- Email: [email protected]
Checking out your security system
Computers and Security, Vol. 7, No. 5
and universities. There is nothing classified on the network. The culprit entered the DEC minicomputer by using his own name as the password. That name was the same password used by aJPL employee. The intruder then also gained access to a computer at the Patuxent River, MD, Naval Air Station. JPL will be tightening the security features o f the system and changing the computers' operating system in case a virus was left behind.
Computerworld,June 20, 1988, p. 7. Checking Out Your Security System, Simon Avarne. It is impossible to show that every aspect of a computer system is protected. However, a checklist indicates points to consider. The list includes applications software, audit trails back-up tapes, dial-back and dial-up, downloaded software, encryption, equipment identification, key management, message authentication, operational procedures, passwords and local-area networks. Further precautions involve physical security, repudiation, electronic radiation and traffic analysis.
Information Week,June 20, 1988, p. 56. M a k e Security a P r i o r i t y at Start o f L A N Installation, Sanford Sherizan. In planning the installation ofa LAN, attention should be concentrated on the issues of how to regulate a distributed network system with centralized management controls. The key elements o f network security are identification and control o f information flows. The essential security management tasks include: establish access rules; decide where to place controls; assign security responsibilities. During installation, a company should carefully
protect equipment, documentation arid sites. Additional steps to be taken during installations are checking security functions and balancing ease o f use with security controls. The strength o f the security system must be tested in a fully installed setting. Computerworld,
ucts will continue to refine criteria for authorization, identification and determining access levels. Biometric approaches may rely on retina scans, thumb scans or voice recordings. Other technologies, such as chip-based identification cards, will be less expensive. PC
June 27, 1988, p. 78.
Week,July 4, 1988, p. 135.
System Crash Foils Swiss Bank Theft, Philip Hunter. Only a
Air Force Mounts Offensive
chance system crash prevented an attempted computer crime from becoming Britain's, and possibly Europe's, largest recorded theft. An instruction to transfer 82 million Swiss francs ($54.1 million) went by Swift to a branch of Credit Suisse in Lyon. A computer breakdown apparently forced the staff to make manual checks o f payment instructions that would normally be processed automatically. Suspicion was aroused and two men were arrested in Switzerland in addition to an employee in the London branch o f the Union Bank o f Switzerland where the instruction originated. In this case it appears that security at UBS was inadequate. Information Week,June
Against Computer Crime, Neil Munro. The Air Force Office of Special Investigations (OSI) is investigating a growing number of computer crimes in the Defense Department. According to an agent of O SI, computer criminals have the same motivations of greed and revenge as any other criminal, but their capabilities are growing because of increasing reliance on computers and widespread computer literacy. OSI handles 200 to 400 computer-related cases a year. Eighty per cent o f known computer crimes were carried out by trusted employees; five to eight per cent were hackers. Government
Computer News,July 8, 1988, p. 51.
11, 1988,p. 20. Government Beefs Up Internal D a t a Security, Amy Bermar. The
Begin Contingency Planning or You Might Become an O u t l a w , Sanford Sherizen and Albert Belisle.
government's estimated 815 000 computers are being p r o v e n w again and again--to be vulnerable to interlopers. Now, two new government security measures may help tighten some loopholes. One is a new requirement to ensure the secure electronic transfer of funds between the U.S. Department o f the Treasury and the Federal Reserve system. Second, nearly 100 non-defense agencies will need to supply security plans to NBS. N e w security prod-
Contingency planning will be made an integral part o f corporate strategic planning by government or court mandates. The model for this required attention is currently found in the banking industry and will soon be imposed on other industries. Under the regulations of the Office o f the Controller o f the Currency, a bank's management is held accountable for the soundness o f its contingency plan and its periodic testing. Legal attention will soon be paid to failure to survive a
525
and universities. There is nothing classified on the network. The culprit entered the DEC minicomputer by using his own name as the password. That name was the same password used by aJPL employee. The intruder then also gained access to a computer at the Patuxent River, MD, Naval Air Station. JPL will be tightening the security features o f the system and changing the computers' operating system in case a virus was left behind.
Computerworld,June 20, 1988, p. 7. Checking Out Your Security System, Simon Avarne. It is impossible to show that every aspect of a computer system is protected. However, a checklist indicates points to consider. The list includes applications software, audit trails back-up tapes, dial-back and dial-up, downloaded software, encryption, equipment identification, key management, message authentication, operational procedures, passwords and local-area networks. Further precautions involve physical security, repudiation, electronic radiation and traffic analysis.
Information Week,June 20, 1988, p. 56. M a k e Security a P r i o r i t y at Start o f L A N Installation, Sanford Sherizan. In planning the installation ofa LAN, attention should be concentrated on the issues of how to regulate a distributed network system with centralized management controls. The key elements o f network security are identification and control o f information flows. The essential security management tasks include: establish access rules; decide where to place controls; assign security responsibilities. During installation, a company should carefully
protect equipment, documentation arid sites. Additional steps to be taken during installations are checking security functions and balancing ease o f use with security controls. The strength o f the security system must be tested in a fully installed setting. Computerworld,
ucts will continue to refine criteria for authorization, identification and determining access levels. Biometric approaches may rely on retina scans, thumb scans or voice recordings. Other technologies, such as chip-based identification cards, will be less expensive. PC
June 27, 1988, p. 78.
Week,July 4, 1988, p. 135.
System Crash Foils Swiss Bank Theft, Philip Hunter. Only a
Air Force Mounts Offensive
chance system crash prevented an attempted computer crime from becoming Britain's, and possibly Europe's, largest recorded theft. An instruction to transfer 82 million Swiss francs ($54.1 million) went by Swift to a branch of Credit Suisse in Lyon. A computer breakdown apparently forced the staff to make manual checks o f payment instructions that would normally be processed automatically. Suspicion was aroused and two men were arrested in Switzerland in addition to an employee in the London branch o f the Union Bank o f Switzerland where the instruction originated. In this case it appears that security at UBS was inadequate. Information Week,June
Against Computer Crime, Neil Munro. The Air Force Office of Special Investigations (OSI) is investigating a growing number of computer crimes in the Defense Department. According to an agent of O SI, computer criminals have the same motivations of greed and revenge as any other criminal, but their capabilities are growing because of increasing reliance on computers and widespread computer literacy. OSI handles 200 to 400 computer-related cases a year. Eighty per cent o f known computer crimes were carried out by trusted employees; five to eight per cent were hackers. Government
Computer News,July 8, 1988, p. 51.
11, 1988,p. 20. Government Beefs Up Internal D a t a Security, Amy Bermar. The
Begin Contingency Planning or You Might Become an O u t l a w , Sanford Sherizen and Albert Belisle.
government's estimated 815 000 computers are being p r o v e n w again and again--to be vulnerable to interlopers. Now, two new government security measures may help tighten some loopholes. One is a new requirement to ensure the secure electronic transfer of funds between the U.S. Department o f the Treasury and the Federal Reserve system. Second, nearly 100 non-defense agencies will need to supply security plans to NBS. N e w security prod-
Contingency planning will be made an integral part o f corporate strategic planning by government or court mandates. The model for this required attention is currently found in the banking industry and will soon be imposed on other industries. Under the regulations of the Office o f the Controller o f the Currency, a bank's management is held accountable for the soundness o f its contingency plan and its periodic testing. Legal attention will soon be paid to failure to survive a
525