Friday, June 20, 2008

What to do Before Computer Crime Strikes

One in five companies suffered network break-ins during the last year!

That is the startling conclusion of the Third Annual InformationWeek/Ernst & Young Security Survey. Nearly 70% said that security risks have worsened in the last five years; nearly 80% have hired a full-time information-security director.

If 20% of the nation’s companies with networks are successfully attacked every year, you would expect Vandenberg AFB firms would be among the victims. You would be right, too. A hacker used the Intnet to break into a contractor-owned 486 PC in March 1995 and left the message “You really shouldn’t leave your computer open to the whole planet!!!!” on it.

The FBI’s National Computer Crime Squad (NCCS) investigates a wide array of computer crime, including: major computer network intrusions, network integrity violations, privacy violations, industrial espionage, pirated computer software, and other crimes where the computer is a major factor in committing the criminal offense

What steps can we take beforehand to protect ourselves? Here are some tips from the NCCS:

  • Place a login banner to ensure that unauthorized users are warned that they may be subject to monitoring.
  • Turn audit trails on.
  • Consider keystroke level monitoring if adequate banner is displayed.
  • Request trap and tracing from your local telephone company.
  • Consider installing caller identification.
  • Make backups of damaged or altered files.
  • Maintain old backups to show the status of the original.
  • Designate one person to secure potential evidence.
  • Evidence can consist of tape backups and printouts. These should be initialed by the person obtaining the evidence. Evidence should be retained in a locked cabinet with access limited to one person.
  • Keep a record of resources used to reestablish the system and locate the perpetrator.
  • Notices to alert users to potential security problems and information on related subjects are available from the Computer Emergency Response Team (CERT) at cert@cert.org or the Forum of Incident Response and Security Teams (FIRST) at first-sec@first.org, or call (202) 324-9164.
Employees who suspect any type of computer crime should contact their company’s computer or industrial security office immediately.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)