Computer security is a growing concern for many small business owners. We've heard about the how the big guys like Yahoo are getting hacked. If they are not safe, what protection do small businesses have? How do we protect our systems and our data from hackers and cyber-vandals? Security experts make the point that it is not only our web sites that we have to worry about, but our entire computer systems. Persons with dial-up connections to the Net are less at risk, since hacking into that setup would take more time and effort than the average vandal might want to put forth. However, businesses with direct connections such as ISDN, ADSL or cable are more vulnerable to attack.
Security experts suggest the following:
Keep your operating system and your web server up to date. Older systems are easier to exploit.
1. Sign up to moderated email forums like BugTraq and/or NTBugTraq. These forums offer current information on security vulnerabilities and patches. BugTraq applies to all operating systems. NTBugTrak applies to NT. Visit Security Focus for signup instructions. (http://www.securityfocus.com/).
2. Subscribe to your software vender's mailing list for information on patches and install patches whenever they become available.
3. Use reputable products, but realize that reputable products are not necessarily commercial products. (i.e. Linux and Apache are non-commercial and offer considerable built-in security). If you find a little-known product on the web, realize that it may be insecure. Widely used products are more likely to be secure because so many people have had the chance to find and report bugs.
4. Know that there is no such thing as a hack-proof site. There are only trade-offs in terms of risk vs. costs to secure a site. The bigger the risk if the site is breached, the more work you should do to secure the site.
5. Use SSH instead of Telnet or FTP to update your site. SSH is a Unix-based interface and set of protocols that offers encrypted file copying and telnet type capability. With SSH, user ID and passwords cannot be lifted. SSH is distributed by F-Secure Corporation.
(http://www.datafellows.com/)
6. Conduct an I.P. Network Security Audit (IpNSA) on the networks (and all corporate connections) according to a regular schedule. This entails scanning/probing and finding weaknesses in the software and associated hardware of the Internet systems.
7. Use firewalls. Firewalls are protective software applications for networks. Firewalls filter all incoming packets (i.e. units of data) and determine whether it is safe to forward them to their destination.
8. Require users to change their passwords on a monthly basis. Passwords should have a minimum length of about 8 characters and should contain special characters (~`!@#$^&*-=+).
9. Have contingency plans in place in case the worst happens. The Contingency plans can incorporate, media strategies to handle the publicity that will be generated, contact names/numbers with various enforcement divisions (Police, CSIS, FBI, etc), regular backups of the network, etc.
10. PREVENTION!! Use one of the programs that will routinely check your TCP/IP traffic for any suspicious activity.
And finally, understand that security is not a one-shot affair. It is an ongoing process. The level to which you stay involved in it is directly associated with the risks of exposure you would face when security is breached.
Click Here to Email Bob Smith
Timed Pop-Ups - No Programming Needed!
