Plugging existing holes in security

Every individual and especially companies must protect their confidential data on computers by identifying the common security holes and then plugging them. Read the article to know how to do this.

Since everybody has an online presence these days, it is important to identify the existing holes in security and then plug them. For companies having a large amount of confidential data on systems, understanding these holes is absolutely essential.

Run a security check to identify the holes in security

First, you must run an initial security check on the system. While doing this, it is essential to check three areas of exposure.

Risk of access to the system

Hackers try to gain access to your system by finding its login. Then, they attempt to worm into the root access for the system. Hackers do this by first exploiting the security holes in the products used on your system or in the operating system itself. If root access is gained, a hacker can do almost anything. He can destroy all data or even reinitialize hardware. It is worth noting that most security attacks happen this way. Everything from e-mail to FTP can be an entry point. If you are not well informed about your systems, there are professionals who can help you identify such holes and plug them.

Once the hacker gains root access to one area, he attempts to gain root access to other systems as well. He simply runs sniffing or spoofing software to collect information about the connected systems.

Risk of overloading the system

System overload can be caused by concerted attack and it is difficult to protect against. This happened to Yahoo a few years back. If the applications you operate have limited capacity or if you think that you might exceed this capacity, you should consult your manufacturer. If he fails to help, find another vendor. It is important to understand here that managing high traffic loads is absolutely essential. Rebuild your applications if the database connection pools interacting with SMTP or application servers seem to be at risk.

Risk of viruses

In addition to installing good anti-virus software, you must also limit any exposure to non-virus destructive programs. Note that all destructive programs are not viruses but yet can affect your system. Example, on installing a program, if the newer version is overwritten by the older one, the new program would not function properly.

Plug the existing holes

Some small steps can prevent exposure to online security threats. Following are the ways you can plug the above stated holes in security.

Lock the machines to limit the access

If you have a janitorial staff or a rented facility with other company, you should lock your systems to prevent unauthorized access. In 2000, a news report said that hard drives containing nuclear secrets were stolen from the Los Alamos National Laboratory. Like many other companies, you can get an internal access system which notifies you when the machine is open by ringing an alarm. Another way to limit the access is to buy systems having internal jumper pins. These pins can be shorted to reset the settings as per requirement.

Companies must make it a policy that any employee, when leaving his desk, must lock the system. Most corporate espionage is done when someone away from the work area has left confidential documents unsecured on the system.
Technologies like finger print and retinal recognition can also be used for online authentication in order to limit the access.

Implement CMOS/BIOS passwords

The information system personnel can set the password for system settings. These passwords can be implemented with the help of a professional.

Use a screen saver

A screen saver acts as a security mechanism. It not only adds to aesthetics of the system but also prevents screen burn. As it adds nothing much to the security of the system, it is ideal only for those who don't have very valuable data on their computers.

Encrypt the data

Encrypt your data to prevent your transactions from being sniffed. Maximum keys should be applied to the individual values of a message before scrambling them. A 40 or 56 bit encryption is usually considered as weak. Pretty Good Privacy (PGP) is a software encryption program that is freely available on net.

Read The basic tips to protect online internet banking account


No responses found. Be the first to comment...

  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: