Internet Security

One of the best ways to preserve the security of the Internet is to remove bugs like D J Bernstein does. Since this is not a 100% possibility, we can also go a long long way by removing bugs, and updating our software with the latest security updates and using tools developed by good programmers.

Security issues include viruses, trojan horses, and vulnerabilities.

Since large corporate and large organisations do not read email on their main firewall servers, viruses are not a concern for the places that need the most security. You can emulate this level of security, by the way, by using a good firewall router in your office. Even a basic one from your local office supply store is better than none, and those are great for home use too.

The best place to protect your servers, and even your workstations, and personal computers is to keep your software up to date. A good operating system is also a good idea, and XP Home (Trademark by Microsoft) is a poor choice versus XP Professional (Also trademark by Microsoft), but Linux or UNIX is the most secure choice if you can afford to use it for the business function required. Any employee that needs only word processing, email, and web surfing, can easily use any LINUX operating system (eg. Red Hat Software) at a fraction of the cost.

Vulnerabilities are bugs in server based programs that allow attackers to take over a machine. There are many vulnerabilities in many software packages, and these are sometimes caused maliciouly, and, more often than not, caused by inexperienced programmers who do not know about things like buffer overflow problems. The vulnerabilities for your system can be checked at the CERT/CC coordination centre. CERT was formerly known as the computer security incident response team but they now do much more. CERT was formed in 1988 for the DARPA project. CERT is funded mainly by USA sources including the USA department of homeland security, the USA Department of Defence, as well as some other USA federal agencies. SANS.org is another good source.

Trojan horses and viruses are quite similar in that viruses are usually transmitted in something that we trust.

Here is a classic example of a trojan horse email sent to one of our clients that uses our zedemail mail service:

"Dear user of Zedemail.ca,
Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean
up your computer software.

For further details see the attach.

For security purposes the attached file is password protected. Password is "50404".

The Management,
The Zedemail.ca team
http://www.zedemail.ca", of course the attachment mentioned in the email was full of virii.

In our example, the user had antivirus software, and nothing was damaged, but where did this email come from? Actually it came from another computer that had the virus that we saw in the IP address of the full headers of the email. One of the disadvantages with current technology is that malicious parties can spoof a domain name, and send an email so it looks like it is from somewhere else. This is exactly how this trojan horse was produced. The owner of the computer that had the virus most likely received an email from our client, and then it just sent a predefined email, and a pretty convincing one at that, back with the virus attached. Since our customer trusted us, and thought that the email came from us, he was fooled by the trojan horse, and openned up the attachment: something that normally he really knows NOT to do.

Of course a virus is a program that "infects" a computer so that it does something that the owner does not control, usually to propagate itself, and do some sort of damage.

Security In the News: Links



Check out our Email Security summary too.

up to table of contents

For more information about our products and services, please phone us at (780) 239-8494 (within Edmonton, Alberta, Canada), (403) 998-8494 (within Calgary, Alberta, Canada), (306) 717-7709 (Saskatoon), (416) 993-7027 (Toronto) 1-877-968-7626 or 1-877-807-0777 (toll free within North America).

Copyright © 2004-2009 Computer Engineering Inc. All rights reserved.
site map | links | search | add your URL - link exchange
Get our small business packaging including card design, logo, and simple website free domain name with web hosting Canadian php5 web hosting - Edmonton, Calgary, Alberta, Toronto, Ontario Canadian Windows 2003 ASP web hosting - Edmonton, Calgary, Alberta, Toronto, Ontario Stop Spam Here Use OpenOffice.org