.. .55) According to Barry Weiss, a partner at Gordon & Glickson, a Chicago law firm that specializes in information technology legal issues, for the Internet to be used as a effective tool for communication companies need to define policies and procedures to avoid risk. (Wagner, p.58) Another method in which companies can protect their office systems from hackers is by asking employees to develop and maintain smart passwords. Employees should not write down their passwords and leave them near a computer. They should create password which relate to people closely related to them.
Also they should not share their password with anyone and near should they store their passwords in the computer. Passwords become hard to crack by hackers when they have both upper case and lower case letters as well as digits and special characters. Further, the should be long and should be able to keyed in quickly so one can follow when typing on the keyboard. (Icove, pp.135-136) Having strict guidelines is one solution to minimize hacker intrusions. Employing technologies is another solution to accomplish the same goal. One specific technology to implment in the office network is called firewall.
This tool combines the technology of hardware and software and functions by protecting the office network when it is connected to the Internet. A firewall analyzes data and accepts only the data that is approved by the information manger. The firewall collects all users in one area and views whether they are performing an approved activity such as sending electronic mail to clients. Since all the activity has to pass and be approved through one checkpoint this tool is useful for controlling data and keeping logs of the users activity. Adding a firewall in the office system can be done in two ways.
It can be purchased as a package from a vendor or it can be built. Logically it is cheaper to build a firewall, a good choice for those information mangers who are operating on a strict budget. (Anderson, pp. 106, 108) When buying a firewall from vendors it can get very confusing since there are a lot of varieties and costs that each vendor offers. There are more than 40 vendors in the market who offer new releases in less than a year.
However, this trend is also changing. The National Computer Security Association (NCSA) has developed a program which will make it easier for information managers to select a firewall from numerous packages. It will do that by establishing performance standard needed for an effective firewall. Based on this criteria it will test and certify those firewall packages which meet its criteria. The certification concentrates on security threats that are high to a automated office systems.
This includes how often the hackers attack the firewall, how easily they can penetrate the firewall and how much damage they cause once they penetrate the firewall. Naturally, the lower the frequency in these criteria the more chance for the firewall package being passed. Besides certifying firewall the NCSA will also collaborate with vendors to create standard language for firewall and publish more documentation so information managers have a chance to make a better decision when they are thinking to implement firewall in their office systems. (Anthes, Firewall chaos. P.51) A firewall is not the ultimate solution because it cant keep out viruses or traffic that goes to the internal network though another connection, however it is still the most effective was to protect a network thats connected to the Internet (Anderson, p.106) Another method to protect data is the use of encryption technology. This comes especially useful when data is sent through external communication systems where there are great chances for it to be intercepted by hackers. Electronic mail can greatly benefit from this technology.
Encryption is a software program which creates a key with two divisions. One is the public key and one is the private key. The public key is given to those with whom communication is usually conducted. After writing the electronic mail the message is encrypted with the recipients public key. Due to encryption there is a digital lock placed on the message, so even if a hacker intercepts the mail while it is traveling to the recipient, the contents of the message are unobtainable.
Upon receiving the message the recipient uses the software to verify that the recipients public key was used to encrypt the mail. After the confirmation the software decrypts the encrypted message using the private key of the recipient. (Rothfeder, pp. 224-225) Moreover, two high tech companies have teamed up to develop a hardware based encryption technology. This is specially targeted to make electronic commerce more safer to carry out over the Internet. Separating the encryption functions from the processor and handling them through another hardware piece will make it much harder for hackers to intercept office data and also free up much processing power required to encrypt large important business documents.
Multiple applications can use this encryption peripheral to make their data safe. If hackers attempt to break into the hardware encryption device the data will be immediately deleted and thus would be useless for the hackers. (Vijayan, p.45) Lastly, corporations can out-source their security needs to special computer security firms who specialize against hacker intrusion. One such company is Pilot Network Services. Pilots client hook their office system networks to the companys service centers around the country.
This way Pilot is able to supply supervised Internet access. The system is run by a team of electronic specialist who monitor it on a 24 hour basis. Happy clients such as Twentieth Century Fox value Pilots services because they get around 30 intrusions daily which they are able to block. Sometimes Pilots engineers let the hackers in a office communication system to observe and learn about their activities so they can be more knowledgeable on how hackers attack. (Behar, p.36) Other forces that corporations can out-source to protect their office systems are called tiger teams.
These tiger teams hack their clients computer to point out weaknesses in the communication system. This way the weaknesses can be corrected and the system protected. Tiger teams usually attack their clients system through the Internet, but also warn that potential hazards can occur through other channels such as operating systems. (Doolittle, p.89) In the current computing environment it is essential to have a security plan for those companies who use the Internet as their main source of communication. If a plan does not exist the damages can mean failure for a company. Consequently, it is essential for information managers to employ the solutions presented in this paper when they are automating their office system.
Bibliography Anderson, Heidi. Firewalls: Your First Defense PC Today, May 1996: pp.106, 108-109. Anthes, Gary H. Firewall chaos. Computer World, February 1996: p.
51. Anthes, Gary H. Hack Attack. Computer World, April 1996: p. 81.
Behar, Richard. Whos Reading your e-mail? Fortune, February 1997: pp. 29-36. Cobb, Stephen. How Safe is the Internet? Internet & Java Advisor, January 1997: pp.36-38,41.
Doolittle, Sean. Special Forces On Call PC Today, May 1996: pp.89-91. Icove, David, Karl Seger, and William VonStorch. Computer Crime. California: OReilly & Associates, Inc., 1995.
Pfleeger, Charles P. Security in Computing. New Jersey: Prentice-Hall International, Inc., 1989. Ray, Charles, Janet Palmer, and Amy Wohl. Office Automation : A Systems Approach. 2nd ed. Ohio: South-Western Publishing Co., 1991. Rothfeder, Jeffery. No Privacy on the Net.
PC World, February 1997: pp.223-229. Vijayan, Jaikumar. Making the Web a safer place. Computer World, April 1996: p. 45.
Wagner, Mitch. Firms spell out appropriate use of Internet for employees. Computer World, February 1996: pp.55,58.