attacks or send spam. Your humble Internet-connected home PC is thus a valuable pawn in their schemes.
Hackers use a piece of code called an agent or daemon to control remote PCs without the owner's knowledge. They then use one or thousands of controlled PCs, known as zombies, to launch attacks on juicier targets. Zombie PCs are crucial in Denial of Service (DoS) attacks, designed to bring the Internet or a part of it to a standstill.
As well as hackers, spammers may find your computer a useful way station. Some spammers seek out vulnerable PCs and, when they find one, install a complete email server on it. They then use this hidden mail server to deliver tens of thousands of spams.
Viruses and worms
Viruses used to be the biggest bogey on the Internet. These days, they seem to take a back seat to spyware and spam and phishing scams. But don't let that shift lead you to regarding viruses lightly: get infected with a nasty virus and you'll know the definition of computer hell.
A virus is a small program that infects other code and then replicates. Some viruses also delete or corrupt other files, change computer settings and, in the worst cases, render your computer unusable.
Worms are also self replicating, but they do it alone without attaching to another program as viruses do. The most common form of worm is called a mass-mailing worm. Such a worm uses email to replicate itself. When activated, it may scan your entire computer system for email addresses and then email itself to those addresses. The worm may also place one of the addresses it uncovers into the "From:" field of the infected email, making it seem like it came from a completely different source (a technique known as spoofing the address).
Adware, spyware and key loggers
Adware is software which displays advertising while you use it. Many very useful free utilities and applications use the adware model to raise money. Most adware updates the ads displayed through an Internet connection; some tracks your computer usage in order to target the advertising to your interests.
Spyware is software installed without your knowledge or consent which tracks you while you use the computer and the Internet. Spyware may come piggybacking on other "legitimate" software or it may be installed via a Web site, when you unwisely click a pop-up dialog box to clear it from your screen.
Look for the padlock at the bottom of your browser's window before entering sensitive data online, and double-click the padlock to ensure the site's security certificate is in order.
As you might guess, the line between adware and spyware is sometimes measured in nanometres. Things get particularly nasty when spyware not only tracks your usage in order to target advertising, but also to gather personal information about you. In its most pernicious form, spyware may install a key logger on your computer. The key logger lurks hidden on your system and keeps track of every single thing you do, including everything you type. With a key logger active on your system, your security and privacy is completely compromised.
Phishing
Phishers use email and Web sites to try to reel in your private information, including bank account and credit card numbers, PINs and site passwords.
Of course, if you received an email saying "hand over your bank account details", you'd hit the Delete key before you blinked. But what if that email appeared to come from a bank with which you have online access? And what if the email said "There's a problem with your account, if you don't log in and fix the problem we'll suspend account access within 3 days"? And what if, on clicking the link supplied in the email, you found yourself, apparently, at your bank's Web site?
In that case, you might well think the email was on the up and up and complete the log in, in the process handing over your account number and password. Within minutes, the phisher can be working on making you poorer and sullying your credit record.
Telltale signs of a phishing scam: poor grammar and a fake Web address. (Click the image to see a full-size screenshot.)
That's how phishers work. They fake – spoof – email addresses, email content and Web sites, right down to using the same graphics, wording and other components you find on the legitimate sites. By using some sneaky coding techniques, they can mask Web addresses, fake the padlock security icon on secure pages, and make it difficult, indeed, to spot the fraud.
Spam
We all know spam is a nuisance, but does it rate as a security threat?
Well, apart from the complete invasion of privacy caused by having pornographic spam splattered all over your inbox (and your children's inboxes), the answer is…yes. Many spam emails contain Web bugs – invisible graphics containing tracking code designed for the same purposes as spyware. In addition, the sheer volume of spam and the frustration of having to deal with it may lead to incautious behaviour. That is particularly the case when spam is used as the delivery method for a virus or spyware or phishing scam. An unthinking click in the wrong email and, bam!, you've granted entry to the scammers.
Browser hijacking
Browser hijacking is the use of programming tools, in the form of scripts, to modify your browser's default settings. This may be as trivial as adding a new link to your favourites or bookmarks, or as unconscionable as changing your home page persistently via a combination of scripting, registry changes and auto-running programs.
What's the point of hijacking? To bring you back, over and over, to a site or a site's sponsor, in the hope of boosting business. The site to which you are hijacked may also house spyware, and the more often you end up on the site trying to close in-your-face pop-ups and escape, the more chance you'll accidentally install that spyware.
A virus is a small program that infects other code and then replicates. Some viruses also delete or corrupt other files, change computer settings and, in the worst cases, render your computer unusable.
Worms are also self replicating, but they do it alone without attaching to another program as viruses do. The most common form of worm is called a mass-mailing worm. Such a worm uses email to replicate itself. When activated, it may scan your entire computer system for email addresses and then email itself to those addresses. The worm may also place one of the addresses it uncovers into the "From:" field of the infected email, making it seem like it came from a completely different source (a technique known as spoofing the address).
Adware, spyware and key loggers
Adware is software which displays advertising while you use it. Many very useful free utilities and applications use the adware model to raise money. Most adware updates the ads displayed through an Internet connection; some tracks your computer usage in order to target the advertising to your interests.
Spyware is software installed without your knowledge or consent which tracks you while you use the computer and the Internet. Spyware may come piggybacking on other "legitimate" software or it may be installed via a Web site, when you unwisely click a pop-up dialog box to clear it from your screen.
Look for the padlock at the bottom of your browser's window before entering sensitive data online, and double-click the padlock to ensure the site's security certificate is in order.
As you might guess, the line between adware and spyware is sometimes measured in nanometres. Things get particularly nasty when spyware not only tracks your usage in order to target advertising, but also to gather personal information about you. In its most pernicious form, spyware may install a key logger on your computer. The key logger lurks hidden on your system and keeps track of every single thing you do, including everything you type. With a key logger active on your system, your security and privacy is completely compromised.
Phishing
Phishers use email and Web sites to try to reel in your private information, including bank account and credit card numbers, PINs and site passwords.
Of course, if you received an email saying "hand over your bank account details", you'd hit the Delete key before you blinked. But what if that email appeared to come from a bank with which you have online access? And what if the email said "There's a problem with your account, if you don't log in and fix the problem we'll suspend account access within 3 days"? And what if, on clicking the link supplied in the email, you found yourself, apparently, at your bank's Web site?
In that case, you might well think the email was on the up and up and complete the log in, in the process handing over your account number and password. Within minutes, the phisher can be working on making you poorer and sullying your credit record.
Telltale signs of a phishing scam: poor grammar and a fake Web address. (Click the image to see a full-size screenshot.)
That's how phishers work. They fake – spoof – email addresses, email content and Web sites, right down to using the same graphics, wording and other components you find on the legitimate sites. By using some sneaky coding techniques, they can mask Web addresses, fake the padlock security icon on secure pages, and make it difficult, indeed, to spot the fraud.
Spam
We all know spam is a nuisance, but does it rate as a security threat?
Well, apart from the complete invasion of privacy caused by having pornographic spam splattered all over your inbox (and your children's inboxes), the answer is…yes. Many spam emails contain Web bugs – invisible graphics containing tracking code designed for the same purposes as spyware. In addition, the sheer volume of spam and the frustration of having to deal with it may lead to incautious behaviour. That is particularly the case when spam is used as the delivery method for a virus or spyware or phishing scam. An unthinking click in the wrong email and, bam!, you've granted entry to the scammers.
Browser hijacking
Browser hijacking is the use of programming tools, in the form of scripts, to modify your browser's default settings. This may be as trivial as adding a new link to your favourites or bookmarks, or as unconscionable as changing your home page persistently via a combination of scripting, registry changes and auto-running programs.
What's the point of hijacking? To bring you back, over and over, to a site or a site's sponsor, in the hope of boosting business. The site to which you are hijacked may also house spyware, and the more often you end up on the site trying to close in-your-face pop-ups and escape, the more chance you'll accidentally install that spyware.
A beginner's guide to Internet security
Do you ever get the feeling your computing life has degenerated into a constant battle against viruses and spam, spyware and hackers…and you're on the losing side?
You're not alone.
While the past twenty years have seen computers evolve in extraordinary fashion, the safety of the average computer user has been on a downwards spiral for at least the past decade.
Blame it on the popularity and affordability of the humble PC, which has put power into the hands of the many; blame it on the Internet, which connects everyone with everyone else; blame it on the alignment of the planets. No matter who or what you blame, there's no getting around it: computing now is a riskier proposition than it was in the good old days of the '80s and early '90s.
In those ancient times, sighting a real live virus was cause for commotion, and spyware was unheard of. All you needed to do to compute safely was to use anti-virus software and make backups. These days, if your only security tool is an anti-virus program, you're leaving yourself wide open to the vast majority of security risks and privacy threats.
So, should you throw up your hands in defeat and take the PC to the tip? Not on your life. All you need to defeat the forces of evil at their own game is a bit of savvy, a small collection of tools and some commonsense. This article will provide you with the first two and we'll even throw in some guidelines for applying your own good sense.
You're not alone.
While the past twenty years have seen computers evolve in extraordinary fashion, the safety of the average computer user has been on a downwards spiral for at least the past decade.
Blame it on the popularity and affordability of the humble PC, which has put power into the hands of the many; blame it on the Internet, which connects everyone with everyone else; blame it on the alignment of the planets. No matter who or what you blame, there's no getting around it: computing now is a riskier proposition than it was in the good old days of the '80s and early '90s.
In those ancient times, sighting a real live virus was cause for commotion, and spyware was unheard of. All you needed to do to compute safely was to use anti-virus software and make backups. These days, if your only security tool is an anti-virus program, you're leaving yourself wide open to the vast majority of security risks and privacy threats.
So, should you throw up your hands in defeat and take the PC to the tip? Not on your life. All you need to defeat the forces of evil at their own game is a bit of savvy, a small collection of tools and some commonsense. This article will provide you with the first two and we'll even throw in some guidelines for applying your own good sense.
6 Ekim 2011 Perşembe
Anti-virus Packages
Virus protection software is packaged with most
computers and can counter most virus threats if the
software is regularly updated and correctly maintained.
The anti-virus industry relies on a vast network of users to
provide early warnings of new viruses, so that antidotes
can be developed and distributed quickly. With thousands
of new viruses being generated every month, it is essential
that the virus database is kept up to date. The virus
database is the record held by the anti-virus package that
helps it to identify known viruses when they attempt to
strike. Reputable anti-virus software vendors will publish
the latest antidotes on their Web sites, and the software
can prompt users to periodically collect new data.
Network security policy should stipulate that all
computers on the network are kept up to date and, ideally,
are all protected by the same anti-virus package—if only
to keep maintenance and update costs to a minimum. It is
also essential to update the software itself on a regular
basis. Virus authors often make getting past the anti-virus
packages their first priority.
Security Policies
When setting up a network, whether it is a local area
network (LAN), virtual LAN (VLAN), or wide area
network (WAN), it is important to initially set the
fundamental security policies. Security policies are rules
that are electronically programmed and stored within
security equipment to control such areas as access
privileges. Of course, security policies are also written or
verbal regulations by which an organization operates. In
addition, companies must decide who is responsible for
enforcing and managing these policies and determine how
employees are informed of the rules and watch guards.
Security Policy, Device, and Multidevice Management
functions as a central security control room where security
personnel monitor building or campus security, initiate
patrols, and activate alarms.
What are the policies?
The policies that are implemented should control who
has access to which areas of the network and how
unauthorized users are going to be prevented from entering
restricted areas. For example, generally only members of
the human resources department should have access to
employee salary histories. Passwords usually prevent
employees from entering restricted areas, but only if the
passwords remain private. Written policies as basic as to
warn employees against posting their passwords in work
areas can often preempt security breaches. Customers or
suppliers with access to certain parts of the network, must
be adequately regulated by the policies as well.
Who will enforce and manage the policies?
The individual or group of people who police and
maintain the network and its security must have access to
every area of the network. Therefore, the security policy
management function should be assigned to people who
are extremely trustworthy and have the technical
competence required. As noted earlier, the majority of
network security breaches come from within, so this
person or group must not be a potential threat. Once
assigned, network managers may take advantage of
sophisticated software tools that can help define,
distribute, enforce, and audit security policies through
browser-based interfaces.
computers and can counter most virus threats if the
software is regularly updated and correctly maintained.
The anti-virus industry relies on a vast network of users to
provide early warnings of new viruses, so that antidotes
can be developed and distributed quickly. With thousands
of new viruses being generated every month, it is essential
that the virus database is kept up to date. The virus
database is the record held by the anti-virus package that
helps it to identify known viruses when they attempt to
strike. Reputable anti-virus software vendors will publish
the latest antidotes on their Web sites, and the software
can prompt users to periodically collect new data.
Network security policy should stipulate that all
computers on the network are kept up to date and, ideally,
are all protected by the same anti-virus package—if only
to keep maintenance and update costs to a minimum. It is
also essential to update the software itself on a regular
basis. Virus authors often make getting past the anti-virus
packages their first priority.
Security Policies
When setting up a network, whether it is a local area
network (LAN), virtual LAN (VLAN), or wide area
network (WAN), it is important to initially set the
fundamental security policies. Security policies are rules
that are electronically programmed and stored within
security equipment to control such areas as access
privileges. Of course, security policies are also written or
verbal regulations by which an organization operates. In
addition, companies must decide who is responsible for
enforcing and managing these policies and determine how
employees are informed of the rules and watch guards.
Security Policy, Device, and Multidevice Management
functions as a central security control room where security
personnel monitor building or campus security, initiate
patrols, and activate alarms.
What are the policies?
The policies that are implemented should control who
has access to which areas of the network and how
unauthorized users are going to be prevented from entering
restricted areas. For example, generally only members of
the human resources department should have access to
employee salary histories. Passwords usually prevent
employees from entering restricted areas, but only if the
passwords remain private. Written policies as basic as to
warn employees against posting their passwords in work
areas can often preempt security breaches. Customers or
suppliers with access to certain parts of the network, must
be adequately regulated by the policies as well.
Who will enforce and manage the policies?
The individual or group of people who police and
maintain the network and its security must have access to
every area of the network. Therefore, the security policy
management function should be assigned to people who
are extremely trustworthy and have the technical
competence required. As noted earlier, the majority of
network security breaches come from within, so this
person or group must not be a potential threat. Once
assigned, network managers may take advantage of
sophisticated software tools that can help define,
distribute, enforce, and audit security policies through
browser-based interfaces.
Security Tools
Security Tools
After the potential sources of threats and the types of
damage that can occur have been identified, putting the
proper security policies and safeguards in place becomes
much easier. Organizations have an extensive choice of
technologies, ranging from anti-virus software packages
to dedicated network security hardware, such as firewalls
and intrusion detection systems, to provide protection for
all areas of the network.
Top Ten Security Tips
1. Encourage or require employees to choose
passwords that are not obvious.
2. Require employees to change passwords every
90 days.
3. Make sure your virus protection subscription
is current.
4. Educate employees about the security risks of
e-mail attachments.
5. Implement a complete and comprehensive
network security solution.
6. Assess your security posture regularly.
7. When an employee leaves a company, remove
that employee’s network access immediately.
8. If you allow people to work from home, provide
a secure, centrally managed server for remote
traffic.
9. Update your Web server software regularly.
10. Do not run any unnecessary network services.
After the potential sources of threats and the types of
damage that can occur have been identified, putting the
proper security policies and safeguards in place becomes
much easier. Organizations have an extensive choice of
technologies, ranging from anti-virus software packages
to dedicated network security hardware, such as firewalls
and intrusion detection systems, to provide protection for
all areas of the network.
Top Ten Security Tips
1. Encourage or require employees to choose
passwords that are not obvious.
2. Require employees to change passwords every
90 days.
3. Make sure your virus protection subscription
is current.
4. Educate employees about the security risks of
e-mail attachments.
5. Implement a complete and comprehensive
network security solution.
6. Assess your security posture regularly.
7. When an employee leaves a company, remove
that employee’s network access immediately.
8. If you allow people to work from home, provide
a secure, centrally managed server for remote
traffic.
9. Update your Web server software regularly.
10. Do not run any unnecessary network services.
What can these enemies do?
Viruses
Viruses are the most widely known security threats,
because they often garner extensive press coverage.
Viruses are computer programs that are written by
devious programmers and are designed to replicate
themselves and infect computers when triggered by a
specific event. For example, viruses called macro viruses
attach themselves to files that contain macro instructions
(routines that can be repeated automatically, such as mail
merges) and are then activated every time the macro runs.
The effects of some viruses are relatively benign and cause
annoying interruptions such as displaying a comical
message when striking a certain letter on the keyboard.
Other viruses are more destructive and cause such
problems as deleting files from a hard drive or slowing
down a system.
A network can be infected by a virus only if the virus
enters the network through an outside source—most
often through an infected floppy disk or a file downloaded
from the Internet. When one computer on the network
becomes infected, the other computers on the network are
highly susceptible to contracting the virus.
“85 percent of respondents detected computer security
breaches within the last 12 months, up 42% from 1996.”
—Annual Computer Security Institute and FBI Survey, 2001
Trojan Horse Programs
Trojan horse programs, or trojans, are delivery vehicles
for destructive code. Trojans appear to be harmless or
useful software programs, such as computer games, but
they are actually enemies in disguise. Trojans can delete
data, mail copies of themselves to e-mail address lists, and
open up computers to additional attacks. Trojans can be
contracted only by copying the trojan horse program to
a system, via a disk, downloading from the Internet, or
opening an e-mail attachment. Neither trojans nor viruses
can be spread through an e-mail message itself—they are
spread only through e-mail attachments.
Vandals
Web sites have come alive through the development of
such software applications as ActiveX and Java Applets.
These devices enable animation and other special effects
to run, making Web sites more attractive and interactive.
However, the ease with which these applications can be
downloaded and run has provided a new vehicle for
inflicting damage. A vandal is a software application or
applet that causes destruction of varying degrees. A
vandal can destroy just a single file or a major portion
of a computer system.
Attacks
Innumerable types of network attacks have been
documented, and they are commonly classified in three
general categories: reconnaissance attacks, access attacks,
and denial of service (DoS) attacks.
• Reconnaissance attacks are essentially information
gathering activities by which hackers collect data that is
used to later compromise networks. Usually, software
tools, such as sniffers and scanners, are used to map out
network resources and exploit potential weaknesses in
the targeted networks, hosts, and applications. For
example, software exists that is specifically designed to
crack passwords. Such software was created for
network administrators to assist employees who have
forgotten their passwords or to determine the passwords
of employees who have left the company without telling
anyone what their passwords were. Placed in the wrong
hands, however, this software can become a very
dangerous weapon.
• Access attacks are conducted to exploit vulnerabilities in
such network areas as authentication services and File
Transfer Protocol (FTP) functionality in order to gain
entry to e-mail accounts, databases, and other
confidential information.
• DoS attacks prevent access to part or all of a computer
system. They are usually achieved by sending large
amounts of jumbled or otherwise unmanageable data to
a machine that is connected to a corporate network or
the Internet, blocking legitimate traffic from getting
through. Even more malicious is a Distributed Denial of
Service attack (DDoS) in which the attacker
compromises multiple machines or hosts.
Data Interception
Data transmitted via any type of network can be subject
to interception by unauthorized parties. The perpetrators
might eavesdrop on communications or even alter the
data packets being transmitted. Perpetrators can use
various methods to intercept the data. IP spoofing, for
example, entails posing as an authorized party in the data
transmission by using the Internet Protocol (IP) address of
one of the data recipients.
Social Engineering
Social engineering is the increasingly prevalent act of
obtaining confidential network security information
through non-technical means. For example, a social
engineer might pose as a technical support representative
and make calls to employees to gather password
information. Other examples of social engineering include
bribing a coworker to gain access to a server or searching
a colleague’s office to find a password that has been
written in a hidden spot.
Spam
Spam is the commonly used term for unsolicited electronic
mail or the action of broadcasting unsolicited advertising
messages via e-mail. Spam is usually harmless, but it can
be a nuisance, taking up the recipient’s time and storage
space.
Viruses are the most widely known security threats,
because they often garner extensive press coverage.
Viruses are computer programs that are written by
devious programmers and are designed to replicate
themselves and infect computers when triggered by a
specific event. For example, viruses called macro viruses
attach themselves to files that contain macro instructions
(routines that can be repeated automatically, such as mail
merges) and are then activated every time the macro runs.
The effects of some viruses are relatively benign and cause
annoying interruptions such as displaying a comical
message when striking a certain letter on the keyboard.
Other viruses are more destructive and cause such
problems as deleting files from a hard drive or slowing
down a system.
A network can be infected by a virus only if the virus
enters the network through an outside source—most
often through an infected floppy disk or a file downloaded
from the Internet. When one computer on the network
becomes infected, the other computers on the network are
highly susceptible to contracting the virus.
“85 percent of respondents detected computer security
breaches within the last 12 months, up 42% from 1996.”
—Annual Computer Security Institute and FBI Survey, 2001
Trojan Horse Programs
Trojan horse programs, or trojans, are delivery vehicles
for destructive code. Trojans appear to be harmless or
useful software programs, such as computer games, but
they are actually enemies in disguise. Trojans can delete
data, mail copies of themselves to e-mail address lists, and
open up computers to additional attacks. Trojans can be
contracted only by copying the trojan horse program to
a system, via a disk, downloading from the Internet, or
opening an e-mail attachment. Neither trojans nor viruses
can be spread through an e-mail message itself—they are
spread only through e-mail attachments.
Vandals
Web sites have come alive through the development of
such software applications as ActiveX and Java Applets.
These devices enable animation and other special effects
to run, making Web sites more attractive and interactive.
However, the ease with which these applications can be
downloaded and run has provided a new vehicle for
inflicting damage. A vandal is a software application or
applet that causes destruction of varying degrees. A
vandal can destroy just a single file or a major portion
of a computer system.
Attacks
Innumerable types of network attacks have been
documented, and they are commonly classified in three
general categories: reconnaissance attacks, access attacks,
and denial of service (DoS) attacks.
• Reconnaissance attacks are essentially information
gathering activities by which hackers collect data that is
used to later compromise networks. Usually, software
tools, such as sniffers and scanners, are used to map out
network resources and exploit potential weaknesses in
the targeted networks, hosts, and applications. For
example, software exists that is specifically designed to
crack passwords. Such software was created for
network administrators to assist employees who have
forgotten their passwords or to determine the passwords
of employees who have left the company without telling
anyone what their passwords were. Placed in the wrong
hands, however, this software can become a very
dangerous weapon.
• Access attacks are conducted to exploit vulnerabilities in
such network areas as authentication services and File
Transfer Protocol (FTP) functionality in order to gain
entry to e-mail accounts, databases, and other
confidential information.
• DoS attacks prevent access to part or all of a computer
system. They are usually achieved by sending large
amounts of jumbled or otherwise unmanageable data to
a machine that is connected to a corporate network or
the Internet, blocking legitimate traffic from getting
through. Even more malicious is a Distributed Denial of
Service attack (DDoS) in which the attacker
compromises multiple machines or hosts.
Data Interception
Data transmitted via any type of network can be subject
to interception by unauthorized parties. The perpetrators
might eavesdrop on communications or even alter the
data packets being transmitted. Perpetrators can use
various methods to intercept the data. IP spoofing, for
example, entails posing as an authorized party in the data
transmission by using the Internet Protocol (IP) address of
one of the data recipients.
Social Engineering
Social engineering is the increasingly prevalent act of
obtaining confidential network security information
through non-technical means. For example, a social
engineer might pose as a technical support representative
and make calls to employees to gather password
information. Other examples of social engineering include
bribing a coworker to gain access to a server or searching
a colleague’s office to find a password that has been
written in a hidden spot.
Spam
Spam is the commonly used term for unsolicited electronic
mail or the action of broadcasting unsolicited advertising
messages via e-mail. Spam is usually harmless, but it can
be a nuisance, taking up the recipient’s time and storage
space.
Who are the enemies?
Disgruntled Staff
Far more unsettling than the prospect of employee error
causing harm to a network is the potential for an angry or
vengeful staff member to inflict damage. Angry employees,
often those who have been reprimanded, fired, or laid off,
might vindictively infect their corporate networks with
viruses or intentionally delete crucial files. This group is
especially dangerous because it is usually far more aware
of the network, the value of the information within it,
where high-priority information is located, and the
safeguards protecting it.
Snoops
Whether content or disgruntled, some employees might
also be curious or mischievous. Employees known as
“snoops” partake in corporate espionage, gaining
unauthorized access to confidential data in order to
provide competitors with otherwise inaccessible
information. Others are simply satisfying their personal
curiosities by accessing private information, such as
financial data, a romantic e-mail correspondence between
coworkers, or the salary of a colleague. Some of these
activities might be relatively harmless, but others, such as
Far more unsettling than the prospect of employee error
causing harm to a network is the potential for an angry or
vengeful staff member to inflict damage. Angry employees,
often those who have been reprimanded, fired, or laid off,
might vindictively infect their corporate networks with
viruses or intentionally delete crucial files. This group is
especially dangerous because it is usually far more aware
of the network, the value of the information within it,
where high-priority information is located, and the
safeguards protecting it.
Snoops
Whether content or disgruntled, some employees might
also be curious or mischievous. Employees known as
“snoops” partake in corporate espionage, gaining
unauthorized access to confidential data in order to
provide competitors with otherwise inaccessible
information. Others are simply satisfying their personal
curiosities by accessing private information, such as
financial data, a romantic e-mail correspondence between
coworkers, or the salary of a colleague. Some of these
activities might be relatively harmless, but others, such as
Threats to Data
As with any type of crime, the threats to the privacy
and integrity of data come from a very small minority
of vandals. However, while one car thief can steal only
one car at a time, a single hacker working from a basic
computer can generate damage to a large number of
computer networks that wreaks havoc around the world.
Perhaps even more worrisome is the fact that the threats
can come from people we know. In fact, most network
security experts claim that the majority of network
attacks are initiated by employees who work inside the
corporations where breaches have occurred. Employees,
through mischief, malice, or mistake, often manage to
damage their own companies’ networks and destroy data.
Furthermore, with the recent pervasiveness of remote
connectivity technologies, businesses are expanding to
include larger numbers of telecommuters, branch offices,
and business partners. These remote employees and
partners pose the same threats as internal employees,
as well as the risk of security breaches if their remote
networking assets are not properly secured and monitored.
Whether you want to secure a car, a home, a nation, or
a computer network, a general knowledge of who the
potential enemies are and how they work is essential.
Who are the enemies?
Hackers
This generic and often over-romanticized term applies to
computer enthusiasts who take pleasure in gaining access
to other people’s computers or networks. Many hackers
are content with simply breaking in and leaving their
“footprints,” which are joke applications or messages on
computer desktops. Other hackers, often referred to as
“crackers,” are more malicious, crashing entire computer
systems, stealing or damaging confidential data, defacing
Web pages, and ultimately disrupting business. Some
amateur hackers merely locate hacking tools online and
deploy them without much understanding of how they
work or their effects.
Unaware Staff
As employees focus on their specific job duties, they often
overlook standard network security rules. For example,
they might choose passwords that are very simple to
remember so that they can log on to their networks easily.
However, such passwords might be easy to guess or crack
by hackers using simple common sense or a widely
available password cracking software utility. Employees
can unconsciously cause other security breaches including
the accidental contraction and spreading of computer
viruses. One of the most common ways to pick up a virus
is from a floppy disk or by downloading files from the
Internet. Employees who transport data via floppy disks
can unwittingly infect their corporate networks with
viruses they picked up from computers in copy centers or
libraries. They might not even know if viruses are resident
on their PCs. Corporations also face the risk of infection
when employees download files, such as PowerPoint
presentations, from the Internet. Surprisingly, companies
must also be wary of human error. Employees, whether
they are computer novices or computer savvy, can make
such mistakes as erroneously installing virus protection
software or accidentally overlooking warnings regarding
security threats.
and integrity of data come from a very small minority
of vandals. However, while one car thief can steal only
one car at a time, a single hacker working from a basic
computer can generate damage to a large number of
computer networks that wreaks havoc around the world.
Perhaps even more worrisome is the fact that the threats
can come from people we know. In fact, most network
security experts claim that the majority of network
attacks are initiated by employees who work inside the
corporations where breaches have occurred. Employees,
through mischief, malice, or mistake, often manage to
damage their own companies’ networks and destroy data.
Furthermore, with the recent pervasiveness of remote
connectivity technologies, businesses are expanding to
include larger numbers of telecommuters, branch offices,
and business partners. These remote employees and
partners pose the same threats as internal employees,
as well as the risk of security breaches if their remote
networking assets are not properly secured and monitored.
Whether you want to secure a car, a home, a nation, or
a computer network, a general knowledge of who the
potential enemies are and how they work is essential.
Who are the enemies?
Hackers
This generic and often over-romanticized term applies to
computer enthusiasts who take pleasure in gaining access
to other people’s computers or networks. Many hackers
are content with simply breaking in and leaving their
“footprints,” which are joke applications or messages on
computer desktops. Other hackers, often referred to as
“crackers,” are more malicious, crashing entire computer
systems, stealing or damaging confidential data, defacing
Web pages, and ultimately disrupting business. Some
amateur hackers merely locate hacking tools online and
deploy them without much understanding of how they
work or their effects.
Unaware Staff
As employees focus on their specific job duties, they often
overlook standard network security rules. For example,
they might choose passwords that are very simple to
remember so that they can log on to their networks easily.
However, such passwords might be easy to guess or crack
by hackers using simple common sense or a widely
available password cracking software utility. Employees
can unconsciously cause other security breaches including
the accidental contraction and spreading of computer
viruses. One of the most common ways to pick up a virus
is from a floppy disk or by downloading files from the
Internet. Employees who transport data via floppy disks
can unwittingly infect their corporate networks with
viruses they picked up from computers in copy centers or
libraries. They might not even know if viruses are resident
on their PCs. Corporations also face the risk of infection
when employees download files, such as PowerPoint
presentations, from the Internet. Surprisingly, companies
must also be wary of human error. Employees, whether
they are computer novices or computer savvy, can make
such mistakes as erroneously installing virus protection
software or accidentally overlooking warnings regarding
security threats.
Importance of Security
The Internet has undoubtedly become the largest public
data network, enabling and facilitating both personal and
business communications worldwide. The volume of
traffic moving over the Internet, as well as corporate
networks, is expanding exponentially every day. More
and more communication is taking place via e-mail;
mobile workers, telecommuters, and branch offices are
using the Internet to remotely connect to their corporate
networks; and commercial transactions completed over
the Internet, via the World Wide Web, now account for
large portions of corporate revenue.
While the Internet has transformed and greatly improved
the way we do business, this vast network and its associated
technologies have opened the door to an increasing number
of security threats from which corporations must protect
themselves. Although network attacks are presumably more
serious when they are inflicted upon businesses that store
sensitive data, such as personal medical or financial records,
the consequences of attacks on any entity range from mildly
inconvenient to completely debilitating—important data
can be lost, privacy can be violated, and several hours,
or even days, of network downtime can ensue.
Despite the costly risks of potential security breaches, the
Internet can be one of the safest means by which to
conduct business. For example, giving credit card
information to a telemarketer over the phone or a waiter
in a restaurant can be more risky than submitting the
information via a Web site, because electronic commerce
transactions are usually protected by security technology.
Waiters and telemarketers are not always monitored or
trustworthy. Yet the fear of security problems can be just
as harmful to businesses as actual security breaches.
General fear and suspicion of computers still exists and
with that comes a distrust of the Internet. This distrust can
limit the business opportunities for companies, especially
those that are completely Web based. Thus, companies
must enact security policies and instate safeguards that
not only are effective, but are also perceived as effective.
Organizations must be able to adequately communicate
how they plan to protect their customers.
In addition to protecting their customers, corporations
must protect their employees and partners from security
breaches. The Internet, intranets, and extranets enable
fast and effective communication between employees and
partners. However, such communication and efficiency
can of course be impeded by the effects of a network
attack. An attack may directly cause several hours of
downtime for employees, and networks must be taken
down in order for damage to be repaired or data to be
restored. Clearly, loss of precious time and data can
greatly impact employee efficiency and morale.
Legislation is another force that drives the need for
network security. Governments recognize both the
importance of the Internet and the fact that substantial
portions of the world’s economic output are dependent
on it. However, they also recognize that opening up the
world’s economic infrastructure to abuse by criminals
could cause major economic damage. National
governments are therefore developing laws intended
to regulate the vast flow of electronic information.
Furthermore, to accommodate the regulations enacted
by governments, the computer industry has developed a
portfolio of security standards to help to secure data and
to prove that it is secure. Businesses that do not have
demonstrable security policies to protect their data will be
in breach of these standards and penalized accordingly.
An Introduction to the Key Security Issues
With the explosion of the public Internet and e-commerce, private computers, and computer networks, if not
adequately secured, are increasingly vulnerable to damaging attacks. Hackers, viruses, vindictive employees
and even human error all represent clear and present dangers to networks. And all computer users, from the
most casual Internet surfers to large enterprises, could be affected by network security breaches. However,
security breaches can often be easily prevented. How? This guide provides you with a general overview of the
most common network security threats and the steps you and your organization can take to protect
yourselves from threats and ensure that the data traveling across your networks is safe.
adequately secured, are increasingly vulnerable to damaging attacks. Hackers, viruses, vindictive employees
and even human error all represent clear and present dangers to networks. And all computer users, from the
most casual Internet surfers to large enterprises, could be affected by network security breaches. However,
security breaches can often be easily prevented. How? This guide provides you with a general overview of the
most common network security threats and the steps you and your organization can take to protect
yourselves from threats and ensure that the data traveling across your networks is safe.
Kaydol:
Kayıtlar (Atom)