Security

Computer Security Issues
  What is computer security?
  Why should you care about computer security?
  Who would want to break into your computer?
  How easy is it to break into your computer?
  Risk Factors
  Actions users can take to protect their computer systems
     

 What is computer security?

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done

 Why should you care about computer security?

We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).

 Who would want to break into your computer?

Intruders (also referred to as hackers, attackers or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.

Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.

Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.

 How easy is it to break into your computer?

Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems.

When holes are discovered, computer vendors will usually develop patches to address the problem(s). However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely. Most of the incident reports of computer break-ins received at WorldLink could have been prevented if system administrators and users kept their computers up-to-date with patches and security fixes.

Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.

 Risk Factors

i) Email Spoofing: Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Spoofed email can range from harmless pranks to social engineering ploys. Examples of the latter include:

  • email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply
  • email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

ii) Email-borne Viruses: Viruses and other types of malicious code are often spread as attachments to email messages. Before opening any attachments, be sure you know the source of the attachment. It is not enough that the mail originated from an address you recognize. The Melissa virus (see References) spread precisely because it originated from a familiar address. Also, malicious code might be distributed in amusing or enticing programs.

Never run a program unless you know it to be authored by a person or company that you trust. Also, don't send programs of unknown origin to your friends or coworkers simply because they are amusing -- they might contain a Trojan horse program.

iii) Hidden file Extensions: Windows operating systems contain an option to "Hide file extensions for known file types". The option is enabled by default, but a user may choose to disable this option in order to have file extensions displayed by Windows. Multiple email-borne viruses are known to exploit hidden file extensions. The first major attack that took advantage of a hidden file extension was the VBS/LoveLetter worm which contained an email attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs". Other malicious programs have since incorporated similar naming schemes. Examples include:

  • Downloader (MySis.avi.exe or QuickFlick.mpg.exe)
  • VBS/Timofonica (TIMOFONICA.TXT.vbs)
  • VBS/CoolNote (COOL_NOTEPAD_DEMO.TXT.vbs)
  • VBS/OnTheFly (AnnaKournikova.jpg.vbs)
[ Continued on Next Page ]
 
Support
Technical Support
WorldLink Settings Page
Security
Other Support Issues
Software Download
Contact Tech Support
 
Contacts
Customer Service
Department

E-mail: support@wlink.com.np

or give us a call at 5523050, Ext. 200

Support Hours: 24x7.
--------------------------------------


For Accounting issues,

E-mail:
account@wlink.com.np

or give us a call at
5523050, Ext. 214
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Home » Support » Security » Computer Security Issues
 
Search on site :  
Sitemap
This site is best viewed at 1024x768 resolution
2006 © Copyright WorldLink Technologies P. Ltd. All rights reserved.