Hackers vs. IT Security
A strange war rages between information technology security guards and hackers. IT security guards do everything to keep hackers out, but hackers continue finding ways to cause damage. The war is like a sword fight with one guy spending the fight dodging the other guy's sword without using his own sword to strike back and stop his opponent. This epitome of a defensive strategy fails to stop the attack. There are some IT security guards in the world that pursue the hackers, but the chase can waste money. The guards could spend an incredible amount of time and money chasing the hackers, or they could spend less money on improving systems to keep hackers out.
For the number of hackers to be reduced, they must be pursued. The security guards should implement systems that can identify the hackers enough to prosecute them. The automation of the task will reduce the cost of the pursuit. The FBI should implement a nationwide monitoring system with the ability to trace a hacker the instant the FBI is notified of an attack. As soon as the hacker is traced, the FBI should find the hacker's home address, find out who in the home is the attacker, and arrest the culprit. To increase the effectiveness of prosecuting hackers, more states have more laws against hacking. The number of hackers will diminish as the threat of getting caught increases. Hackers would think twice before trying to get into a system without authorization if they believe they might be caught.
One of the difficulties of catching hackers is realizing they are attacking. They continue to find ways to circumvent the systems put in place to identify attacks. If a hacker is just stealing information, he can easily seem like a normal person. A hacker could break into someone's account and view all the files that person has access to. More security measures should be implemented to recognize such attacks.
Responsibility
Measures must be taken to save money, and preserve privacy and reputations by preventing hackers from penetrating computers. In IT security, the responsibility to secure systems lies with many people: the users, the programmers, the hardware designers, management, and the system administrators.
Users have a responsibility to secure their accounts. The impenetrable walls of a castle are useless if the gate is left open to invaders. They must not share their passwords with anyone, nor should they store them anywhere. Potential hackers are not limited to external people. Someone in the organization could also be a hacker. Internal hackers could easily search through unsecured documents for passwords. External hackers that penetrate the system could find passwords stored on computers and use them to avoid detection. Users must also choose passwords that are difficult to guess, excluding birthdays and names of relatives and pets.
Programmers have a responsibility to do their best to make the software they build secure. Programmers should do their best to secure the systems and programs they build. If a programmer carelessly develops software that can be penetrated, and his carelessness causes security problems for the system the software runs on, the programmer should be held responsible for his negligence.
Hardware designers have the same responsibility as programmers. They contribute to the construction of the impenetrable wall.
Management has the responsibility of assuring that clear security policies are developed and followed. Managers need to make sure that the wall is impenetrable and the gate is closed and locked.
System administrators have the responsibility of aiding management by verifying that the security policies are followed by all. They are also responsible for detecting intruders and updating software and hardware as information about security problems arise.
The responsibility for securing a computer system does not lie with one person alone: it lies with all those who use or manage the system. Everyone must do their best to keep the system secure.
Monday, October 15, 2007
Computer Security
Posted by StephenK at 6:08 PM
Labels: technology
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment