tag:blogger.com,1999:blog-7968135.post-1092712237943433212004-08-16T20:09:00.000-07:002004-08-16T20:10:37.943-07:00Getting discouraged about connecting to the Internet or doing any real work on it? Don't be. There are ways to protect your system against the threats we've described. There isn't a magic Internet security bullet. The best security solution isn't a simple solution, but a collection of strategies and techniques. Your own site's security philosophy, the characteristics of your users, the type of data you're protecting, and your budget all help determine the right approach for you. Here are some suggestions. <br />Enforce Good Host Security With host security, you enforce the security of every machine at your site separately, and you make every effort to learn about, and plug, any security holes that your particular operating system presents. Although host security isn't a complete solution to Internet risks--there are simply too many machines, vendors, and operating systems to be sure that you've successfully been able to secure them all--you need to make sure that every system on your local network is as secure as you can make it. Systems exposed directly to Internet traffic need especially strong host security. Encryption of Files and Email If you use good encryption, then even if an intruder gets access to your files and messages, he won't be able to make sense of them. There are many types of encryption programs. Make sure to use one that uses a strong cryptographic algorithm. Although it's been around a long time, the Data Encryption Standard (DES) is still a pretty sound private key encryption algorithm, particularly if you use a variant. The RSA algorithm is the premier public key algorithm. PGP is a program that implements the RSA algorithm and is freely available on the Net (for noncommercial use within the United States). In PGP: Pretty Good Privacy, Simson Garfinkel describes how to use PGP to encrypt files and email and how to "sign" your email with an unforgettable digital signature, proving to recipients that your messages were sent by you and weren't modified during transmission. The book also contains a fascinating, behind-the-scenes look at the development of Phil Zimmermann's controversial program and the issues surrounding privacy, the export of encryption programs, and cryptography patents. Use Firewalls A firewall restricts access from your internal network to the Internet--and vice versa. A firewall may also be used to separate two or more parts of your local network (for example, protecting finance from R&D). The dictionary definition of "firewall" is: "A fireproof wall used as a barrier to prevent the spread of a fire." A fire may damage, or even destroy, one section of a building, but a firewall may keep that fire from spreading to other sections of the building; at the very least, it may slow down the spread until the fire can be brought under control. On computer networks, firewalls serve an analogous purpose. A security problem somewhere on a network--for example, eavesdropping, a major break-in, or a worm program--may do a great deal of damage to one portion of the network. But if a fire wall is in place, it can isolate what's behind it from the security problem. Without firewalls network security problems can rage out of control, dragging more and more systems down. Once one system on a network has been compromised, it's often trivial to compromise the others. Shared system resources, homogeneous services, and trust policies may all contribute to the spread of a security problem from one system to another. Think of a firewall as a checkpoint; all traffic is stopped and checked at this point--usually, at the perimeter of your internal network, where you connect to the Internet. Your own site's security policy determines what happens at the checkpoint. Some requests might pass right through. Others might be turned away. Still others might be routed to proxy services, which satisfy the requests without directly exposing internal systems. Use Secure Procedures Purely technical solutions go only so far. Just as there is a human element to committing computer crimes, there is a human element to preventing them. Be smart about prevention, and make sure your organization enforces good security procedures in everything they do. Physical security, personnel security, and operational security are less technical, but nevertheless important, parts of Internet security. <br /> <br />firewall softwarehttp://www.blogger.com/profile/11056230181044279673noreply@blogger.com