Prevention
and Control
Prevention Of Computer Crime
Detection Of Computer Crime
Prevention Of Computer Crime
Risk Assessment
Risk analysis involves evaluating how well an organisation plans for the
worst through contingency planning or crisis management. Risk assessments
can be proactive (performed before an incident occurs) or reactive (performed
after an incident). There are three important areas of risk assessment:
1. Threats ñ possible dangers to the system such as a person, equipment
or an event.
2. Vulnerability ñ a point where the system is susceptible to attack.
3. Countermeasure ñ a technique for protecting a system such as password
controls.
Physical Security
Physical security involves measuring the tangible defenses that protect
a facility from natural disasters, environmental problems, accidents and
intentional damage. Crimes such as vandalism, unauthorised access and the
like could be prevented with good physical security practices. There are
three levels of physical security ñ computer room access, physical building
security and perimeter fence.
Some good controls relating to physical access to the computer facility
include:
-
Installation of electronic access systems
-
Good exterior and interior design of the facility and computer room
-
Protection of computer room, terminals, printers and tape libraries
-
Installation of video cameras
-
Installation of alarm systems
-
Use of security guards or services
-
Well defined access procedures.
To evaluate physical security, regular security inspections and random
checks should be carried out.
Personnel Security
The threat that any one individual presents to a computer system depends
on several factors ñ type of access, level of expertise and motivation.
As a first line of defense, detailed background investigations may be performed
such as drug and lie detector tests. Monitoring employee behaviour is the
second line of defense. Behavioural changes or financial situation changes
are important indicators of potential offenders. Telephone calls and email
surveillance may be employed to prevent any unauthorised incidents occurring.
Training and accountability for the system is another factor which may
prevent computer crime, not so much as a result of malice, but human error.
Employees need to be clear about the security policy of their organisation,
and their accountability for their actions regarding the use of the organisationís
computing resources.
Restricting Access
Access control is crucial to enforcing computer security in computing environments.
There are four types of access control:
1. Server control involves controlling access to the source of works
ñ information or data servers ñ via user identification and authentication
procedures.
2. Radio Frequency Shielding can protect computers, cabling and even
whole buildings against the interception of electromagnetic emissions
by attenuating the signals.
3. Encryption transforms original information called plaintext into
scrambled information called ciphertext. The technique or rules selected
for encryption (algorithm) determines how simple or how complex the process
of transformation will be.
4. Firewall is a hardware/software approach that restricts access by
forcing all network communications (those travelling from internal networks)
to pass through the firewall. The hardware and software that makes up the
firewall screens all traffic and makes decisions about whether the traffic
(email, file transfers, remote logins) may pass through. Below is
a diagram of a simple firewall.
Written Standards and
Completeness of Processing
Written standards help to ensure that control is maintained over the quality
of systems development work or packaged software selection processes. They
also assist in training new employees on the present operating environment
and in reinforcing the knowledge of existing employees. Standards should
be designed to prevent any one individual from making a change that could
ultimately be implemented into production status.
An organisation may have adequate controls over entry o f transactions
and correcting errors, but once transactions reach the job stream, the
processing cycle needs to be completed successfully so that data integrity
is maintained. Logs, problem reports, operating procedures and documentation
should all be reviewed and updated regularly.
Some Useful Links
Introduction to Firewalls
What
is Encryption?
Encryption
Information
Detection Of Computer Crime
Auditing
Most computer crimes involve the false entry or the modification of data
in an organisationís database. Auditing can verify the integrity of data
as it is entered, while it is stored in the database and when it is being
retried. Employees should be conditioned to check data as it is being entered
and retrieved. Contractors who specialise in auditing computerised information
may be hired to periodically check all system data and controls. Software
may also be purchased to audit the system in an automated fashion on a
day-by-day basis.
Virus Software
Two basic types of software products are available for companies:
1. Programs that detect the presence of viruses. This may be done by
searching for suspicious code, text strings or for specific file names
to detect known viruses.
2. Programs that detect the file modifications caused by viruses. This
may by summing the mathematical values of each byte in the file and comparing
the check sum to the previous value, checking for changes to the boot sector,
presence of new/hidden files and disk write functions that bypass the operating
system.
Biological Techniques
Many companies employ biometrics to restrict access to systems as well
as controlling and monitoring the access of employees. Biometrics aid the
processes of verification and identification of employees. Below are some
useful biometric measures:
-
Hand geometry ñ measured finger length, skin translucency, hand thickness
and palm shape.
-
Fingerprint patterns ñ this common personal identification technique is
easy to use and lower in cost. Fingerprints are optically scanned and digitised,
and an algorithm analyses the pattern and compares it to prints on file.
-
Retinal Scan ñ every person has different, unalterable retinal patterns.
This technology uses infrared light to scan the retina and digitises the
reflected light readings.
-
Facial Recognition ñ different parts of the face (chin line, hair line,
nose features, mouth features) are categorised into sets of templates that
could be assembled to resemble the employee.
An article on biometrics and its place in network security http://www.zdnet.com/pcmag/features/biometrics/intro.html
Behavioural Techniques
These techniques are similar to biological techniques and are employed
for the same purpose.
-
Voice Verification ñ this technique uses a telephone handset or microphone
with a PIN keypad device. These systems compare the speakerís voice quality
with samples provided when the user initially registered on the system.
Verification occurs when the user is requested to speak certain words taken
at random from the initial registration.
-
Signature Dynamics ñ this technique is based on dynamic electronic sensing
and measurement of motions of the pen as the signature is written. The
signatures are digitised, encrypted and stored for future comparison.
-
Keystroke Dynamics ñ this technique uses typing patterns and rhythms for
identification and is at a relatively low cost. Keystroke dynamics are
transparent to the user and are well suited for controlling access to terminals.
Some Useful Links
A humorous look at the new
viruses available
The
latest computer virus hoaxes
An
article on biometrics and its place in network security
Brief description
of voice verification
Biometric Research web site
with useful links
