System security may be defined as the control of access to system’s resources especially its data and files from common users. This means authorized users will only have access to view and process sensitive data and all unauthorized users are denied access to it. The main aim of system security is to prevent untoward incidents life data theft, copy or deletion. The owners usually specify the type of access to the data for users by segregating users according to the significance of access. Some data is preserved in the read only format while some data can be executed by user groups. This is called Discretionary Access Control. There is another access control called Mandatory Access Control. It restricts access to each data based on the sensitivity of the information and access is provided by the authorization of each user. One way to prevent unauthorized access is to use access controls such as passwords. Another way to reduce unauthorized access may be to avoid placing computers in public areas such as reception area or conference halls. If it is required to keep computers in public area, then it must be well equipped to control access possibly with a physical protection device. Every organization should segregate access to LAN and it must be kept in a controlled environment based on the use of data by employees (Lee, E.S. 1999).
Virus poses one of the crucial security threats to information in recent years. Virus in terms of software is a code that can multiply and propagate itself. When people use Internet services these viruses spread to other computers through e-mail, on opening contaminated file or when files are downloaded. Therefore protection from these virus attacks is almost impossible.
Virus comes under programmed threats. A programmed threat is a computer program that is designed to cause nuisance, to damage the data or to cause alteration so that the originality is lost and they cause the system to cripple. They can also be designed to steal information.
Adware, Trojan horses, spyware, computer virus, spam, worms and logic worms comes under programmed threats. Recent studies reveal that more than 75% of the people using net services receive spam every day. There are two major problems with spams. One is employees take time to read and delete the spam wasting much of their utility time. The second problem associated with spam is the increase in overhead of the system in storing such unwanted data. Another important programmed threat is Spyware. Spyware is a computer program that is programmed to collect the user’s information without the knowledge of the user and conveys them mainly to the advertisers. Common functionalities of the spyware is it monitors the users keypad strokes, scans files, makes unauthorized access to chat programs, reading cookies, changing the default homepage and constantly conveying information to the spyware base. The next is adware, which in certain ways is similar to spyware. It is a program that displays advertisements in pop up windows or banners. Many people offer free trial for their products before registering to purchase it. In addition to just present advertisements, adware also reports user’s personal information to advertisers or anyone who wishes. Now to protect the organizations from these programmed threats, firms must have effective access controls and it must be reviewed again and again to protect from the ever-changing threats. Also regular updates of the software are also necessary. In addition to this certain viruses are capable of infecting a computer through operating system vulnerabilities. To tackle this, effective security policies must be implemented.
Window Server 2003 and Microsoft Windows XP are server operating system which reduces such security issues if installed within a network. Software called Deep Freeze helps to preserve the original configuration of software programs. Whenever a system is restarted, the software eliminates all changes including virus infections and restores the computer to its original state. This eliminates the need for the time consuming trouble shooting process. Organizations can also make use of Zone Alarm Security Suite and Norton Internet Security and McAfee Virus scan which offers firewall protection, anti-virus, anti-spam, anti-spyware controls at the desktop level. To have better protection, organizations can install anti-spam software in the server to prevent productivity loss and wastage of computer resources. Additionally, it is important for every firm to have a backup of all corporate data’s and software so that incase of system failure they can be restored quickly.
System penetration comes next in the top security threats after viruses. System penetration is done is an illegal process to steal, modify or harm data in a system. There are several factors that lead to system penetration. They are System holes: It is the deficiency in the design of the operating system that allows the hackers to hijack, to bypass the security and to manipulate the data. Network Sniffing: It is a hardware and software program that sniffs the network traffic to decipher the password and results in unauthorized access. IP spoofing: It is a technique by which hackers send messages from a deceived IP address to gain unauthorized access. Tunneling: It is a process of hiding an unwanted message in an acceptable message so that it passes through the firewall.
Yet another threat is the theft of Proprietary Information. Information in this era has become a commodity and sensitive information attracts huge buyers. Information’s like trade secrets, information related to credit card and customer data fetch great buyers. Hackers can be inside or outside the organization. Outsiders use Trojan horse to steal information from unprotected systems. Data theft by insiders is becoming more common due to defective access controls. One way to protect information is to encrypt all data. Installing firewall and anti-virus software alone will not help to solve the problem completely. Organizations should take additional steps such as limiting the access to information to authorized employees and conduct background checks on employees (in 2008).
Information security is set to avail greater vistas due to the opening up of closed systems and the warfare of computer related companies. System security is upheld with the invention of sophisticated protection tools and the Internet will become a more secure media with increase in software and decrease in price. However, the most effect system security will continue to be cryptographic methods which will introduce new methods of safety (Libicki).
Reference
Lee, E.S. 1999. Essays about Computer Security Cambridge. Web.
Libicki, M. The Future of Information Security. Web.
Lin, P.P. 2008. System Security Threats and Controls. Web.