- Email: [email protected]
Computer user surveillance
Computers and Security, Vol. 7, No. 2
considered in planning security for EFT networks. It covers EFT network structure and the basic steps in EFT security planning including, among others, the basic risks, key threats, security objectives and potential controls. The author also discusses cryptography and message control. Diagrams are used to clarify explanations.
Computer Control Quarterly, Autumn 1987, pp. 28-3.5.
Computer User Surveillance, KevinJ. Fitzgerald. Computer security designed to withstand unauthorized access has traditionally been based on passwords and, in some installations, file control. With this ineffective security it is not surprising that hackers have been successful. One response has been the international success o f database watching services which provide surveillance over bulletin boards. In addition to this external surveillance, internal surveillance systems have appeared in the commercial security marketplace. An advertised surveillance system will act as a deterrent to employees. In addition, the data provided by the surveillance log will assist in reconstructing any damage which might result from unauthorised access. The author describes a currently available system. Computer
Control Quaterly, Autun, n 1987, pp. 43-46.
Computer Viruses--A Secret Threat, Rudiger Dierstein. A computer program shall be called a virus if it has the characteristics o f self-reproduction and functionality. As with biological viruses, an infection will spread in a computer system or network exponentially. After each infection the virus occupies its old and new locations
simultaneously. An additional feature that dramatically increases a viruses malignancy is the trigger, which means that the virus will stay inactive as long as a particular condition remains unfulfilled. However, the virus will continue to propagate and infect other programs. The prospects o f combating computer virus diseages is not promising and therefore efforts must concentrate on the propagation o f viruses to prevent or slow them down. The article includes diagrams which explain the structure o f a virus. It discusses the possibility o f detecting a virus and the experiments done by Fred Cohen, the first to design a computer program with the properties o f a virus.
Computer Control Quarterly, Winter 1987, pp. 1-7.
Insurance and Computers: The Technology Gap, David Davies. The integration o f the computing function into all areas o f a company's activities, and the direct accessibility o f the computer to non-computing employees and even third parties, has introduced a new range o f risks: computer fraud, third party fraud and computer espionage. T w o new characteristics o f the current computer system are the concentration o f risks which magnifies potential losses and the fact that there are risk managcment solutions available. However, the new computer risks are far more difficult to idcntify. Insurance. may protect when loss occurs but cannot prevent loss. In addition, the insurance cover must be right and losses have to be measurable. Computer Control
Quarterly, Winter 1987, pp. 34-36. M A N A G E / 3 8 , Kevin Fitzgerald. M A N A G E / 3 8 is a high
level interface into the IBM System/38 operating system. From a security point o f view, there are several issues that deserve highlighting: (1) system, application and end-user locks; (2) automatic system, application and workstation failure detection; (3) automatic, unattended workstation sign-off; (4) automated tape backup facility; (5) disaster recovery reports; (6) document creation and maintenance. Computer Control
Quarterly, Winter 1987, pp. 50-51.
Horatius. Horatius is a sophisticated multi-featured access control system that is positioned between the host computer system and the communications network. It provides user identification validation prior to enabling connection between the user terminal and the computer system. Three levels o f security are available: simple password and timed access windows; challenge hand-held identification; split line dial-back. Computer Control Quarterly, Winter 1987, p. 52.
Other Abstracts Buyers Turning Toward Software Escrow Plans, Carole Patton. One way to ensure that a program's source code is available---even if the original vendor is not--is to set up an escrow account. With this setup, a third party holds the source code. Usually escrow agreements are made when buyer and seller first strike a deal and include the conditions that will trigger the escrow agent to turn the source code over to the buyer. However, escrow accounts must be carefully monitored to be sure that the code in escrow is updated with new ver-
215
considered in planning security for EFT networks. It covers EFT network structure and the basic steps in EFT security planning including, among others, the basic risks, key threats, security objectives and potential controls. The author also discusses cryptography and message control. Diagrams are used to clarify explanations.
Computer Control Quarterly, Autumn 1987, pp. 28-3.5.
Computer User Surveillance, KevinJ. Fitzgerald. Computer security designed to withstand unauthorized access has traditionally been based on passwords and, in some installations, file control. With this ineffective security it is not surprising that hackers have been successful. One response has been the international success o f database watching services which provide surveillance over bulletin boards. In addition to this external surveillance, internal surveillance systems have appeared in the commercial security marketplace. An advertised surveillance system will act as a deterrent to employees. In addition, the data provided by the surveillance log will assist in reconstructing any damage which might result from unauthorised access. The author describes a currently available system. Computer
Control Quaterly, Autun, n 1987, pp. 43-46.
Computer Viruses--A Secret Threat, Rudiger Dierstein. A computer program shall be called a virus if it has the characteristics o f self-reproduction and functionality. As with biological viruses, an infection will spread in a computer system or network exponentially. After each infection the virus occupies its old and new locations
simultaneously. An additional feature that dramatically increases a viruses malignancy is the trigger, which means that the virus will stay inactive as long as a particular condition remains unfulfilled. However, the virus will continue to propagate and infect other programs. The prospects o f combating computer virus diseages is not promising and therefore efforts must concentrate on the propagation o f viruses to prevent or slow them down. The article includes diagrams which explain the structure o f a virus. It discusses the possibility o f detecting a virus and the experiments done by Fred Cohen, the first to design a computer program with the properties o f a virus.
Computer Control Quarterly, Winter 1987, pp. 1-7.
Insurance and Computers: The Technology Gap, David Davies. The integration o f the computing function into all areas o f a company's activities, and the direct accessibility o f the computer to non-computing employees and even third parties, has introduced a new range o f risks: computer fraud, third party fraud and computer espionage. T w o new characteristics o f the current computer system are the concentration o f risks which magnifies potential losses and the fact that there are risk managcment solutions available. However, the new computer risks are far more difficult to idcntify. Insurance. may protect when loss occurs but cannot prevent loss. In addition, the insurance cover must be right and losses have to be measurable. Computer Control
Quarterly, Winter 1987, pp. 34-36. M A N A G E / 3 8 , Kevin Fitzgerald. M A N A G E / 3 8 is a high
level interface into the IBM System/38 operating system. From a security point o f view, there are several issues that deserve highlighting: (1) system, application and end-user locks; (2) automatic system, application and workstation failure detection; (3) automatic, unattended workstation sign-off; (4) automated tape backup facility; (5) disaster recovery reports; (6) document creation and maintenance. Computer Control
Quarterly, Winter 1987, pp. 50-51.
Horatius. Horatius is a sophisticated multi-featured access control system that is positioned between the host computer system and the communications network. It provides user identification validation prior to enabling connection between the user terminal and the computer system. Three levels o f security are available: simple password and timed access windows; challenge hand-held identification; split line dial-back. Computer Control Quarterly, Winter 1987, p. 52.
Other Abstracts Buyers Turning Toward Software Escrow Plans, Carole Patton. One way to ensure that a program's source code is available---even if the original vendor is not--is to set up an escrow account. With this setup, a third party holds the source code. Usually escrow agreements are made when buyer and seller first strike a deal and include the conditions that will trigger the escrow agent to turn the source code over to the buyer. However, escrow accounts must be carefully monitored to be sure that the code in escrow is updated with new ver-
215