Villafuerte, Nelly Favis, Manila Bulletin
As computers continue to be interconnected at a phenomenal rate - not only through the Internet but through other networks as well (like Intranets and Extranets and local area networks), the need for network security increases.
Security is a major concern of entities that want to do business through the Internet, especially through the World Wide Web - which, incidentally, is the fastest growing part of the Internet. Also, the World Wide Web is that part of the Internet which is most vulnerable to attack.
Compared to other networks, the Internet is more vulnerable to attacks from intruders. While the Internet is considered the mother of all networks that connects other networks world-wide, unfortunately, it was not designated with security in mind.
Security was not a part of the original network design of the Internet since it was conceived primarily as a research network and emphasis was placed on connectivity among collaborating parties rather than security.
Not many are aware that the Internet is a public, packet-switched network where the packets pass through routes that are not well-secured like private networks. Being public, communication through the Internet is open to the prying eyes of hundreds of thousands of computer users. Not to mention the possible loss of information along the routes considering that the protocols (defines the rules by which computer networks inter-operate) may also malfunction or fail.
Today, the governments of various nations as well as computer users and providers now realize that there is a pressing need to incorporate security system as a feature of the existing Internet network to maximize the awesome technological potential of the internet and promote E-Commerce industry as a whole.
Computer users doing business through the Internet are now clamoring that they be guaranteed the so-called CIA of information security, namely confidentiality, integrity, and availability - as well as the non-repudiation of information accessed through the computer network.
Confidentiality simply means that the information is kept secret from others who are not authorized to access it. Integrity, which includes authenticity, means that the information sent is the information received without any alteration. Availability means that the information are available at the needed time. Nonrepudiation means that both the sender or receiver of the information cannot deny sending or receiving it.
The particular security measure must be applicable to the specific threat. This must be so considering that security measures that are cropping up to protect computer users are as varied as the security threats that are hurting the growth of Internet and e-commerce through the Internet. Simply, the security measure must be matched to the threat at hand.
In the same way that there can be no single security measure that guarantees 100 percent security, it is also impossible to come up with a set of standard guidelines applicable to cope with all kinds of threats. Depending on the kinds of threats that a company is exposed to and its security objectives, the company is in the best position to formulate its own information security policies.
Some threats to a company's computer network may occur due to technology or policy weaknesses. Technology weaknesses refer to flaws in the software and hardware products or in the communication fabric.
Computer security-related incidents are generally caused by internal or external factors. Surveys in the past years of companies that experienced security breaches reveal that the biggest threat to computers did not come from sophisticated attacks from outsiders but from acts of employees which may be a simple error, omission or malicious action.
It is interesting to note that there have been many cases in the United States where disgruntled employes, out of spite or for a ransom, committed computer fraud or placed logic bombs in their companies' computer systems to destroy vital information or block all access to the company network. …