How to fight Cyberterrorism
Information Technology is the lifeline of most organizations
today, and as such a disrupted information system can cause your
company to lose market share and eventually bring it to its
knees. 94% of companies without a tested crisis plan go out of
business after a severe loss of service for two weeks or more.
We are so bound as a global community that a disaster in a
single major city results in significant ripple effects around
the world.
Cyberterrorism, weather direct or indirect, is an issue all
businesses should anticipate and arrange for backup plans.
Depending on the size of the company, backups of the backup plan
may need to be considered.
Politically charged events frequently unleash a nest of virus',
worms and Trojan horses on the Internet, and with increasing
intensity. In one day, the current Nimda virus generated one
hundred times the traffic that the code red virus took three
days to do.
A group setup by the federal government to counter
Cyberterrorism released a report stating that "A personal
computer and a simple telephone connection to an Internet
service provider anywhere in the world are enough to cause a
great deal of harm. The right command sent over a network to a
power generating station's control computer could be just as
effective as a backpack full of explosives, and the perpetrator
would be harder to identify and apprehend."
To protect your business in the event of a disaster you need to
identify the mission critical information streams that need to
be protected. This may include both print material and computer
hardware and software.
BACKUP YOUR DATA
Minimizing the loss of valuable documents or data can be
accomplished quite easily by performing regularly scheduled
backups. It is absolutely essential that OFF-SITE copies of
backups be kept. This will assure quick recovery from disasters.
Backups may be done using a variety of medias, such as, floppy
disks , zip disks, re-writeable cd's, and removable hard drives.
The type of media you use will depend on the quantity of data
being stored.
Larger companies may also consider installing "mirror" servers,
which allow the same real time information being kept in
different locations. Consideration should also be given to
outsourcing applications to ASPs (Application Service Providers)
which have mirrored data centers.
Any paper documents which are considered critical should also be
backed up with the help of a scanner and stored off-site.
Myriads of paper documents were strewn all over New York
following the WTC disaster. Many of the organizations and
companies affected have no idea of what they have lost or even
how to recover missing files. Some of which have irreplaceable
information and signatures.
ANTI-VIRUS SOFTWARE
A good anti-virus software is essential in your counter
terrorism arsenal. It will offer continuous protection and
automatically scans all file inputs, outputs, downloads, program
executions, and other system-related activities to help prevent
virus penetration. If a virus is discovered, you will have the
option to clean or delete the infected file.
FIREWALLS / DETECTION NETWORKS
Firewalls screen all communications to a system, including
e-mail messages, which may carry logic bombs. The term
"firewall" is a relatively generic term for methods of filtering
access to a network. They may come in the form of a computer,
router or other communications device, or in the form of a
network configuration.
The services and access that are permitted to each user are
defined by firewalls. One method is to screen user requests to
check if they come from a previously defined domain or Internet
Protocol (IP) address. Another method is to prohibit Telnet
access into the system.
Here are a few key things to remember in order to protect
yourself from Cyberterrorism:
i. All accounts should have passwords and the passwords should
be unusual, difficult to guess, and alphanumeric where possible.
ii. Change the network configuration when defects become known.
iii. Check with venders for upgrades and patches. iv. Audit
systems and check logs to help in detecting and tracing an
intruder.
v. If you are ever unsure about the safety of a site, or receive
suspicious email from an unknown address, don't access it. It
could be trouble.
TRACING SOFTWARE
There are software companies that create products designed to
trace exactly where anyone connecting to your network is coming
from. Giving you detailed information on the registered owner's
name, address, etc. Greater possibility of detection always
reduces the incidence of crime.
PROTECTION SUITES
Click here:http://www.irieisle-online.com/cyberterrorism for a
suite of online services which combine a number of protection
strategies.
Today's commercial off-the-shelf software is riddled with holes.
Microsoft products in particular, seem to be targeted. A recent
Gartner Group report strongly suggests that changing from
Microsoft's Internet Server would be a positive step. Software
makers should design more secure products, which should be
shipped to consumers pre-configured with high security settings.
Such efforts will probably mean higher costs and slower progress
in the short term but will pay off in the long term.
There are no foolproof ways to protect a system, as completely
secure system can never be accessed by anyone. Your
organization's classified information can be kept on machines
with no outside (internet/intranet) connection, as a form of
prevention of Cyberterrorism. In the end, the onus of fighting
Cyberterrorism is really on each company or organization. The
cost to protect your data will be a small fraction of what will
be lost if your information systems are attacked or accidentally
damaged.