填空题
COMPUTER SECURITY
It is
believed that the problem of computer security has changed over a period of time
as businesses, through an increased use of information technology (IT), have
become more and more dependent on information and the associated information
systems (IS). However, at the same time, there has been limited change in the
implemented security or safeguards to these information systems. In fact many
executives or managers fail to even identify the relevant requirement for
security or policies.
A. The Internet has been roughly doubling
in size every year, and the associated security incidents have been running in
parity. Even if the percentage of malicious users is small, the increase in size
of the Internet and in the number of incidents of failed security is
significant. The importance of the growth in the Internet can be highlighted by
the fact that in July 1991, 33% of Internet users were from the commercial
sector, whereas in July 1996, this figure had risen to 50%.
B.
In 1988, the Morris "worm" was introduced on the Internet to invade, attack and
replicate itself on the network. The response was to shut down E-mail and
connectivity. However, the "fixes" were to be distributed via E-mail and so the
solution was self-defeating. As a result of this worm virus, CERT (Computer
Emergency Response Team) was formed, with the Australian version (AUSCERT)
starting in 1992.
C. One of the problems with Internet security
is the fact that the incidents are increasing in sophistication. One of the
reasons for this has been the increasing availability of toolkits. Although
these toolkits are designed to assist computer systems designers to protect and
develop their sites, they also allow relatively ignorant intruders to carry out
increasingly complex incidents with the utilisation of many routers and
disguises to reach their "target". According to a US Department of Defence
report, less than 1% of incidents are identified but 65% of these are
successful. Another thing to bear in mind with intruders and hackers is that
they do not respect geographical or administrative boundaries, or time zones.
They may be geographically dislocated from the point of attack and therefore
operating in "off-duty" hours.
D. The thing to remember with
security is that the system administrators must get it fight all the time; the
intruder must get it right just once. Evidence of this is easy to find. In 1997,
a teenager hacked into a Bell Atlantic network. His hacking crashed the computer
and resulted in 600 homes, a regional airport and emergency services being
without telephone communications for six hours. And what was the punishment for
this offence? Two years of probation, community service and a fine of
US$5,000.
E. Governments are getting tough on cyber crimes,
especially in the wake of September 11th. These crimes are being linked to
national security, which in the US is now of major concern to government
officials and the general public alike. And the government has been swift to
act. In late 2001, the US Patriot Act was introduced. This Act increased the
maximum sentence for breaking into a computer from five to ten years. Then in
July 2002, the House of Representatives approved the
Cyber Security
Enhancement Act. Now if a cyber crime results in the death of an
individual, the offender could face a life sentence. There has been additional
fall-out from the September 11th attacks with the FBI and other government
security agencies dramatically escalating their monitoring of the Internet. This
has pushed some hackers further underground, fearful that what they had
previously been doing out of boredom or challenge could now be viewed as an act
of terrorism.
F. On the other hand, the events of September 11th
have led to some ex-hackers using their extensive knowledge and experience to
join forces with security forces to aid the fight against terrorism.
G. However, even with the increased threats of punishment, computer
viruses and incidents of hacking continue to be widespread. Long-time security
measures which have been utilised by companies and individuals are not
fail-safe. One of the more prevalent IS security measures is the use of
firewalls, which "filter" the data entering/leaving the corporate IS. It is true
that these firewalls have a number of advantages, nevertheless, they should not
be seen as a panacea to all IS security woes, merely an enhancement. They can
provide a false sense of security and have limited protection from internal
attackers. In short, the corporate world needs to realise that computer security
will be an on-going problem and expense.
Questions 1-3
Complete the table below with
information found in the text.
Use NO MORE THAN THREE
WORDS OR A NUMBER for each answer. Write your answers
in boxes 1-3 on your Answer Sheet.
|
Date |
Event |
|
1996 |
commercial sector constituted {{U}}{{U}} 1 {{/U}}{{/U}}of
Internet usage |
|
{{U}}{{U}} 2 {{/U}}{{/U}} |
Computer Emergency Response Team formed |
|
Post-September 11th 2001 |
FBI increased {{U}}{{U}} 3
{{/U}}{{/U}} |