Business Security Information

This summer, I helped a friend install a DVR (digital video recorder) for his business security camera system.  I also helped him configure the DVR and his network to allow remote viewing of the security cameras for him and a few key employees.  While helping him with this project, I realized how much physical security systems have changed over the past few years.  More and more of them are being manufactured with network capabilities with many of them being installed on the business network.

When you look at the desktops, laptops and other devices in your business, do you realize the number and variety of software applications running on these devices?  Applications include Adobe Reader, Adobe Flash, Microsoft Office, off-the-shelf accounting software, and other similar types of applications.  Beyond these normal applications found on most computers, custom applications may also be used in your business such as credit card processing, accounting or other business-oriented software applications.  Most business owners and managers do not realize the number and variety of applications running on the computers they use.  Studies have shown that businesses spend most of their security efforts updating and securing the computer’s operating systems and not the software applications.

I have written numerous articles covering the different elements and aspects of security, but one issue I have never touched on is the importance of having quality information to make good security decisions for your business.  Quality or complete information is key to any business decision including security issues, but most businesses fail to track security incidents or issues at their company.  I have worked with a lot of small and medium-sized businesses over the years, and I have not run into one yet who does.

It seems like almost every book or article I read defines computer security a little differently.  Often the terms computer security, information security, network security, information system security and information assurance are used interchangeably even though each of these terms covers a slightly different portion of security.  I feel that computer security is the overall general term used to indicate the protection of a company or organizations data, network and computer systems.  The other terms  (information security, network security, information system security, etc.) fall under the main heading of computer security.

In security, a Trojan Horse is similar but not the same as it was described in Greek mythology in which the Greeks presented the city of Troy with a wooden horse in which they had hidden their soldiers.  After the Trojan Horse was inside the city and night had fallen, the soldiers emerged from the wooden horse and overtook the city.

In the computer security field, a backdoor is basically a computer program that gives an attacker easy access to a computer system and bypasses security measures that are currently in place.  Computer programmers sometimes install backdoors in the programs they write, but they use the backdoor  to access the program for the purpose of troubleshooting the software.  For this definition, we will limit our discussion to backdoor programs that attackers use.  Backdoors, whether used as a troubleshooting tool or as a means of gaining undetected access to a computer system, are a security risk.

Just when you thought it was safe to use wireless, along comes a new attack on wireless encryption.  WEP (Wired Equivalent Privacy), the oldest form of wireless encryption,  has not been safe to use for quite some time, and I would recommend you use one of the other wireless encryption methods mentioned in this article if you are still using WEP.  The information or data that you send or receive on your wireless connection can easily be captured and read by others if you don’t encrypt that traffic.  This article will help you make necessary changes to your wireless network.

A lot of today’s websites are dynamic, meaning they can deliver different content to a user depending on the user’s needs.  Dynamic content is achieved with the use of web applications.  This sounds great, but dynamic websites are open to an attack called cross-site scripting.  If you have been in business long and pay attention to the variety of security issues that you have to protect your business from, you probably have heard of this term before.  Cross-site scripting is a type of exploit where the attacker inserts or embeds malicious programming code into a web link which the attacker disguises so it appears that it is coming from a trusted source. 

In the security arena, an exploit means a program, procedure, or a technique used to take advantage of a security vulnerability or hole in a computer program or application.  Basically, it is a form of attack against a computer system which takes advantage of known weaknesses.

A special type of exploit called a Zero-Day Exploit is an attack method that takes advantage of an unknown weakness or a vulnerability that has just been announced before a patch for the weakness has been developed or distributed to users of the software program or application.

When Windows Vista was released and found to have problematic issues,  many businesses stayed with Windows XP Professional.  Now Windows 7 is about to be released.  Will businesses upgrade to Windows 7 when it is released or take the more cautious approach and wait till Windows 7 is out for some time before deciding to upgrade to the newer version of Windows?  I think that a lot of businesses will wait and see before deciding to upgrade.  Since so many businesses are still using Windows XP Professional and may wait to upgrade to Windows 7, I decided to go ahead and write this article on securing Windows XP desktops.