Part 1 of a series of blog entries all about IT Security in the Modern World of Computing
By Autress Lowe III
What is IT Security?
When you think of IT Security, what do you think of? For most people, IT Security usually stops at a password, be it the PIN code to unlock their phone, or the password to the Wi-Fi. But IT Security isn’t just a four-digit PIN code, it’s a network of systems that all work together seamlessly to create a secure working environment.
The first part of any Cybersecurity solution, however, is a password. It’s the most basic form of protection there is. Nowadays, we have a plethora of password solutions to fit any user or business’s needs.
To start, we have our basic “password”, a usually 8-26-character alphanumeric sequence of letters, numbers, and special characters, i.e. “P@55W0rd!”. These passwords, while difficult for a normal user to guess, are extremely susceptible to brute force hackers and social engineers who may come across a user’s password in a multitude of ways, from dumpster diving to simply watching you enter it from over your shoulder. A password is a last line of defense, one that should always be supplemented with additional security measures.
Passphrases, on the other hand, are much longer strings of passwords, usually a short sentence or two. While they are much more difficult to crack, they still suffer the same vulnerabilities that normal passwords have.
The little cousin of passwords are Single-Use passwords. These are much more effective than your traditional password or passphrase, requiring a user to receive a new password directly from an IT administrator each time they wish to logon, making traditional attempts to hack a thing of the past. Mostly banks use this, using what are known as Transaction Authentication Numbers, or TANs for short.
Even further estranged we have the time synchronized password, where the user has a small device that displays a password that changes every minute or so.
We also have biometric security methods, such as retina and fingerprint scanners. While difficult to crack, they have a high error rate, meaning a user could potentially be locked out of their own system because the scanner doesn’t recognize their fingerprint. They are also rather easy to spoof, and once a fingerprint or retina is “cracked” (or otherwise duplicated), it renders the entire system ineffective. After all, a person can’t change their fingerprints. Yet.
Envaulting technology relies on a company or user’s network and a USB drive to work. Think of it this way: the computer is a lock, and the USB thumb drive is a key ring. Once connected, the USB searches for a key somewhere else on the network, to unlock the computer. With this security measure, your data is only accessible on-site, and connected to the network.
We also have drive encryption, where a user can partially or fully encrypt their hard drive, requiring a password of some form to access the information. Encryption works by taking data and scrambling it in such a way that only someone with the correct information and hardware can read it. In basic form, we have old school cryptography, like shift codes where you take a word like “Apple” and change each letter so it reads “DSSOH”. Only someone with the proper key (or a basic knowledge of shift codes) could properly read the information. Real drive encryption works in a similar manner, only the key is a lot harder to guess than “shift each letter by three”.
As an additional step, the user can place the certificate that stores the passwords (and by extension, the prompt to logon) on a thumb drive, making the data inaccessible without that USB Key and the correct password.
Keep in mind, obtaining a password, whatever the type used, is often not the first step in cracking a system. The first step is gaining physical or digital access to the system. Following appropriate security procedures such as requiring your employees to wear ID badges with their face and badge number and an embedded RF chip can go a long way towards IT Security, preventing unauthorized access to your network by stopping would-be hackers at the front door.
Armed with all your passwords and a bogus ID, a hacker can also be denied access to your system if there is someone stop or deter them. That’s where a dedicated IT Team or MSP comes in handy. MSPs are a low cost, high ROI method of protecting your valuable information by not only deterring would be criminals, but by also managing your suite of security protocols and solutions, taking some of the burden off the end-user. With a team in place dedicated to the security of your business and personal information, as well as managing the changing of passwords and security protocols, a business can stay up-to-date on the latest security features as well as keep their information safe without taking precious time and resources away from your company’s true goals.
Hardware and Software
Of course, where would your Cybersecurity team be without a decent anti-virus and firewall in place. These chaff filters work by taking known threats out of the equation. A user properly protected is highly unlikely to be attacked by an outdated virus.
A firewall works by preventing outside, unauthorized access to a user or company’s internal network, serving as a gatekeeper between it and the outside world. Without one of these, your IT Team would have its hands full solving problems and preventing intrusions that they would otherwise never have to deal with.
This brings us to the most important part of any IT Team: UPDATES! No IT Security Solution is perfect; they usually have a few exploits scattered here and there. But developers and IT Professionals alike are constantly patching their software, getting rid of exploits that would have otherwise taken complete systems offline or resulted in the loss or corruption of precious data. If your IT Security team fails to keep your systems update with the latest firmware and software patches, your leaving your system vulnerable to enthusiastic hackers who see out-of-date software as a jackpot.
In Part Two of IT Security, we’ll discuss what kind of threats the modern world faces in the Age of Information, and how they work.