The Art Of War And ECommerce Essay — страница 7

  • Просмотров 415
  • Скачиваний 4
  • Размер файла 27
    Кб

you visited yesterday, that offered to mail you a free $10 off coupon? Maybe the owner is willing to share information with other web site owners. If so, the second web site owner may be able to correlate the information from the two sites and determine who you are. Does this mean that privacy on the web is a lost cause? Not at all. What it means is that the best way to protect your privacy on the Internet is the same as the way you protect your privacy in normal life – through your behavior. Read the privacy statements on the web sites you visit, and only do business with ones whose practices you agree with. If you’re worried about cookies, disable them. Most importantly, avoid indiscriminate web surfing – recognize that just as most cities have a bad side of town that’s

best avoided, the Internet does too. But if it’s complete and total anonymity you want, better start looking for that cave. Law #10: Technology is not a panacea. Technology can do some amazing things. Recent years have seen the development of ever-cheaper and more powerful hardware, software that harnesses the hardware to open new vistas for computer users, as well as advancements in cryptography and other sciences. It’s tempting to believe that technology can deliver a risk-free world, if we just work hard enough. However, this is simply not realistic. Perfect security requires a level of perfection that simply doesn’t exist, and in fact isn’t likely to ever exist. This is true for software as well as virtually all fields of human interest. Software development is an

imperfect science, and all software has bugs. Some of them can be exploited to cause security breaches. That’s just a fact of life. But even if software could be made perfect, it wouldn’t solve the problem entirely. Most attacks involve, to one degree or another, some manipulation of human nature this is usually referred to as social engineering. Raise the cost and difficulty of attacking security technology, and bad guys will respond by shifting their focus away from the technology and toward the human being at the console. It’s vital that you understand your role in maintaining solid security, or you could become the chink in your own systems’ armor. The solution is to recognize two essential points. First, security consists of both technology and policy that is, it’s

the combination of the technology and how it’s used that ultimately determines how secure your systems are. Second, security is journey, not a destination it isn’t a problem that can be “solved” once and for all; it’s a constant series of moves and countermoves between the good guys and the bad guys. The key is to ensure that you have good security awareness and exercise sound judgment. There are resources available to help you do this. The Microsoft Security web site, for instance, has hundreds of white papers, best practices guides, checklists and tools, and we’re developing more all the time. Combine great technology with sound judgment, and you’ll have rock-solid security. “It is important for companies to do a thorough security audit of their computer systems

and to keep these systems up-to-date in order to thwart computer hackers,” said Robert Hagens, director of Internet Engineering for MCI’s Data Services Division. “Computer hackers are constantly sharpening their skills and inventing new schemes to break into company computer systems. Businesses also need to ensure that they continue to stay one step ahead of the bad guys in securing their systems.” According to MCI’s Internet Security Department, most of the successful computer break-ins are the result of exercising old, known weaknesses in operating systems which system administrators and managers have not remedied. Despite the best efforts of the Computer Emergency Response Team (CERT) and others, many system operators have shown remarkable complacence about security

until they are hit by a hacker. MCI hopes this message will encourage more pro-active efforts by managers of systems on the Internet. TOP 10 SECURITY PRECAUTIONS Firewall Sensitive Systems. Ensure corporate systems are protected from Internet attacks. Deploy a firewall between these systems and the Internet to guard against network scans and intrusions. Obtain Security Alert Information. Subscribe to security alert mailing lists to identify potential security exposures before they become problems. CERT (Computer Emergency Response Team at Carnegie Mellon University) is a good place to start. The URL for CERT’s Web site is cert-advisory-request@cert.org. The e-mail address is cert@cert.org. Review System Audit Trails Regularly. Regularly check logging data and audit trails to