There is not enough room in one article to detail every bit of computer or Internet security you will have to deal with when using a personal computer and the Internet. There are, however a subset of terms and concepts that, when defined, can help you better understand what is “happening under the hood.” With that improved understanding, the journey into cyberspace security may be a bit less confusing and intimidating.

Much of the following material was shamelessly plagiarized from the Computer Emergency Readiness Team (CERT) website at www.cert.org. Since that is so, it would be helpful to explain the who, what and why of CERT.

“Established in 1988, the CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.”

The FAQ... (oops! There’s one of those pesky terms! FAQ – Frequently Asked Questions.) list at www.cert.org/tech_tips/home_networks.html#I-A is where I lifted the following Q & A. (Aw, c’mon! That one isn’t computer geekese!) There is more and it is worth a visit, even by the “experts.”

• What is computer security?

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as “intruders”) from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

OK. That is pretty straightforward.

Why should I care about computer security?

“We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications “top secret,” you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements). (Italics added for emphasis) I have written several times about the abuse of personal computers by spammers and hackers. This is no small problem. By one estimate there are at least ten million compromised computers available as a pool for use by Internet criminals. It is safe to say that none of the owners of those computers are aware their machines have been compromised.

Who would want to break into my computer at home?

“Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.

Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.

Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data."

Actually, the purpose is almost exclusively to use your computer to attack other systems, either by spamming, or by participating in a DDOS (Aha! A tech-geek term. Distributed Denial of Service) attack. In a DDOS, a multitude of computers are used to flood a targeted computer. The intent is to flood the target with so much traffic that it is overwhelmed and put out of service. No one or two are even a dozen hijacked computers could accomplish the attack. Typically the attacks are launched from literally thousands of computers, each of which sends a relatively small amount of information, but the sheer volume of traffic floods the target.

Intentional misuse of your computer

Trojan horse programs
Trojan horse programs are a common way for intruders to trick you (sometimes referred to as “social engineering”) into installing “back door” programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus. More information about Trojan horses can be found in the following document: www.cert.org/advisories/CA-1999-02.html.

Back door and remote administration programs

On Windows computers, three tools commonly used by intruders to gain remote access to your computer are BackOrifice, Netbus, and SubSeven. These back door or remote administration programs, once installed, allow other people to access and control your computer. We recommend that you review the CERT vulnerability note about Back Orifice. This document describes how it works, how to detect it, and how to protect your computers from it, www.cert.org/vul_notes/VN-98.07.backorifice.html.

The CERT site has a lot more information in addition to the above, which explains the issues in simple terms that the layman can understand. Spend time going through it, sign up for the email alerts, and most importantly, do something about the recommendations. Don’t just read them and assume they don’t apply to you. Many of them do.