Secure or Slightly Secure?Computer Seminar: Technology can work against computer users, help hackers -By Carl J. Nelson Bitter about a Microsoft blue-screen, or maybe your Macintosh is crashing...perhaps there's a missing Linux command-line...maybe it's a virus, or a hacker with a smile. On Friday at Southwest Minnesota State University, the Department of Mathematics and Computer Science, the Department of Business and Public Affairs, the Center for Rural and Regional Studies, and the Small Business Development Center hosted a computer security symposium. Keynote speakers Cory Miller, IT senior operations manager, and Bob Seward, IT innovations manager--both from the Schwan Food Co.--discussed the factors that are challenging small business computer users and corporations today. "There are a lot of people trying to infiltrate computer systems out there," said Seward. He spoke about a damaging trend in information technology where malicious users are using tools that are readily available on the Internet to compromise computer systems. In the 1980s, he said, passwords kept hackers guessing, but with today's technology, a few programmers can make tools for other less informed hacker would-be's to manipulate and shut down computer systems. "It's not just a local issue, but it's worldwide," he said about hacking, cracking and other forms of computer espionage. Seward introduced a security professional survey compiled by the Computer Security Institute and the Federal Bureau of Investigation. The survey plotted the effects of data lass and system problems in a variety of companies. Viruses accounted for 85 percent of the difficulties, laptop theft ranked at 55 percent and unauthorized access into a computer systems made up 38 percent of information problems. Seward also spoke about legal issues, including a California law and government influences in personal data protection. Miller discussed small businesses in greater detail and some universal precautions for all computer users. Education about computers and related technology is one of the greatest advantages that users and businesses have, said Miller. "A lot of viruses we get are by e-mail,," he said. "One of the things you need to do is question your e-mails...was it sent by someone you know?" By being wary about e-mails from unknown senders, said Miller people can reduce their vulnerability. He also said that people can mask an e-mail address so that it appears as if it is someone know by the recipient. Other recommendations by Miller included changing computer passwords frequently and using case-sensitive letters and numbers if possible. By patching and getting newer versions of software and "fixes" a user can also decrease problems, he said. Wireless connections, while convenient because of their mobility, can also be less secure. "Be diligent about your computer accounts and use firewalls," he said. A firewall, as in the automotive protection between the driver and the engine, blocks unauthorized access and information from coming into a computer. Depending on the program's sophistication, a firewall can also limit programs on a user's computer from accessing an outside source. As with the education part of Miller's discussion, Barb Hawes is a Lab Administrator for the Schwan's IT Learning Center at SMSU. "We prepare student for business by applying the theory and hands-on experiences in technology," said Hawes. During the computer protection symposium, SMSU computer science/information technology student showed their senior seminar projects including firewall protection software, intrusion detection, password tools to assist administrators, and analyzing programmer and program mistakes. "We have the versatility in this lab to run PC and Sun (a Linux-based platform) to explore a standard computer environment and diverse networks," Hawes said. Niaz Patwary and Dave Tey worked with a program called ZoneAlarm and showed how the program on a server computer, can block a possible attack by another. They tried a number of programs in their study. "A system without a firewall is like leaving your car open with a key," he said about malicious users interested in taking your system for a drive. Buffer overflows are also a problem with software that Terry Pearson and Samar Upadhyay investigated. "It's like having a cup and pouring liquid into it until it runs over," said Upadhyay about a computer's memory being filled up. The memory overflow moves to the "stack" where the instructions for the program are stored, said Pearson. "A small overflow might crash the program, or worse," he said. This problem can lead to an unwanted user bypassing a password or overwriting the instructions--wreaking havoc with a computer. The students continue to work on similar problems in the classroom. Hawes feels that the security problem is not insurmountable, but it can be overcome by sharing information with others. "I think the biggest threat to computer security is people ignoring the threats and thinking they are overwhelming," she said. "The goal of this symposium is to open up a dialog about security so that people won't be afraid--we can, as a community, find ways to deal with these problems." |