Helping Protect Computer Networks from the Inside: Education as a Security Tool
Ruckman, Sharon, Techniques
Despite the time, energy and money that schools and other organizations funnel into products to maintain network security, their computer network's biggest threat is frequently from the inside. As computer networks and Internet use become more and more necessary in modern educational environments, attention should be focused on the potential threats that accompany the use of the technology. In addition to having basic security measures in place (such as firewalls, anti-virus software and content filtering), organizations also need to focus on training students and instructors in order to reduce the impact of the human threat.
E-mail can cause several types of security breaches. Viruses and inappropriate e-mails (which may open up organizations to legal liability) are two examples. One of the biggest threats from computer worms and viruses comes through e-mail. "Mass mailers," viruses that propagate and send themselves out to large numbers of other computers via e-mail, can spread very rapidly. The key to combating this threat is educating computer users. If students, or even instructors, open unsolicited e-mail attachments or do not scan attached documents for a virus before opening them, then the school network is vulnerable to virus attacks. Also, if schools rely on instructors and staff to keep their virus definitions updated, instead of pushing out new virus definitions automatically to ensure policy enforcement, they risk infection even if they do scan for viruses before opening attachments. By inadvertently allowing inappropriate e-mail--sexual in nature or otherwise offensive--to be sent within the organization, schools can be vulnerable to financial consequences or perhaps even legal action.
The Internet is an amazing and useful tool in any educational setting. However, when surfing the Web, people might download more than they anticipated. Students, who use school networks for research, often spend time surfing the Internet for personal use as well. Non-class or non-work-related surfing increases the chances that a staff member or student will visit a site using ActiveX or Java. These languages can be used to create malicious code that can communicate directly with the user's machine, giving hackers access to data and, potentially, the network. If users download free software or screen savers from unknown sources, your system may be infected with a virus or Trojan horse, which may inflict damage ranging from file deletion to stealing passwords. However, experts say that larger and more popular sites that use these computer languages are fairly safe because the sites employ security measures.
The Password Challenge
Some computers and networks are protected by passwords as a security precaution. Passwords are a major vulnerability in many organizations. It's not unusual for people to try to save time by sharing passwords or choosing a simple password. Weak passwords make it easy for unauthorized users to gain access. A potentially weaker spot in your network security may not be the user passwords, but the users. A carefree attitude toward passwords is what social engineers are banking on. Weak passwords make it easier to break into those networks (like leaving your doors and windows open in your house) and use your network for other illegal activity, e.g. zombie attack.
Social Engineering Tactics
Users who don't know how to respond to potential security breaches, such as social engineering tactics, leave an organization open to security attacks. Social engineering is the act of creating a threat, like a computer virus, in a way that makes people more likely to take action that will facilitate its spread or execution. The LoveLetter virus used social engineering by sending infected e-mails with "ILOVEYOU" in the subject line. This caused curiosity among recipients who were then more likely to open the attachment and execute the virus on their own systems. …