Kitsap Peninsula Business Journal Article - News, Business, Homes, Politics, Automotive, Reviews, Bremerton, Silverdale, Poulsbo, Gig Harbor, Port Orchard, Bainbridge

10-7-2002

Safeguarding your system from
intrusion from hackers
By Ward Ralston

In today’s post 9/11 world, more and more American businesses and home users are focusing on computer related security. This is not due to that fact that computers are less secure than they were a few years ago, it is simply the fact that computer hacking is a trend that is becoming more and more prevalent everyday.

Let’s look at some facts: When the Computer Emergency Response Team (operated by Carnegie Mellon University, CERT is part of the federally funded research and development center at the Software Engineering Institute) was formed in 1988 they dealt with 6 computer related security incidents for the entire year. In 2001 there were 52,685 incidents, followed by a staggering 43,000+ incidents in the first two quarters of this year alone. Computer attacks on our home and business computers are happening every minute of every hour of everyday. If you think that your home or business computer is safe, even if you do use a firewall and anti-virus software, you are mistaken.

In a recent study of 405 corporate LAN (local area network) managers conducted in February by In-Stat/MDR, researchers found that the highest percentage of companies that had been attacked by hackers in 2001 (44 percent) were in the enterprise space, defined as companies with more than 1,000 employees. The next highest percentage is medium-size businesses, with 100 to 999 employees. Of those firms, 36 percent said hackers had hit them.

At what price? The cost is particularly high for cleaning up after attacks from viruses and worms — malicious computer code often sent through e-mail that can, at worst, destroy all the data on a computer system. The worldwide cost reached $17.1 billion in 2000, a 41 percent increase over the previous year, according to Computer Economics, an information technology research firm.

Computer security is an oxymoron of sorts – there is no such thing as a secure computer system. Let me say that again, there is no such thing as a secure computer system. However, you do have the ability to take practical steps to ensure that your computer systems are as secure as possible. You, as a home user or as a business owner, need to know what threats are out there, and what reasonable actions you can take to protect your system and data integrity. The first step in ensuring that security is education.

One of the companies that is picking up the security ball and running with, it is none other than Microsoft. In October of 2001, Microsoft announced its Strategic Technology Protection Program (STPP). This highly successful program puts security as a top priority, allowing businesses and home users free access to security resources and security education.

The premise of the program is a delightfully simple two-step process: (1) Get Secure (2) Stay Secure. Microsoft has even put more of an emphasis on security than functionality. In my opinion, this is a great step forward toward making the computer world safer and more secure.

Microsoft is really stepping up to the plate with its initiative. There are some very valuable tools that are available for free that will allow businesses and users to help achieve the STPP goals. Tools like the Baseline Security Analyzer, IIS Lockdown, URLScan, Software Update Services, and HFnetcheck will allow computer users to secure their systems and keep them up to date. Microsoft has even implemented a free technical support line if your computer has been infected by a virus or the victim of an attack.

Microsoft is relying heavily on its Certified Partners and Technical Education Centers to assist computer users in achieving their STPP goals. For the serious IT student, CompTIA offers a course entitled “Security+” and there are two Microsoft Official Curriculum courses currently available:
• MOC 2150-Designing a Secure Microsoft Windows 2000 Network
• MOC 2159-Deploying and Managing Microsoft Internet Security and Acceleration Server 2000

For the business owner or home user with less technical experience, Microsoft has created their very successful ‘Security Clinic’ – a three-hour educational lecture that puts the tools, and the knowledge of how to use them, into the hands of the end user. For a limited time, Paladin Data Systems is offering these Security Clinics free of charge at our computer training classrooms in Poulsbo. The next free clinic is scheduled for October 17 from 5 to 8 p.m. For more information, call Michelle Dvorak at (360) 779-3100.

Remember, the first step to safeguarding your system is Education!

(Editor’s Note: Ward Ralston is Senior Staff Instructor at Paladin Data Systems Corporation. A highly skilled technology professional, he brings over 12 years experience in information technology to his students, in an energetic and creative style. His technical certifications include: MCP (NT/2000); MCP+I (NT); MCSA (2000); MCSE (NT/2000); MCT; A+; NET+; Security+; CIW; CIW Security Analyst; and CCNA. Ralston graduated Magna Cum Laude with a BS in Education and Training from Southern Illinois University.)