• Magazine Subscription
  • ENewsletters
  • EHS Education
  • Safety Leadership Conference
  • America's Safest Companies
  • Podcasts
    1. Archive

    Computer Security

    May 1, 2000
    Your computer may be under attack, but inexpensive security measures offer a large measure of protection.

    Last February, in a series of well-planned attacks, hackers disrupted access to major commercial Web sites at Yahoo, eBay, CNN, Amazon.com, Buy.com, E*Trade, ZDNet and Excite At Home. These highly publicized Denial of Service (DoS) attacks heightened public awareness and concern about the security of electronic commerce and individual computers.

    Computer security is a major concern within corporations and government agencies. A recent survey of 273 major corporations and federal agencies by the Computer Security Institute and the San Francisco FBI Computer Intrusion Squad found that 70 percent of respondents reported serious security breaches at a total cost of $266 million in 1999 (www.gocsi.com).

    Of course, major corporations and government agencies are popular targets for those interested in gaining star status in the hacker community. But what about small businesses and home computer users. Are they at risk? Yes, especially if they have a dedicated Internet connection such as a T1 line, cable modem or digital subscriber line. Modem connections are also vulnerable, but the risk generally is lower due to shorter connection times.

    My own experience provides a vivid example of the high level of suspicious activity and outright attacks. Over a 133-day period, my firewall software logged 213 suspicious attempts to access my computer. Twenty-five were considered nonthreatening PC-Anywhere pings on my local cable subnet, probably a local telecommuter accessing an office computer from home. But 157 were attempts to determine if there were open network ports that might provide hackers access to my computer and probes to find malicious Trojan horse programs possibly planted in my computer. The remaining 46 incidents were logged as critical attacks, including 23 DoS attacks. Fortunately, my firewall foiled all attempts to access my system.

    Are You Vulnerable?

    To test your computer's vulnerability to Internet hacker attacks, visit Gibson Research Corp. (grc.com/ default.htm) and click on the Shields Up! link. Gibson Research will identify any weaknesses in your system and provide tips on how to secure your system. Expect to flunk the tests if you haven't installed a firewall.

    What is a firewall? It's a system designed to restrict access to a computer or a local area network (LAN). The firewall monitors network traffic, blocking any suspicious attempts to access the system. Firewall protection does not have to be expensive. One firewall highly rated by Gibson Research is free: Zone Alarm 2.0 from Zone Labs (www.zonelabs.com). Zone Alarm is easy to install and configure and is probably all the protection most users will need or want.

    My firewall of choice is BlackICE Defender by NetworkICE (www.networkice.com). While BlackICE Defender is not freeware, it provides features I find worth the $40 price. I find BlackICE easier to use with my home network as I can establish trusted relationships with all my networked computers, giving them easy access to the Internet through my gateway. BlackICE also logs information about each attack, including tracing the attacker's IP address. This information can be used as evidence in any complaints to the attacker's Internet service provider.

    Other Security Issues

    While my experience illustrates that hackers are a serious concern, computer security is more than defending against cyber attacks and unauthorized access to information. It includes protecting against the loss of important documents and information. There are many other ways your data can be compromised. The most common: viruses, worms and Trojan horses; operating system and software crashes; power failures and surges; and hard disk failures.

    In reality, you are more likely to lose important information for reasons other than a hack attack. Let's examine ways you can protect yourself:

    Viruses, worms and Trojan horses: Viruses, worms and Trojan horses are names for small computer programs designed to enter a computer without the knowledge or permission of the user and perform an undesired, useless or malicious function. They differ primarily by the way they propagate from computer to computer.

    There are thousands of viruses, worms and Trojan horses in circulation, with new ones released daily. Depending upon their programming, their actions can be benign, such as displaying a cute message, or malicious, destroying data. Some viruses can even destroy hardware by overwriting the critical BIOS program contained on the computer's motherboard.

    Trojan horses deserve special note as they may be distributed as e-mail attachments and have been used to steal log-in names and passwords, or plant remote access software in a computer, giving control of the computer to Internet bad boys. While anti-virus software and firewalls help block these attempts, it is good practice to open e-mail attachments only from trusted correspondents.

    Installing anti-virus software on your computer is the best defense against these rotten little critters. The anti-virus software monitors your system, detecting and eliminating viruses before they can cause harm. There are several anti-virus programs available on the market, but my favorite for personal use is InoculateIT Personal Edition, free for the download from Computer Associates (antivirus.cai.com). Whatever anti-virus software you use, be sure to update the virus definitions regularly.

    Additional information on viruses, worms and Trojan horses is available from the major anti-virus software vendors: Computer Associates (www.cai.com/virusinfo/), McAfee (vil.mcafee.com/) and Symantec (www.symantec.com/avcenter ).

    Operating system and software crashes: Computer operating system and software crashes generally result in a loss of all data entered since the document was last saved. Protection here is simple -- save your documents early and often. Many application programs come with automatic save functions that will save open documents at preset time intervals. My autosave timer is set to 5 minutes, meaning I can only lose up to 5 minutes of work in the event of a crash.

    Power failure and surges: Everyone with electric service has experienced a power failure. Lightning strikes a substation, a falling tree takes out a utility pole, a circuit breaker trips -- whatever the cause, a loss of power to your computer can range from a minor inconvenience to a serious loss of data. Lightning strikes are especially troublesome because the enormous energy released may create power line surges that can literally fry your computer's innards.

    To protect against damage from power failures and surges, install an uninterruptible power supply (UPS) with surge protection. The UPS contains a backup battery that is continually charged, providing instant backup power to your computer in the event of a power loss. The battery generally provides five to 20 minutes of power, enough time to save any open documents and safely shut down the computer. The built-in surge protection protects against damaging power surges in electric and telephone lines.

    Hard disk failures: Regardless of all the precautions you take, stuff happens, and stuff happening to your hard disk can have catastrophic consequences. If you have a hard disk failure, be it a mechanical failure or loss of data from a virus, your best line of defense is backup copies of critical files and information.

    There are a number of reasonably priced file backup options available. Zip drives, CD writers, digital tape drives and other removable storage devices are a great way to back up important documents. It's important to keep a backup at a location remote from your computer so that your backup will not be lost in a fire or flood.

    A fast Internet connection makes backing up documents to the Internet a viable option. The nice feature of Internet backup is that data is automatically backed up to a remote location. On the other hand, you pay for the service. Online backup service providers include Backup Online (www.backuponline. com), BBM Online(www.somtel.com/bbm/ ), @Backup (), FilesAnywhere(www.filesanywhere.com/) and Back-It-Up Dot Com(www.back-it-up.com/).

    An excellent way to back up entire hard drives is to create an "image" of the drive using Powerquest Drive Image (www.powerquest.com) or Norton Ghost (www.norton.com), saving the image to a CD, network server or other media for safe storage.

    To be effective, files must be backed up on a regular schedule. Unfortunately, this is a chore that is easy to put off or forget. Using well-designed backup software can make the task easier by automatically scheduling backup operations. Several excellent backup utilities, as well as firewall and other security software, are available to try before you buy at TUCOWS ( www.tucows.com).

    Every endeavor has risk. Fortunately, a few simple measures -- anti-virus software, firewall, UPS and regular file backups -- will minimize computer security risks.

    Contributing Editor Michael Blotzer, MS, CIH, CSP, is an occupational hygiene and safety professional, writer and computer enthusiast.

    About the Author

    EHS Today Staff

    EHS Today's editorial staff includes:

    Dave Blanchard, Editor-in-Chief: During his career Dave has led the editorial management of many of Endeavor Business Media's best-known brands, including IndustryWeekEHS Today, Material Handling & LogisticsLogistics Today, Supply Chain Technology News, and Business Finance. In addition, he serves as senior content director of the annual Safety Leadership Conference. With over 30 years of B2B media experience, Dave literally wrote the book on supply chain management, Supply Chain Management Best Practices (John Wiley & Sons, 2021), which has been translated into several languages and is currently in its third edition. He is a frequent speaker and moderator at major trade shows and conferences, and has won numerous awards for writing and editing. He is a voting member of the jury of the Logistics Hall of Fame, and is a graduate of Northern Illinois University.

    Adrienne Selko, Senior Editor: In addition to her roles with EHS Today and the Safety Leadership Conference, Adrienne is also a senior editor at IndustryWeek and has written about many topics, with her current focus on workforce development strategies. She is also a senior editor at Material Handling & Logistics. Previously she was in corporate communications at a medical manufacturing company as well as a large regional bank. She is the author of Do I Have to Wear Garlic Around My Neck?, which made the Cleveland Plain Dealer's best sellers list.

    Nicole Stempak, Managing Editor:  Nicole Stempak is managing editor of EHS Today and conference content manager of the Safety Leadership Conference.

    Continue Reading

    Sponsored Recommendations

    Navigating ESG Risk in Your Supply Chain

    Sept. 26, 2024
    Discover the role of ESG in supply chains, from reducing carbon footprints to complying with new regulations and enhancing long-term business value.

    Understanding ESG Risks in the Supply Chain

    Sept. 26, 2024
    Understand the critical role of ESG in supply chains, the risks for hiring companies, and the competitive edge suppliers gain by prioritizing sustainability.

    Best Practices for Managing Subcontractor Risk

    Sept. 26, 2024
    Discover how to effectively manage subcontractor risk with unified strategies, enhanced oversight, and clear communication for consistent safety and compliance.

    Building a Culture of Support: Suicide Prevention and Mental Health in the Workplace

    Sept. 26, 2024
    Find best practices for setting up an organizational culture that promotes positive mental health and suicide prevention.

    Voice your opinion!

    To join the conversation, and become an exclusive member of EHS Today, create an account today!