Computer security has been, is, and will continue to be a hot topic for discussion. Newspapers frequently chronicle computer security breaches and estimates of lost revenue. Bookstores carry books that describe how to secure your home and work computers against would-be intruders. Television news features depict high-profile computer security incidents and show interviews with computer system owners and sometimes even those who broke in. We're being barraged by computer security information that includes recommendations about software that we should install and other steps we should take to secure our home and office computer systems.
But when all is said and done, do we really know the problem we're trying to solve? That is, do we really know the goal of computer security?
Simply stated, the goal of computer security is this: keep your computer-based possessions-your computer system (CPU cycles, memory, disk space, and Internet connectivity and speed), the software you've purchased, and the files and folders you've created-yours unless and until you explicitly give them to others. As you'll soon see, most mitigation strategies discussed in those books and self-help articles on the Internet are ultimately aimed at keeping what belongs to you yours.
And this concept isn't new. It's what you've been doing for years with most all of your other possessions. For example, the doors on your house have locks and you use them. So do the windows and so does your car, and you use them too. You don't give the keys to anyone who asks for them without a really good reason, or perhaps never at all. You don't leave your CD player and your CDs out for all to use and perhaps take. You don't store your financial or your personal medical records on your front porch.
Why then are we so willing to give up our computer possessions to anyone who wants to take them?
Back in the days before the Internet became popular and affordable, we could treat our personal computer possessions much like anything else we owned. The computer was in a room in our house and we locked our doors. The intruder who wanted access had to come to the house, break in, and take what they wanted.
We knew how to deal with that situation. We had locks and deadbolts on our doors and security systems to notify the police when someone tried to break in. Yes, there were break-ins and yes, computer assets were stolen. But the incidents were few and the signs of a break in were well understood by law enforcement. Just watch CSI or any other television programs of that genre to see how well-understood they really are.
These days, with widespread and inexpensive access to the Internet, the only thing that's changed is that intruders can literally be anywhere in the world and still gain access to your computer possessions. They don't need to be where your computer is. It's like giving your credit card to the waiter or waitress at a restaurant to pay your bill and discovering that the whole world is waiting in the kitchen, prepared to make a copy of the information on your card.
And unfortunately those computer assets are not protected like your house. That is, they don't always come with locks, and those that do can sometimes be too easily "picked" by an intruder. In fact, in many cases, though the number is getting smaller, your computer assets are shared automatically to anyone who comes knocking, and you have to do something to lock them. One of the challenges of using a computer is and will continue to be finding the locks that keep intruders out and making sure they work correctly and appropriately.
Another challenge, which may be even more significant, is keeping these locks working correctly. Again, we know how to deal with this type of situation. For example, if your house needs to be painted, you'd paint it after first scraping off what's loose and doing any other necessary preparatory steps. But you know that paint job won't last forever. In a few years, you'll need to do it all again. You accept this as part of the responsibility of home ownership.
With your home and office computer system, it's the same thing. You first install a piece of software, a firewall, for example, as described in Task 4 below, and then you tune it to match your Internet usage patterns. Over time, your patterns may change, as may the programs you use to access the Internet. You'll need to tune the firewall program again. Unfortunately too many home computer system owners and users get frustrated by the attention that some software requires. Rather than mastering it, they remove it. They don't accept this as part of their responsibility of home computer ownership.
Let's now return to this goal of home computer security-keeping what belongs to you yours-and look at one set of recommendations to see how they support this goal. The recommendations are taken from the Home Computer Security Guide, which is available from http://www.cert.org/homeusers/HomeComputerSecurity.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment