booklets and brochures

networked information systems

conclusion

Threats to computer networks and systems are increasing at an alarming rate from both internal and external adversaries. Encryption technology, authentication devices, firewalls, vulnerability checking tools, and other security products offer improved defense mechanisms against electronic intrusion. Effective intrusion detection, however, remains elusive as the system environment becomes more complex and adversaries continuously adapt their techniques to overcome innovations in computer security. In addition, system administrators have been slow to adopt intrusion detection technology to routine computer operations.

Although managing networks and systems is complicated, adhering to simple guidelines would dramatically reduce the number of system vulnerabilities. As evidenced in the "Phonemasters" case, cyber crimes are often facilitated by old-fashioned guile, such as calling employees and tricking them into giving up passwords. The Federal Government and private industry must, therefore, address personnel security and "social engineering," in addition to implementing electronic security measures.

Even with all the security countermeasures in place, network and system intrusion incidents can still occur. When such incidents are suspected or do occur, timely and accurate reporting will significantly limit the damage and exposure of information.

glossary

Actual Viruses- Executable program has an actual malicious code written into it and can infect systems.

Back Door-A hole a computer system's security that is deliberately left in place by a programmer.

Computer Viruses- A computer program that is used to infect the operation of a computer system.

Countermeasures- Any action, device, procedure, technique, or other measure that reduces the vulnerability of a network or system.

Crackers- Recreational hackers who gain unauthorized access to a computer system for the challenge or bragging rights.

FIS- Foreign intelligence service.

Hacking- The process of gaining unauthorized access to a network/system or data by exploiting technical weakness in application or operating system software.