Internet crime

INTERNET CRIME

2007

Executive Summary

Privacy is an important social issue involved in information society Privacy deals with the collection and use or misuse of data . Data is constantly being collected and stored on each of us . This data is often distributed , sold or used without our knowledge . The health care provider and retail shops have , for instance , forms of data on its clients and customers . The fundamental question is who owns this data and information ' We know for sure that we would not like to share our medical records

with others , definitely not with insurance company or our employers

The employer can use information technology to monitor the employees The time spent by an employee on computer can be recorded along with his activities . The employer can use this data to estimate the number of breaks an employee takes . The employer can easily monitor electronic communication in the form of email . At the same time , an employee can reveal company data to monitor employee 's emails

Privacy of hardware and software of consumers is another important issue . If hardware companies give a unique identification to each major component , the software company can use this number to uniquely identify each electronic documents created . This could be useful in checking the piracy of users is compromised . Ethernet card is the only hardware component that has unique identification , which is used in communication

Introduction

Internet security is an issue which should be dealt on a high priority basis major and small business organizations are involved in e-business Computer knowledge for understanding hardware and cyber security is utmost important for individuals as business transactions involve a high risk potential source . The report here outlines key areas where computer disaster management plan can play an important role and the sectors involved . Software threats are key issues which are dealt with extensive solutions

PROTECTING COMPUTER EQUIPMENT AND S

Internet involving illegal system access and use of computer services are also a concern . The systems left unattended over weekends without proper security have been used for commercial use . Computer magazines regularly report cases where employees have used the facilities for their personal benefit sometimes at the cost of their employers

Hackers make use of their computer knowledge to gain access to others computers . Sometimes , s , passwords , programs , or processing power are stolen . An intruder may alter the data or destroy the data making it unusable and useless . A hacker writes a small password snifter that is hidden from the computer owner . A password snifter can steal passwords and gain access to data and s . There are Antisniff Programs that can detect and block a password snifter

LIMITING LOGICAL ACCESS TO INTERNET SYSTEMS

Personal efforts can reduce the risk of unauthorized access . One must protect ones computing facility in the same manner in which he protects valuables . He must follow safety and security policies of his organization . At corporate level , efforts to safeguard data and s include installation of specialized hardware and software . Data and information are encrypted to prevent unauthorized use . Use of biometric is also becoming popular to authorize employees . The fingerprint identification has been extended to identify authorized users . Iris and retina scans which use to be part of science fiction movies has now become part of sophisticated identification methods . The latest is use of magnetic card that is checked by a magnetic card reader to allow entry

Depending on the nature of the computer crime that an organization anticipates , it may adopt controls . The controls are expensive to implement and the organization must evaluate the cost against the benefit . To summarize , here is a list of control guidelines

a ) Install strong user authentication and encryption capabilities on your firewall

b ) Upgrade the software with the help of patches , which are developed by vendors whenever a security gap is found in the software

c ) Guest logins are always misused . Any book on Microsoft products advises against creating a guest login . Group accounts such as head-sales should also be avoided . Such accounts become public very quickly and no body can be held responsible

d ) Remote-logins also create serious threat to security . This fact is so well accepted that Linux does not permit super-user remote-login . There was a time when system accepted login and then prompted for password While one typed password , a star will substitute each character . A person from a distance could easily learn the login and number of characters in the password . Systems have now changed and login-password is accepted together

e ) It is a good idea to have dedicated servers for applications that communicate with outside world . Encourage people to have separate passwords for lntranet and Internet if possible

f ) In certain cases , the law requires that audit trail must be on . A document once created cannot be changed without leaving an audit trail Most of the ERP packages , for instance , leave audit trail . In case of a crime , the audit trail can be of immense help

DISASTER RECOVERY PLAN

An information system performs key functions for an organization . If for some reason , the system becomes non-functional for some time , the consequences may be unacceptable . Organizations usually have a set of emergency procedures for critical functions . In best scenario , the end user will not be able to discover the failure of regular system . The main reasons for system failures include power failure , data corruption disk failure , network failure etc . One of first stops of disaster planning is to identify threats . Not all the threats listed earlier will be a concern to an organization . After identifying the threats appropriate disaster recovery plans should be implemented

Hardware backup

In case of a natural disaster or due to technology failure , the hardware may become unusable . There are companies and firms that provide disaster recovery services . A company may provide a hot site that has an operational ready to use system . This is an expensive option , as the system is kept up to date , usually in different seismic zone . The next option is to maintain a cold site . A cold site provides the infrastructure but not the processing power and data . In case of a problem , the backup system is made operational

Some companies provide data backup services . One can keep a copy of the data in electronic farm

Software Backup

Software programs are precious assets of an organization that must be protected . A human error may delete a software package or a hardware failure may make it inaccessible . A simple strategy is to make copies of software and keep them safely . In addition , one may like to keep another copy of-site in a safe environment

The least one should do is take regular backup . If the data is too large , incremental backups can be taken or selected data may be backed up at regular intervals

The smart strategy is to be in pro-active mode rather than reactive mode . It may be less expensive to plan ahead to avoid possible down time than suffer losses (Hamel ,G , Collaborate with your Competitors and Win

Conclusion

Internet knowledge for understanding hardware and cyber security is utmost important for individuals as business transactions involve a high risk potential source . If hardware companies give a unique identification to each major component , the software company can use this number to uniquely identify each electronic documents created . This could be useful in checking the piracy of users is compromised . Hackers make use of their computer knowledge to gain access to others computers Sometimes , s , passwords , programs , or processing power are stolen An information system performs key functions for an organization . If for some reason , the system becomes non-functional for some time , the consequences may be unacceptable . Organizations should have a set of emergency procedures for critical functions

References

Galbraith J (2004 , Strategic Computer Security : The Role of Structure and Process , St . Paul , Minnesota

Hitt , Michael A (2001 , Computer Security Management : Competitiveness and globalization , 4th ed , Thomson Learning

Srivastava , R .M (1999 . Computer Security Threats : Formulation Of Latest Technological Issues (Texts and Cases ) 1st ed , Macmillan Limited

Hamel ,G , Collaborate with your Competitors and Win , Harvard Business review ,67 ,1 ,1989 ,133-9

Goodman , Li , 2003 , Computer Project Planning and Management - An Integrated System for Improving Productivity , Van Norstand , New York

Feldman , D .C , 1995 A taxonomy of internet security University Associates :San Diego

PAGE

INTERNET CRIME

Page PAGE 7 ...