Security

The Internet.  Viruses.  Threats.  Hacking.  Stealing.  All these words can make managers in organisations in any sector cringe and worry.  In years gone by, you only had to worry when someone produced a floppy disk and posted it into the slot in the front of your PC, but now, in this era of interconnected networks of computers, threats to your computer can come from anywhere.  But do not despair, for solutions do exist. 

The internet is large, unruly and full of nasties.

The internet is large, unruly and full of nasties.  However, they are easily kept at bay through the use of

  • anti-virus software to scan every email and file as it is opened for malicious code
  • software updates (especially for Windows) to patch security holes and
  • a firewall to act like a barrier between you and everyone else.


These measures are an absolute must for any PC connected to the Internet.  Internet viruses will not just give your PC a cold.  Some can allow the remote control of the machine by another, unscrupulous person, and they are often used to send out the curse of the internet: 'spam.'  

However, modern anti-virus and firewall applications are very efficient, and if the above three items are kept used and up-to-date there should be no problems. 

NAT


Modern routers (the box into which the broadband line goes) also have another security feature: Network Address Translation (NAT).  When a router gets its internet connection up and running, it is given a unique address called an IP address, (the address looks something like this: 67.22.123.87. ) Equally, when you connect computers to your router, the router will supply IP addresses to each computer, e.g. 192.168.1.32.  In fact, as far as your network is concerned, the router will have an IP address like 192.168.1.1.    It is as if the router has a public face (67.22.123.87) which represents your whole network and a private face (192.168.1.1) which talks to your network.   NAT makes sure that anyone on the internet can only see the address of the router and cannot see the address of any computer on your network connected to the router.

 Online Services


More and more services are being offered over the web, e.g. social networking, email, surveys.  These services are stored away on a server somewhere, far beyond your control and the security measures of your network.  You access them through a web browser, so in theory couldn't anyone do that?  The answer is, yes, they could, and often they try.  This is known as hacking, or more correctly, cracking.  Like cracking a safe, you can crack passwords.  

How to Crack


One standard method of cracking attack is the "brute force method".  This is when you assume that the password is a single lower case letter and you try them all.  Next, you try all two letter permutations and so on, until you have success.  An 8 letter password which only uses small letters offers 110075314176 possible permutations, which a modern desktop should be able to test in just over an hour.  

So how strong is a password, and what makes a good one?  It depends on a) how many characters are in the password, b) how big the letterset is.  

No of letters

letterset

 Estimated time to crack

 8

 Lower (24)

 1 hour

 8

 Upper and lower case (48)

 10 days

 8

 Upper and lower case, numbers and symbols (80)

 Nearly 2 years

 E.g.
    A bad password: thewheel
    A good password: TheWh33!

 

 

A case for Strong Passwords


You might think: "I work in a charity.  We have no money and nothing worth stealing, so why do I need a stupid hard password?  I can never remember them." 

Here's why:  Your username and password uniquely identifiy you as the user of a service, e.g. email.  If anyone else uses your computer for immoral or illegal purposes, it will be you who is identified as the perpetrator. Similarly, should someone access your email, they then have access to your address book, the contents of which can readily be sold to ruthless spammers. 

Hacking Humans


It is often easier to break into a computer system by manipulating the people who use it, or just by being smart.  Common mistakes are as follows:

  • taping the password to the underside of the keyboard

  • or worse, embossing it on the monitor!

  • Using weak passwords like "password", the organisation name, your name, your spouse.

  • Giving your password out to people, especially over the phone.