Research Report

Computer Security and Audit

The expanding growth and complexity of communication networking, and the risks presented by a new breed of skillful hackers, serious security threats are an unfortunate certainty within the highly interconnected office environment of now days. These threats are very common and the results are costly to those businesses that have been affected.

By: Syeda Mahwish Fatima Naqvi D/44 Rizvia Society Nazimabad Karachi. Cell: 0307-2128773

Computer Security and Audit

Contents:
1.INTRODUCTION 2.Computer Security Subsystems 3.Evaluations can be divided into two types: 4.The Virus Threat 5.The Alternative to the In Home Solution 6.Challenges to stay 7.A computer security and audit 8.Audit Reporting 9.Traditional Logging 10.Auditing Services 11.Computer security 12. Security designe 13.The Technologies Of Computer Security 14. The early Multics operating system 15. Securety coding 16.The access control lists and capabilities: 17.The control lists 18. Apply Applications 19. Terminology 20.The worlds first computer hacker 21.The word hacker 22.Save Money with Computer Security. 23.What benefits can you expect from a Computer Security Audit? 24. How it conduct a Computer Security Audit 25. Benefits of Computer Security Audit: 26.Computer Audit Trails 27. BENEFITS of Audit trial 28.Individual Accountability 29.Reconstruction of Events 30.Intrusion Detection 31. Problem Analysis 32.AUDIT AND LOGS 33. Keystroke Monitoring 34. Audit Events 35.System-Level Audit Trails 36.Application-Level Audit Trails 37. IMPLEMENTATION 38.Protecting Audit Trail Data 39.Review of Audit Trails

40.The Audit Data. 41.Real-Time Audit Analysis 42.Tools for Audit Trail Analysis 43.COST CONSIDERATIONS 44.system having external/internal audit system for computer security 45.The best advice relating to computer security risk computer security 46.Threatening your Network 46.Buy The Best External Hard Drives 47. Effective modified Security auditing tool 48.most used backdoor programs 49.Security Review Verdict About the Performers 50.Antivirus that is user friendly and provides the adequate protection you need for your computer. 51.The Commandments to PC Security

Computer Security and Audit

1. INTRODUCTION A computer security subsystem is defined, herein, as hardware, firmware and/or software, which can be added to a computer system to enhance the security of the overall system. A subsystem's primary utility is to increase the security of a computer system. The system that the subsystem is to protect is referred to as the protected computer system Interpretation. Its corporate into a computer system environment, evaluated computer security subsystems may be very effective in reducing or eliminating certain types of vulnerabilities whenever entire evaluated systems are unavailable or impractical. 2.Computer Security Subsystems Implementation of a security policy in a trusted computer system. The effectiveness of security feature present within a system is, therefore, dependent to some degree on the presence and effectiveness of other security features found within the same system. Because it was intended to be used only for systems, which incorporated all the security features of a particular evaluation class, in all cases, completely specify these interdependencies among security features. Addition to the class of trusted computer system products, there exists a recognized need for a class of computer security products, which may not individually meet all of the security features and assurances. Instead, these products may implement some subset of the features enumerated and can potentially improve the security posture in existing systems. All products are collectively known as computer security subsystems. Computer security subsystems against a subset of the requirements given in the has proven an extremely difficult task because of the implied dependencies among the various features discussed. An interpretations of the interdependencies and the relative merits of specific computer subsystem implementations have been huge subjective and given to considerable variation. This document provides interpretations for computer security subsystems in an effort to lend consistency to evaluations of these products by explicitly stating the implications. 3.Evaluations can be divided into two types: (l) A product evaluation can be on a subsystem from a perspective that excludes the application environment, or (2) A certified evaluation can be done to assess appropriate security measures have been taken to permit an entire system to be used operationally in a specific environment. The product evaluation type is done by the National Computer Security Center through the Trusted Product Evaluation Process using this interpretation for subsystems. The Certified type of evaluation lS done in support of a formal accreditation for a computer system to operate in a specific environment.

The expanding growth and complexity of communication networking, and the risks presented by a new breed of skillful hackers, serious security threats are an unfortunate certainty within the highly interconnected office environment of now days. These threats are very common and the results are costly to those businesses that have been affected. Apparently, the victims aren't entirely at random, which is often assumed to be the case. All those respondents who suffered one or more kinds of security incident further said they had suffered a targeted attack defined as a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population. 4.The Virus Threat financial fraud overtook virus attacks as the source of the greatest financial losses. Virus losses, which had been the leading cause of loss for eight straight years, fell to second place. In now a days global marketplace every business needs to be vigilant in proactively protecting its corporate assets. Now days a comprehensive, layered approach is required to secure the network and company resources from multiple types of threats. Small and medium sized businesses are particularly vulnerable because they typically do not have expert resources on staff to ensure the network is secure, that regulatory compliance issues are being properly addressed, and that network monitoring and updates are effectively maintained whole day. 5.The Alternative to the In Home Solution To Managed service providers can help-p secure their network by deploying a layered approach that uses various advanced technologies and solutions, protecting the network, and anticipating multiple types of potential security breaches from Trojan horse attacks and spy ware virus, to data tampering and information theft. There are any advantages of working with a managed security provider is that services can be scaled to meet an organization's exact security requirements. The flexibility allows companies to minimize service outages and operational expenses, there reducing the overall financial impact. 6.Challenges to Stay Frankly speaking a large enterprise IT team can also benefit from an out-tasked network security solution, as the demands to ensure that in-house staff is staying current increases exponentially over time. You can ask service provider to help you assess your security needs and design the best solution for your business. A comprehensive computer security audit is often the first step in this process. By all means, be prepared for the unexpected, and keep your business safe. However, this is a complex task that's best left to the experts, while you free up time to focus on your core business objectives. Computer system and related equipment is subject to monitoring for administrative oversight, law enforcement, criminal investigative purposes, inquiries into alleged wrongdoing or misuse, and to ensure proper performance of applicable security features and procedures 7.A computer security and audit A computer security and audit is a systematic measurable technical assessment of a computer system or application. assessments include interviewing staff, security

vulnerability scans, reviewing application and operating system access controls, or analyze physical access to the computer systems. Automatic assessments, include system generated audit reports or using many software to monitor and report changes to files on a computer system. Computer security systems can include personal computers, servers, network routers, switches. All Applications include Web Services, Microsoft Project Central, or Oracle Database. 8.Audit Reporting During the last decades systematic audit record generation this is also called audit reporting. It can be described as add hoc. Ironically in the early days of mini-computing with large scale, single vendor, custom software computer systems from companies such as IBM and Hewlett , auditing was considered a mission-critical function. Over the last 60 years, COTS or Commercial Off the Shelf computer software applications, components, and micro computers have gradually replaced custom computer softwares hardware as more cost effective business management solutions.During this transition, the critical nature of audit reporting gradually transformed into low priority customer requirements. Many software consumers, having little else to fall back on, have simply accepted the lesser standards as normal. There are many consumer licenses of existing COTS software disclaim all liability for security, performance and data integrity issues. 9.Traditional Logging Using traditional logging applications and components submit freeform text messages to system logging facilities such as the Unix Syslog process, or the Microsoft Windows System, Security or Application event logs. Many applications often fall back to the standard logging facilites. All these messages usually contain some information only assumed to be security relevant by the application developer, who is often not a computer or network-security expert. Theproblem with such free form event records is that each components developer individually determines what information should be included in an audit record, and the overall format in which that record should be presented to the audit log. variance in formatting among millions of instrumented applications makes the job of parsing audit records by analysis tools. These domain and application specific parsing code included in analysis tools is very difficult to maintain, as changes to event formats inevitably work their way into newer versions of the applications over time. 10.Auditing Services Most contemporary enterprise operating systems, including Microsoft Windows, Solaris, Mac OS X, and FreeBSD .Its support audit event logging due to requirements in the Common Criteria and more historically. FreeBSD and Mac OS X make use of the open source Open BSM library and command suite to generate audit records. The audit event logging has increased with recent new 2000 world-wide legislation mandating corporate and enterprise auditing requirements. source projects such as XDAS, a Bandit project identity component, have begun to take their place in software security reviews as not only an improvement, but a requirement. XDAS is based on the

Group Distributed Auditing Service pecification, and has begun to show prominence in the security community as a more structured alternatives to free-form text audit logging. The specification defines a well-considered event format for security-related events, an event taxonomy with event types that cover most security event scenarios, and a standardized API for event submission and management. 11.Computer security Computer security is a technology known as information security as applied to computers. The main purpose of computer security can include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy. A Computer security imposes requirements on many computers that are different from most system requirements because they often take the form of constraints on what computers are not supposed to do. To makes computer security particularly challenging because it is hard enough just to make computer programs do everything what you want they are designed to do correctly. Moreover negative requirements are deceptively complicated to require exhaustive testing to verify, which is impractical for computer programs. Computer security provides a strategy to convert negative requirements to positive enforceable rules. Thats why computer security is often more technical and mathematical than some computer science fields. 12. operating Securety systems use of the term computer security refers to technology to implement a secure operating system. this technology is based on science developed and used to produce what may be some of the most impenetrable operating systems. Its still valid, the technology is in limited use now days, primarily because it imposes changes to system management and also because it is not widely understood. ultra-strong secure operating systems are based on operating system kernel technology that can asure that certain security policies are absolutely enforced in an operating environment.. The strategy is based on a coupling of special microprocessor hardware features, its involving the memory management unit, to a special correctly implemented operating system kernel. tfoundation for a securety operating system, if certain critical parts are designed and implemented correctly, can be sure the absolute impossibility of penetration by hostile elements. The capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Many ordinary systems, on the other hand, lack the features that assure this maximal level of security. The dmethodology to produce such securety systems is precise, deterministic and logical. Systems designed with methodology represent the state of the art of computer security although products using such security are not widely known. In contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Security operating systems designed this way are used primarily to protect national security information, military secrets, and the dataof international financial institutions. These are very useful security tools and very secure operating systems have been certified at the highest level to operate over the range of Top Secret to unclassified including SCOMP, USAF SACDIN, NSA Blacker andMLS LAN. The surety of security depends not only on the soundness of the design strategy, but

also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The most Common Criteria quantifies security strength of products in terms of two components, security functionality and assurance level and these are specified in a Protection Profile for requirements and a Security Target for product descriptions. high secure general purpose operating systems have been produced for decades or certified under the Common Criteria. 12. Security designe Security designe can be defined as the design artifacts that describe how the security security countermeasure are positioned, and how they relate to the overall information technology architecture. These controls serve the purpose to maintain the system's quality attributes, among them confidentiality, integrity, availability, accountability and assurance.you can describe in simple words, a security design is the plan that shows where security measures need to be placed. If your plan describes a solution then, prior to building such a plan, one would make a risk analysis. If the plan describes a generic high level design then the plan should be based on a threat analysis. 13.The Technologies Of Computer Security There are many technologies of computer security are based on logic. There is no standard notion of what securety behavior is it. Security is a concept that is more unique to each situation. Security is extraneous to the function of a computer application, rather than ancillary to it, the security necessarily imposes restrictions on the application's behavior. There are many approaches to security in computer, sometimes a combination of approaches is valid: when you trust all the software to abide by a security policy but the software is not trustworthy. when all the software to abide by a security policy and the software is validated as trustworthy. when no software but enforce a security policy with mechanisms that are not trustworthy. when no software but enforce a security policy with trustworthy mechanisms. There are many systems have unintentionally resulted in the first possibility. The approach two is expensive and nondeterministic, use is very limited. Approaches two and four lead to failure. The approach number four is based on hardware mechanisms and avoids abstractions and a multiplicity of degrees of freedom, it is more practical. The combinations of four and six areused in a layered design with thin layers of four and thick layers of four.There are myriad techniques used to design security systems. There are many, if any, effective strategies to enhance security after design. The technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function. Thats why if an attacker gains access to one part of the system, fine grained security sure that it is just as difficult for them to access the rest. By breaking the computer system up into small components, the complexity of individual components is reduced, opening the possibility of using

techniques as automated theorem proving to prove the correctness of crucial software subsystems. The enables a closed form solution to security that works well when only a single well characterized property can be isolated as critical, and that property is also assessable to math. It is impractic for generalized correct, which probably cannot even be defined, much less proven. A formal correct proofs are not everytime possible, rigorous use of code unit testing represent a great effort approach to make modules secure. The design should use be defense in deep, where more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds. To defense in deep works when the breach of one of the security measure does not provide a proper platform to facilitate subverting another. the cascading principle knowledges that many low hurdles does not make a high hurdle. cascading several weak mechanisms does not provide the more safety of a single mechanism. Subsystems default to secure settings, and wherever possible should be designed to fail securety rather than fail insecurety. a securety system should required a deliberate, conscious, knowledgeable and decision on the part of legitimate authorities in order to make it insecurety. Tade dition security should not be an all or nothing issue. The designers of computer systems should assume that security breaches are inevitable. The audit trails should be kept of computer system activity, that why when a security breach occurs, the mechanism and extent of the breach can be determined. The Storing audit trails remotely, where they can only be appended to, so can keep intruders from covering their tracks. In the end full disclosure helps to sure that when bugs are found the window of vulnerability is kept as short as possible. 14. The early Multics operating system The early Multics operating system was notable for its early emphasis on computer security by design, the Multics was possibly the very first operating system to be designed as a securety system from the ground up. The Multics security was broken, not once, but repeatedly. The strategy was known as penetrate and has become widely known as a non terminating process that fails to produce computer security. The led to work furthur on computer security that prefigured modern security engineering techniques producing closed form processes that terminate. 15. Securety coding If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. Such security operating systems are possible and have been implemented, most commercial systems fall in a low security' category because they rely on features not supported by secure operating systems like portability. The security operating behavior, applications must be relied on to participate in their own protection. The best effort security coding practices that can be followed to make an application more resistant to malicious subversion.

The commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Many common software defects include buffer overflows, format string vulnerabilities, integer overflow, and command injection. Ere are some languages such as C and C++ are vulnerable to all of these defects.. the other languages, such as Java, are more resistant to some of these defects, but are still prone to command injection and other software defects which facilitate subversion. Nowdays another bad coding practice has come under scrutiny dangling pointers. The first exploit for this particular problem was presented in year before. The publication problem was known but considered to be academic and not practically exploitable. Summary is that the securety coding provide significant payback in low security operating behaviour, and t worth the effort. Now days there is no known way to provide a reliable degree of subversion resistance with any degree or combination of 'securety coding. 16.The access control lists and capabilities: In computer systems, the two fundamental means of enforcing privilege separation are ACLsand capabilities. Th ACLs have been proven to be insecure in many situations. It has also shown that ACL's promise of giving access to an object to only one person can never be guaranteed in practice. All these difficulties are resolved by capabilities. It does not mean practical flaws exist in all ACL based computer systems, but only that the many designers of certain utilities must take responsibility to ensure that they do not introduce flaws. There are various reasons, capabilities have been mostly restricted to research operating computer systems and commercial use ACLs. Capabilities also be implemented at the language level, leading to a style of programming that is essentially a refinement of standard objectoriented designer. open source project in the area is the language. the Plessey System 250 and then Cambridge CAP computer demonstrated the use of capabilities, in hardware and software, this technology is hardly new. There are many reason for the lack of adoption of capabilities may be that ACLs appeared to offer a quick fixed for secure without pervasive redesign of the computer operating system and hardwares. The most securety computers are those not connected to the Internet and shielded from any interference. In the whole world, the most security comes from computer operating systems where the security is not an add-on, The almost never shows up in lists of vulnerabilities for great reason. There are years may elapse between one problem needing remediation and the next. A more secure system is EROS.Trusted BSD is an open sourcety project with a goal, among other things, of building capability functionality into the Free BSD computer operating system. 17.The access control lists Within computer systems, the two fundamental means of enforcing privilege separation are access control lists and capabilities. The semantics of ACLs have been proven to be insecure in many situationn. It also been shown ACL's promise of giving access to an object to only one person can never be guaranteed in practice. All these problems are

resolved by capabilities. It does not mean practical flaws exist in all ACL systems, but only that the designers of certain utilities must take responsibility to ensure that they do not introduce flaws. Unfortunately, for various historical reasons, capabilities have been mostly restricted to research operating systems and commercial OSs still use ACLs. It also be implemented at the language level, leading to a style of programming that is essentially a refinement of standard object-oriented design. Its open source project in the area in some language. First the Plessey System 250 and then Cambridge CAP computer demonstrated the use of capabilities, both in hardware and software, so this technology is hardly new. the lack of adoption of capabilities may be that ACLs appeared to offer a quick fix for secure without pervasive redesign of the computer operating system and hardware. Mostly the securety computers are those not connected to the Internet and shielded from any interference. In the whole world, the security comes from computer operating systems where security is not an add, almost never shows up in lists of vulnerabilities for better reason. There are years may elapse between one problem needing remediation and the next. 18. Apply Applications All Computer security is critical in any technology driven industry which operates on computer operating systems. The issues of computer based systems and addressing their countless vulnerabilities are an integral part of maintaining an operational industry An aviation The aviation industry is especially important when analyzing computer security because the involved risks include expensive equipment and cargo, transportation infrastructure, and human life. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. The exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error. The successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. A proper attack does not need to be very high tech or well funded for a power outage at an airport alone can cause repercussions worldwide. One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. All transmissions may air traffic controllers or simply disrupt communications altogether. All these incidents are so common, having altered flight courses of commercial aircraft and caused panic and confusion in the past. Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 275 to 325 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party. Electricity fluctuation, brown-outs, fuses, and various other power outages instantly disable all computer systems, since they are dependent on electrical source. accidental faults have caused significant disruption of safety critical systems throughout the last few decades

and dependence on reliable communication and electrical power only jeopardizes computer safety. 19. Terminology The following terms are used in securety systems are explained . A computer Firewalls can be hardware devices or some other software programs. It provide some protection from online intrusion, but since they allow some applications web browsersto connect to the Internet, they don't protect against some unpatched vulnerabilities in these applications . Automatic theorem proving and other verification tools can enable critical algorithms and code used in secure systems to be mathematically proven to meet their specifications. A simple microkernels can be written so that we can be sure they don't contain any bugs. A big OS, capable of providing a standard API like POSIX, can be built on a secure microkernel using small API servers running as normal programs. If API servers has a bug, the kernel and the other servers are not affected. Cryptographic techniques can be used to defend data in transit between systems, reducing the probability that data exchanged between systems can be intercepted or modified. Strong authentication techniques can be used to ensure that communication end-points are who they say they are. Securety cryptoprocessors can be used to leverage physical security techniques into protecting the security of the computer system. The Chain of trust techniques can be used to attempt to ensure that all software loaded has been certified as authentic by the system's designers. The Mandatory access control can be used to ensure that privileged access is withdrawn when privileges are revoked. To deleting a user account should also stop any processes that are running with that user's privileges. The Capability and access control list techniques can be used to ensure privilege separation and mandatory access control.

20.The worlds first computer hacker The first computer hacker to be prosecuted will be the opening speaker for a fascinating new series of talks on IT security, the Free public talks are being run by the Information Security Consortium The new group part of the Universitys is raising the profile of computer security with local companies, encouraging firms to offer computing students work placements to gain them real experience and inviting speakers to talk about the latest information technology innovations. The person in the world to face jury trial in connection with hacking. He hacked into British Telecom's networks and gained access to private inboxes including the Duke of Edinburghs. Roberts ultimate acquittal on forgery charges, after an appeal to the House of Lords, led t the introduction of the Computer Misuse Act, that now outlaws hacking. Now a successful expert computer security talk entitled Searching for the strong link in your IT security chain He will

discuss the security pitfalls in modern IT systems and the mistakes that companies make, which lead to misuse of data and computer systems being compromised. 21.The word hacker The word hacker has many meanings. But despite the twisted view of the hacker presented by the media, a hacker is just somebody who likes to explore possibilities. To test the boundaries of whats possible, and then break those boundaries. Who knows how many gadgets on the market today are there solely because somebody said, no, I want more. However in recent years the view of hackers has been almost solely bas. Every time a computer system has a security problem, its because of hackers. However, with the increasing trend on moving everything possible to digital formats, how can we assign such labels? Every criminal, from the bank robbers to organized crime, is taking advantage of poor computer security to reach their goals. Just because a bank robber uses a poorly configured computer security system to rob a bank, it doesnt make him a hacker. Hes simply another bank robber thats got smart and moved into the 21st Century. How long it takes the general media to begin to understand this is anybodies guess. However the point of critical mass is bound to come. The day when the news contains the word hacker so much, that it has no meaning anymore. It seems that then and only then will the media outlets realize that just because a computer was involved, it doesnt change what the criminal is. I just wish that theyd realized that before ruining the reputation of so many great hackers of the past, whove brought us real innovations. 22.Save Money with Computer Security. You want IT to run business and cost can add a lot to your bottom line. But do you really know how much you are spending on this aspect of your operations? Computer Security Audit services in Asia and all over the world can give you a true picture of where your company is at and where it's going with IT costs. It gives management a full report on how your IT budget is being used and identifies some of the potential Internet Security threats that can impact you and your company. Computer Security Audit report gives you a professional, expert evaluation on the Security of your Computer systems. It also rates the adequacy of the controls in your information systems and related operations to ensure your IT systems are reliable and cost effective. 23.What benefits can you expect from a Computer Security Audit? Features of a Computer Security Audit Definition of a computer security policy and strategy. Establishing the need for system procedures and monitoring. An evaluation of the alternative courses of action is available. Alternative resources of supply and selecting the most appropriate sources. Delivery of written reports, presentations, and specifications with analysis, recommendations, plans, and designs.

24. How it conduct a Computer Security Audit Interview of the Management Team and key staff Observe IT Practices and review of documentation in place, including Internet and computer security policy Evaluate the organizations IT-related risk management, control and governance processes Check quality, validity and reliability of information to and from computer systems, to assess the systems' internal controls and the security of the environment around the systems Verify that agreed procedure and recommendations from headquarters are strictly adhered to.

25. Benefits of Computer Security Audit: You know that your IT environment, applications and data are secure, controlled and productive and are giving you a reasonable return on investment You know what to do to reduce and control IT-related risk and comply with legal and regulatory needs Peace of mind. In turns helps sure that your business avoids embarrassing, costly and often heavy fines. Your IT systems comply with ISO IT Standards Your staff gets up-to-date training. 26.Computer Audit Trails Audit trails maintain a record of system activity both by system and application processes and by user activity of systems and applications. In conjunction with appropriate tools and procedures, audit trails can assist in detecting security violations, performance problems, and flaws in applications. This bulletin focuses on audit trails as a technical control and discusses the benefits and objectives of audit trails, the types of audit trails, and some common implementation issues. An audit trail is a series of records of computer events, about an operating system, an application, or user activities. A system may have audit trails, each devoted to a particular type of activity. Computer Auditing is an analysis of management, operational, and technical controls. Auditor can obtain valuable information about activity on a computer system from the audit trail. Audit t improves the audit ability of the computer operating system. Audit trails used as either a support for regular system operations or a kind of insurance policy. As insurance, audit trails are maintained but are not used unless needed, such as after a system outage. As a support for operations, audit trails are used to help system administrators ensure that the system or resources have not been harmed by hackers, insiders, or technical problems. 27. BENEFITS of Audit trial

Audit trails provide a means to help accomplish several Security objectives, including individual accountability, reconstruction of events actions that happen on a computer system intrusion detection, and problem analysis. 28.Individual Accountability Audit trails are a technical mechanism that helps managers maintain individual accountability. Always advise users that they are personally accountable for their actions, which are tracked by an audit trail that logs user activities, managers can help promote proper user behavior. User likely to attempt to circumvent security policy if they know that their actions will be recorded in an audit log. For example, audit trails can be used in concert with access controls to identify and provide information about users suspected of improper modification of data. An audit Trail may record "before" and "after" versions of records. It can help management determine if the user made errors, by the system or application software, or by some other source. The Audit work in concert with logical access controls, which restrict use of computer system resources. Granting users access to particular resources usually means that they need that access to accomplish their job. Authorized access, of course, can be misused, which is where audit trail analysis is useful. While users cannot be prevented from using resources to which they have legitimate access authorization, audit trail analysis is Used to examine their actions. I give you the example considers a personnel office in which users have access to those personnel records for which they are responsible. The Audit trails reveal that an individual is printing far more records than the average user, which could indicate the selling of personal data. Audit trail analysis could reveal that an outgoing modem was used extensively by the engineer the week before quitting. This used to investigate whether proprietary data files were sent to an unauthorized party. 29.The Reconstruction of Events The Audit trails also are used to construct events after a problem occurred. Damage can be more easily assessed by reviewing audit trails of system activity to pinpoint how, when, and why normal operations ceased. Audit analysis can often distinguish between operator-induced errors or system-created errors .If, a system fails or the integrity of a File is questioned; an analysis of the audit trail can reconstruct the series of steps taken by the system, the users, and the application. The conditions that existed at the time of, a system crash, can be useful in avoiding future outages. Additionally, if a technical problem occurs. 30.Intrusion Detection Intrusion detection refers to the process of identifying attempts to penetrate a system and gain unauthorized access. If audit trails have been designed and implemented to record appropriate information, they can assist in intrusion detection. Although normally thought of as a real-time effort, intrusions can be detected in real time, by examining audit records as they are created (or through the use of other kinds of warning

Flags/notices), or after the fact. Real-time intrusion detection is primarily aimed at outsiders attempt to gain unauthorized access to the computer system. It may also be used to detect changes in the system's performance indicative of, for example, a virus or Worm attack (forms of malicious code). There may be difficulties in implementing realtime auditing, including unacceptable system performance. After-the-fact identification may indicate that unauthorized access was attempted (or was successful). It can be given to damage assessment or reviewing controls that were attacked. 31. The Problem Analysis Audit trails also used as online tools to help identify problems other than intrusions as they occur. This referred to as real time auditing or monitoring. If a system or application is deemed to be critical to an organization's business or mission, real-time auditing may be implemented to monitor the status of these processes (although, as noted above, there can be difficulties with real-time analysis). An analysis of the audit trails may be able to verify that the system operated normally. The use of audit trails complemented by computer system performance logs. For example, a significant increase in the use of system resources. Could indicate a security problem. 32.AUDIT AND LOGS A system can maintain several different audit trails concurrently. There are typically two kinds of audit records, (1) An event-oriented log and (2) (2) A record of every keystroke, often called keystroke monitoring. Event logs usually contain records describing system events, application events, or user events. Audit trail include many information to establish what events occurred and who (or what) caused them. In general, an event record should specify when the event occurred, the user ID associated with the event, the program or command used to initiate the event, and the result. Date and time can help determine if the user was a masquerader or the Actual person specified. 33. Keystroke Monitoring Keystroke monitoring is the process used to view or record both the Keystrokes entered by a computer user and the computer's response during an Interactive session. Keystroke monitoring is usually considered a special Case of audit trails. Keystroke monitoring include viewing characters as they are typed by users, reading users' electronic mail, and viewing other recorded information typed by users. There are many forms of routine system maintenance may record user keystrokes. It could constitute keystroke monitoring if the keystrokes are preserved along with the user identification so that an administrator could determine the keystrokes entered by specific users. Keystroke monitoring conducted in an effort to protect systems and data from intruders who access the systems without authority or in excess of their assigned authority. Monitoring keystrokes typed by intruders can help administrators assess and repair damage caused by intruders. 34. Audit Events

System audit records are generally used to monitor and fine-tune system performance. Audits records are generally used to hold individuals accountable for the actions. An analysis of user audit records may Expose a variety of security violations, which might range from simple browsing to attempts to plant Trojan horses or gain unauthorized privileges. The Computer system itself enforces certain aspects of policy particularly system-specific policy) such as access to files and access to the system itself. Monitoring the alteration of systems configuration files that implement the policy is important. If accesses have to be used to alter configuration files, the system should generate audit records whenever these accesses are used. Many times a finer level of detail than computer system audit trails is required. If application is difficult, it can be desirable to record not only who invoked the application, but certain details specific to each use. You can consider an email application. It desirable to record whom Sent mail, as well as to whom they sent mail and the length of messages. A database application. It be useful to record who accessed what database as well as the individual rows or columns of a table that were read, instead of just recording the execution of the database program. A user audit trail monitors and logs user activity in a system or application by recording events initiated by the user. Ideally, a system administrator would have the ability to monitor all system and user activity, but could choose to log only certain functions at the system level, and within certain applications. The decision of log and how to review should be a function of Data sensitivity and should be decided by each functional application owner with guidance from the system administrator and the computer security manager/officer, weighing the costs and benefits of the logging. A logging can have privacy implications; users are aware of applicable privacy laws, regulations, and policies that may apply In such situations. 35.System-Level Audit Trails If a system-level audit capability exists, the audit trail should capture, at a minimum, any attempt to log on (successful or unsuccessful), the log-on ID, date and time of each logon attempt, date and time of each log-off, the devices used, and the function(s) performed once logged on. A System level logging typically includes information that is not specifically security related, as system operations, cost-accounting charges, and network performance. 36.The Application Level Audit Trails The System level audit trails notable to log events within applications, or not be able to provide the level of detail needed by application or data owners the system administrator, or the computer security manager. In general, application-level audit trails monitor and log user activities, including data files opened and closed, specific

actions, such as edit and deleting records reports. Some applications may be sensitive enough from a data availability, confidentiality, and/or integrity perspective that a "before" and "after" picture of each modified record (or the data element(s) changed within a record) should be captured by the audit trail. 37. IMPLEMENTATION Audit data requires protection, since the data should be available for use when needed and is not useful if it is not accurate. The better-planned and implemented audit trail is of limited value without timely review of the logged data. Audit trails may be reviewed periodically, as needed, automatically in real-time, or in some combination of these. System managers and administrators, with guidance from computer security personnel, should determine how long audit trail data would be maintained. 38.Protecting Audit Trail Data Access to on-line audit logs should be strictly controlled. Computer security managers and system administrators or managers should have access for review purposes; however, security and/or administration personnel who maintain logical access functions may have no need for access to audit logs. It is particularly important to ensure the integrity of audit trail data against modification. One way to do this is to use digital signatures. Another way is to use write-once devices. The trail files need to be protected since, for example, intruders may try to "cover their tracks" by modifying audit trail records. Audit trail records should be protected by Strong access controls to help prevent unauthorized access. The integrity of trail information particularly important when legal issues arises, such as when audit trails are used as legal evidence. (This may, for example, require daily printing and signing of the logs.) Questions of such legal issues should be directed to the cognizant legal counsel. The audit trail information may also be protected, for example, if the audit trail is recording information about users that may be disclosure-sensitive such as transaction data containing personal information. Strong access controls and encryption can be particularly effective in preserving confidentiality. 39.The Review of Audit Trails Audit trails used to review what occurred after event, for periodic reviews and for realtime analysis. Reviewers should know what to look for to be effective in spotting unusual activity. Audit review easier if the audit trails function can be queried by user ID, terminal ID, application name, date and time, or some other set of parameters to run reports of selected information. 40.The Review of Audit Application owners, data owners, system administrators, data processing function managers, and computer security managers should determine how much review of audit trail records is necessary, based on the importance of identifying unauthorized activities1 This determination should have a direct correlation to the frequency of periodic reviews of audit trail data.

41.Real-Time Audit Analysis Traditionally, audit trails are analyzed in a batch mode at regular. Analysis tools can also be used in a time, or near time fashion. These intrusion detection tools are based on audit reduction, attack signature, and variance techniques. The review of audit records in real time is never feasible on large multi-user systems due to the volume of records generated. It is possible to view all records associated with a particular user or application, and view them in real time. 42.Tools for Audit Trail Analysis Many types of tools have been developed to help to reduce the amount of information contained in audit records, as well as to distill useful information from the raw data. Especially on larger systems, audit trail software can create very large files, which can be extremely difficult to analyze manually. The tools are likely to be the difference between unused audit trail data and a robust program. Some of the types of tools include: Audit reduction tools are preprocessors designed to reduce the volume of audit records to facilitate manual review. A security review all these tools can remove many audit records known to have little security significance. Variance detect tools look for anomalies in user or computer system behavior. It is construct more sophisticated processors that monitor usage trends and detect major variations. A user typically logs in at 9 a.m., but appears at 6:00 a.m. on morning this may indicate a security problem that may need to be investigated. Attack signature-detection tools look for an attack signature, which is a specific sequence of events indicative of an unauthorized access attempt. 43.The Cost Consideration Audit trails involve costs. Firstly, there are many system overhead is incurred recording the audit trail. Additional system overhead will be incurred storing and processing the records. The detailed records, the more overhead is required. Another cost involves human and machine time required doing the analysis. This can be minimized by using tools to perform most of the analysis. Many simple analyzers can be constructed quickly (and cheaply) from system utilities, but they are limited to audit reduction and identifying particularly sensitive events. Many tools that identify trends or sequences of events are slowly becoming available as off-the-shelf software. The complex tools are not available For a system, development may be prohibitively expensive. Some intrusion detection systems, for example, have taken years to develop. The cost of audit trails is the cost of investigating anomalous events. If the system is identifying too many events as suspicious, administrators may spend undue time reconstructing events and questioning personnel. 44.system having external/internal audit system for computer security

A system includes a plurality of repeating installations connected to the network; a plurality of computers connected to the network, each of the computers being connected to the network through a corresponding repeating installation; and a management unit connected to the network. The unit have distribution means for distributing at least one of an external audit program and an internal audit program for defining the processing procedure, by which the repeating installation audits vulnerability of at least one of the plurality of computers, from the management unit to the repeating installations through the network. The repeating installation includes audit control means for carrying out at least one of the external audit processing and the internal audit processing with respect to the vulnerability of the at least one computer in accordance with at least one of the external audit program and the internal audit program which have been distributed from the management unit to judge whether or not the at least one computer has the vulnerability 45.The best advice relating to computer security risk computer security The best advice relating to computer security risk model computer security y When you are in search of top advice concerning computer security risk model computer security, youll find it easier said than done extricating superior advice from misguided computer security risk model computer security submissions and support so it is wise to recognize ways of judging the information you are offered. Heres a few tips that we think you should use when youre searching for information about computer security risk model computer security. It is need to realize the recommendation give is only applicable to Internet based information regarding computer security risk model computer security. We cannot offer any assistance or guidance when you are also conducting research offline. A better way to follow when offered help and advice regarding a computer security risk model computer security article is to verify the ownership of the website. Doing this could reveal the owners computer security risk model computer security qualifications The easiest way to work out who is at the back of the computer security risk model computer security website is to look on the about page or contact page. All reliable sites providing content on computer security risk model computer security, will almost certainly provide andabout or contact page which will list the site owners details. The details should make known key points about the owners necessary expertise. This permits you to make an informed assessment about the vendors insight and appreciation, to provide advice to you regarding computer security risk model computer security. 46.Threatening your Network: No two enterprises have the exact same security requirements. A installation with sensitive Defense documents, I give you the example, will require a much higher degree of security, encryption, and access control than an enterprise with no sensitive data. Creating an appropriate security infrastructure starts with a security audit. In particular, Web 2.0 threats have changed the very nature of networking, and responses to threats have had to evolve. A computer security audit in order to evaluate

how the threat scenario has changed. According to a report, the Internet Risk Management in the the Web World," "most organizations either do not know how effective their policies are or lack effective mechanisms to enforce the policies." In addition to a generic security audit, regulations such as Sarbanes-Oxley and HIPAA call for very specific security measures, and for example, a HIPAA security audit will focus on ensuring that the enterprise's security system meets the requirements of that mandate. Network security auditing may be conducted by internal IT staff, or an outside security-auditing firm. Although there are numerous standard best practices in holding a security audit, the simplest approach is to use one of the many available security audit software packages. Many of these security audit tools are simple to use and quite effective. Regardless of your method, start with a security audit checklist, and identify all of your assets. The first stage of the security audit, you merely list all of your technology and information assets. When the assets have been listed, write down possible threat to each asset. Its includes not only cyber threats such as infection from viruses attacks .A outages from natural disasters or accidental policy violation. Assessing possible threats requires a sense, fortune telling the security problems. Once all assets have been defined and potential security threats listed, the security audit must then move to a ranking phase, where the relative importance of each threat is ranked. The security audits will evaluate any existing controls or potential controls that could be used to mitigate each risk. A control, or a multi layered computer security strategy, will be essential in making sure that each threat in the computer security audit has been addressed. Finally, existing controls, other controls not yet implemented, and potential for damage must all be evaluated, and a cost-benefit analysis taken. This point in the computer security audit, the potential benefit of every solution listed is weighed against the potential damage, and the cost of implementation. This phase of the security audit has been completed, the implementation phase calls for the creation of an appropriate security policy that outlines the steps and measures that will be taken to mitigate the risks outlined in the computer security audit and the rollout of new technology. Secure Computing's multi-layered security strategy is designed to meet multiple threats and attack vectors. 46.Buy The Best External Hard Drives Technology moves fast and leaves us with gizmos and gadgets, which are more and more functional, and at the same time smaller than we have ever thought they could be. What's more, the technology also adds these gadgets the mobility so that they can be used as and when required, wherever they are required. One such device following the suit is your hard drive and with the introduction of an external hard drive, what you get is data storage and security with added mobility. The hard disk drives that are actually placed outside of the computer system. With the data security, mobility and an option to remove this drive, you can take all your data with you.

The hard drives are built to perform externally. Thats because the hard drives comes with built-in cables that allow you to interface with your computer system. While the conventional connectors would use SCSI or SATA cables that connect to a type of HDD connector inside your computer, the new variants of this external HDD uses an innovative and simple method of connecting via the USB or the Fire Wire. Mostly the external hard drives come with the ability to backup the data from your computer. The limit factor for the HDD as on now day is the cost, as they tend to be more expensive as compared to the internal HDD with the same capacity. These devices are purely meant for data storage and backup but how much data can it store? There are many options available for you as far as the data storage capability of this device is concerned. The most popular drives are of the same size as a normal hard disk inside your computer. There are many other storage disks that are available at this point of time, with as much as 1000GB of data storage capability. With this amazing speed of the technology, it won't be too long before we move into true Terabyte reign. The huge storage capacities are responsible for the device rapid popularity as popular form of computer backup for the computer users. The reasons to opt for this particular device are many; for instance, it provides the user with convenience and simplicity of use. This is so as most of the computer owners are not comfortable opening the cases of their computer and installing additional hardware. This is eliminated when you simply opt for this device rather than an internal HDD. With this particular device there is no need to open the PC case, instead you simply need to plug it in and go. Another advantage of the external HDD is its portability and mobility. As you compared to the inner drives, the external drives moved from computer to computer in a matter of minutes, simply by unplugging them from one and plugging them into another. Thus the external hard drives are often used in the business world, especially by traveling employees. Traveling employees can instantly sync up the data on an external hard drive with that on their desktop or laptop PC, and then easily carry that data anywhere in the world. This also might eliminate the need of carrying the laptop. 47. Effective modified Security auditing tool Security audit is an important trend in computer security field. The computer system vendors introduce secure systems in the market and mention how these systems are secure and how they provide multiple layers of security. The fact is that we have many bugs and vulnerable points in various systems due to imperfect testing from vendor's side or imperfect administration from system administrator side. A security audit plays an important role in determining any exploitable weaknesses that put the data at risk. In this work design and implement a security administration tool for auditing the latest vulnerabilities and weak points in three of the most common operating systems (Windows /2000, Linux, and Solaris). This tool, called Security Administration Tool, tests and detects the weakness and security holes in any computer network system, and generates a comprehensive report that contains the analysis of the scans, the ranking of the risks found, and the detailed recommendations for fixing potential vulnerabilities. A

new important feature of SAT is that it tests and recommends solutions for the latest vulnerabilities for any of the aforementioned operating systems. 48.most used backdoor programs Most people would love to believe that their firewalls are completely capable to protect them from anything indecent. The sad part, they could not be more wrong. Hungry Hacker aim to prove it with three separate programs that can compromise the security of computers you have the opportunity to say Whats a backdoor? Yes, the special programs were created in early 90s, but still pose a real threat today. It is the first that are seeing developed. Using these programs anybody can remotely access your computer without any Authentication and do whatever he wants. I will tell you some of the features rest of them you need to try it and find out. These Programs: * Work key logger. * Send any Information from Victims PC to the Hackers PC. * Run any program on the Victims PC. * Display any Violating Image on victims Screen. * Open the CD Drive of the Victims PC. * Open any Web page on the Victims Screen. * Shutdown Victims PC. * Start a Song on the Victims PC 49.Security Review Verdict About the Performers You must have provided your computer security and protection. The Internet security updates lets you choose Internet software that gives what you have wanted. It gives tips and information of the product and a comparative review of its program. Some of the preferred programs are Security Shield which is the top rated program in most sites because of the ease in installing the software and the internet security program is the cheapest itll only cost you and youre computer is already protected. Norton 360 that includes personal behavioral monitoring features and personal firewall from viruses. Internet Security that gives an hourly updated programmed and protection against popups ads. Bit defender that is easy to access, It provides Internet security and acts as parental control and Panda that enables you to see the exact happening in your computer.

50.Antivirus that is user friendly and provides the adequate protection you need for your computer. Some security software is effective only at first use unless updated and knowing that your firewall works makes your computer protected. All software is not effective and in fact some can cause more harm. If you can provide computer privacy by deleting Internet history using different erase evidence tools. You dont need to read and know the software in detail as long as you know its specific function. Internet security provides

consumers the choices of available software with the best performance. If youre looking for a very reliable computer security reviews, an expert on that area. So get protected from cyber crimes. 51.Commandments to PC Security The virus software keep updated If you dont have an anti-virus package, than stop reading right now and get one Its not enough to have the software installed; you also need to keep up with new viruses as they emerge. Be sure your virus only as good as the latest virus that you have set. A firewall is like a bouncer for your computer it checks every ID at the door and wont let anyone enter if they are not registered on the guest list. When someone on the Internet or on a network tries to connect to your computer, this is called an unsolicited request. If you run a program such as instant messaging or a multi-player network game that needs to receive information from the network, the firewall asks if you want to block or unblock the connection. That way, a hacker cant access personal information on your hard drive. Someone secretly using a stealth program to monitor the characters you type cant steal passwords and transmit them over the Internet. Be wary of any web site that requires you to download software to view a page, unless its something familiar like a Flash plug in or Adobe Acrobat Reader. What you are about to download may contain a virus or some autodialed that uses your modem to call pay per minute numbers, leaving you with huge bills youll be forced to pay. Dont install software through Internet unless you are absolutely sure what it is and that you trust the company you are downloading it from. You can put, back up data files at least weekly. Even if you fall victim to a virus or hacker attack, youll escape with only minor damage. The internal drives are the great forms of back up. The Email worms and viruses like to exploit security holes in your software namely Windows and other Microsoft programs. Now days Microsoft releases so many critical updates to fix these flaws that many users just ignore them. I personally advise dont ignore them. The Slammer worm exploited a vulnerability that Microsoft had fixed six months earlier; thousands of PC was infected including some at Microsoft because their users had never bothered to install the patch. You can run the windows update program in a week and whenever Microsoft issues a warning. Until see automatic patch management software, your best bet is to stay up to date. If things go very bad, a boot or rescue disk is your first step to recovery. Try the minimum; keep the basic elements of your operating system in an external drive floppy, flash, or Zip disk so you can bypass the hard disk at start-up. Always use your anti-virus program to create a rescue disk you can use when you operating system gets infected. Label it with a date and store it near your system where you wont lose it. There are more hoaxers than hackers on the Internet, and more fake e-mail virus alerts than actual viruses. The virus scams are a common way of getting your own information, mostly being fake login pages and forged emails that ask for your password,

credit card number, or other sensitive information. If any email asks for your username and password, dont respond or just delete it.

Abstract:
A computer security subsystem is defined, herein, as hardware, firmware and/or software, which can be added to a computer system to enhance the security of the overall system. A subsystem's primary utility is to increase the security of a computer system. The system that the subsystem is to protect is referred to as the protected computer system Interpretation. When corporate into a computer system environment, evaluated computer security subsystems may be very effective in reducing or eliminating certain types of vulnerabilities whenever entire evaluated systems are unavailable or impractical. (l) A product evaluation can be on a subsystem from a perspective that excludes the application environment, or (2) A certification evaluation can be done to assess whether appropriate security measures have been taken to permit an entire system to be used operationally in a specific environment. The product evaluation type is done by the National Computer Security Center through the Trusted Product Evaluation Process using this interpretation for subsystems. The Certification of evaluation lS done in support of a formal accreditation for a system to operate in a specific environment. The expanding growth and complexity of communication networking, and the risks presented by a new breed of skillful hackers, serious security threats are an unfortunate certainty within the highly interconnected office environment of now days. These threats are very common and the results are costly to those businesses that have been affected. Apparently, the victims aren't entirely at random, which is often assumed to be the case. All those respondents who suffered one or more kinds of security incident further said they had suffered a targeted attack defined as a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population. Frankly speaking a large enterprise IT team can also benefit from an out-tasked network security solution, as the demands to ensure that in-house staff is staying current increases exponentially over time. You can ask a managed provider to help you assess your security needs and design the best solution for your business. A security audit is often the first step in this process. By all means, be prepared for the unexpected, and keep your business safe. However, this is a complex task that's best left to the experts, while you free up time to focus on your core business objectives. Computer system and related equipment is subject to monitoring for administrative oversight, law enforcement, criminal investigative purposes, inquiries into alleged wrongdoing or misuse, and to ensure proper performance of applicable security features and procedures.

Computer security is a technology known as information security as applied to computers. The main purpose of computer security can include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy. A Computer security imposes requirements on many computers that are different from most system requirements because they often take the form of constraints on what computers are not supposed to do. To makes computer security particularly challenging because it is hard enough just to make computer programs do everything what you want they are designed to do correctly. Moreover negative requirements are deceptively complicated to require exhaustive testing to verify, which is impractical for computer programs. Computer security provides a strategy to convert negative requirements to positive enforceable rules. Thats why computer security. The whole word hacker has many meanings to understand. But despite the twisted view of the hacker presented by the media, a hacker is just somebody who likes to explore possibilities. To test the boundaries of whats possible, and then break those boundaries. Who knows how many gadgets on the market today are there solely because somebody said, no, I want more. However in recent years the view of hackers has been almost solely bas. Every time a computer system has a security problem, its because of hackers. However, with the increasing trend on moving everything possible to digital formats, how can we assign such labels? Every criminal, from the bank robbers to organized crime, is taking advantage of poor computer security to reach their goals. Just because a bank robber uses a poorly configured computer security system to rob a bank, it doesnt make him a hacker. Hes simply another bank robber thats got smart and moved into the 21st Century. The virus software keep updated If you dont have an anti-virus package, than stop reading right now and get one Its not enough to have the software installed; you also need to keep up with new viruses as they emerge. Be sure your virus only as good as the latest virus that you have set. A firewall is like a bouncer for your computer it checks every ID at the door and wont let anyone enter if they are not registered on the guest list. When someone on the Internet or on a network tries to connect to your computer, this is called an unsolicited request. If you run a program such as instant messaging or a multi-player network game that needs to receive information from the network, the firewall asks if you want to block or unblock the connection. That way, a hacker cant access personal information on your hard drive. Someone secretly using a stealth program to monitor the characters you type cant steal passwords and transmit them over the Internet. Be wary of any web site that requires you to download software to view a page, unless its something familiar like a Flash plug in or Adobe Acrobat Reader. What you are about to download may contain a virus or some autodialed that uses your modem to call pay per minute numbers, leaving you with huge bills youll be forced to pay. Dont install software through via or a Web unless you are absolutely sure what it is and that you trust the company you are downloading it from. You can simply insert, back up data files at least weekly. Even if you fall victim to a virus or hacker attack, youll escape with only minor damage. The internal drives are the great forms of back up.

Email worms and other viruses like to exploit security holes in your software namely Windows and other Microsoft programs. Now days Microsoft releases so many critical updates to fix these flaws that many users just ignore them. I personally advise dont ignore them. The Slammer worm exploited a vulnerability that Microsoft had fixed six months earlier; thousands of PC was infected including some at Microsoft because their users had never bothered to install the patch. You can run the windows update program in a week and whenever Microsoft issues a warning. Until see automatic patch management software, your best bet is to stay up to date. The things go very bad; a boot or rescue disk is your first step to recovery. At your minimum space, keep the basic elements of your operating system in an external drive floppy, flash, or Zip disk so you can bypass the hard disk at start-up. Always use your anti-virus program to create a rescue disk you can use when you operating system gets infected. Label it with a date and store it near your system where you wont lose it. There are more hoaxers than hackers on the Internet, and more fake e-mail virus alerts than actual viruses. The Scams are a common way of getting your personal information, the most common being fake login pages and forged emails that ask for your password, credit card number, or other sensitive information. If any email asks for your username and password, dont respond or just delete it.

Reference:
Computer security Encyclopedia. The book security focus. http://www.securityfocus.com. The computer security chrishardie.com/tech/securityaudit_checklist.html The Underground Guide to Computer Security. Addison-Wesley: Reading, MA. INFOSEC Handbook. ARCA: San Jose, CA. Davies, SimonBig Brother. Pan Books: London. Davis, Peter T. and Barry D. Lewis. 1996. Computer Security for Dummies. IDG Books: Foster City, CA. DeMaio, Harry B. 1992. Information Protection and Other Unnatural Acts. AMACOM: New York. Flynn, Nancy. 2001. The E-Policy Handbook. AMACOM: New York. Icove, David; Karl Seger & William VonStorch. 1995. Computer Crime: A Crimefighter's Handbook. O'Reilly & Associates, Inc.: Sebastopol, CA. Kane, Pamela. 1989. V.I.R.U.S. Protection: Vital Information Resources Under Siege. Bantam Books: New York. Keen, Peter, Criagg Ballance, Sally Chan and Steve Schrump. 2000. Electronic Commerce Relationships. PH PTR: Upper Saddle River, NJ. King, Dennis. 1999. Get the Facts on Anyone, 3rd Edition. Macmillan: New York. Kovacich, Dr. Gerald L. 1998. Information Systems Security Officer's Guide. Butterworth-Heinemann: Woburn, MA. Levy, Stephen. 1984. Hackers: Heroes of the Computer Revolution. Dell Publishing: New York. Lundell, Allan. 1989. VIRUS!. Contemporary Books: Chicago. Middleton, Bruce. 2002. Cyber Crime Investigator's Field Guide. CRC Press: Boca Raton, FL. National Research Council. 1991. Computers at Risk: Safe Computing in the Information Age. National Academy Press: Washington. Pipkin, Donald L. 1997. Halting the Hacker: A Practical Guide to Computer Security. Prentice Hall PTR: Upper Saddle River, NJ. Pipkin, Donald L. 2000. Information Security. Hewlett-Packard Professional Books: Upper Saddle River, NJ. Schneier, Bruce. 1995. E-Mail Security: How to Keep Your Electronic Messages Private. John Wiley & Son: New York. Schneier, Bruce. 2000. Secrets and Lies. John Wiley & Son: New York. Slade, Robert. 1996. Robert Slade's Guide to Computer Virues. Second Edition. Springer: New York. Solomon, Dr. Alan and Tim Kay. 1994. Dr Solomon's PC Anti-virus Book. New Tech: Oxford. Tiley, Ed. 1996. Personal Computer Security. IDG Books: Foster City, CA. BloomBecker, Buck. 1990. Spectacular Computer Crimes. Dow Jones-Irwin: Homewood, IL.

Bowcott, Owen and Sally Hamilton. 1990. Beating the System: Hackers, Phreakers and Electronic Spies. Bloomsbury Publishing Ltd.: London. Chirillo, John. 2001. Hack Attacks Denied. John Wiley & Sons, Inc.: New York. Chirillo, John. 2001. Hack Attacks Revealed. John Wiley & Sons, Inc.: New York. Cornwall, Hugo. 1990. Data Theft. Mandarin Paperbacks: London. Cornwall, Hugo. 1988. Hacker's Handbook III. Random Century Ltd.: London. Cornwall, Hugo. 1991. The Industrial Espionage Book. Random Century Ltd.: London. Denning, Dorothy E. 1999. Information Warfare and Security. Addison-Wesley: Reading, MA. Dr. K. 2000. A Complete H@cker's Handbook. Carlton Books: London. Goodell, Jeff. 1996. The Cyberthief and the Samurai. Dell: New York. Hafner, Katie and John Markoff. 1991. Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon & Schuster: New York. Himanen, Pekka. 2001. The Hacker Ethic and the Spirit of the Information Age. Vintage: London. Landreth, Bill. 1989. Out of the Inner Circle. Tempus Books: Redmond, WA. Littman, Jonathan. 1996. The Fugitive Game. Little, Brown & Company: Boston, MA. Littman, Jonathan. 1997. The Watchman. Little, Brown & Company: Boston, MA. McAfee, John and Colin Hayes. 1989. Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other Threats to Your System. St. Martin's Press: New York. McClure, Stuart, Joel Scambray and George Kurtz. 1999. Hacking Exposed. Osborne/McGraw-Hill: Berkeley. Platt, Charles. 1996. Anarchy Online. Harper Prism: New York. Russell, Ryan and Stace Cunningham. 2000. Hack Proofing Your Network: Internet Tradecraft. Syngress:Rockland, MA. Schwartau, Winn. 2000. Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption. Thunder's Mouth Press: New York. Schwartau, Winn. 1994. Information Warfare. Thunder's Mouth Press: New York. Schwartau, Winn. 1991. Terminal Compromise. Inter*Pact Press: U.S. Shimomura, Tsutomu and John Markoff. 1996. Takedown. Hyperion: New York. Slatalla, Michelle and Joshua Quittner. 1995. Masters of Deception: The Gang that Ruled Cyberspace. Harper Collins Publishers: New York. Sterling, Bruce. 1992. The Hacker Crackdown. Bantam Books: New York. Stoll, Clifford. 1989. The Cuckoo's Egg. Doubleday: New York. The Knightmare. 1994. Secrets of a Super Hacker. Loompanics Unlimited: Port Townsend, WA. Wang, Wallace. 2001. Steal This Computer Book 2. No Starch Press: San Francisco. Winkler, Ira. 1997. Corporate Espionage. Prima Publishing: Rocklin, CA. Network and Internet Security. Academic Press, Inc.: Boston. Ahuja, Vijay. 1997. Secure Commerce on the Internet. Academic Press Professional: Boston. Atkins, Derek; Paul Buis et al. 1996. Internet Security: Professional Reference. New Riders: Indianapolis, IN. Bahadur, Gary, William Chan and Chris Weber. 2002. Privacy Defended: Protecting Yourself Online. Que: Indianapolis, IN.

Barrett, Daniel J. 1996. Bandits on the Information Superhighway. O'Reilly & Associates, Inc.: Sebastopol, CA. Bernstein, Terry; Anish B. Bhimani; Eugene Schultz and Carol A. Siegel. 1996. Internet Security for Business. John Wiley & Sons, Inc.: New York. Cohen, Frederick B. 1995. Protection and Security on the Information Superhighway. John Wiley & Sons, Inc.: New York. Cole, Eric. 2001. Hackers Beware. New Riders: Indianapolis, IN. Cooper, Frederic J., et al. 1995. Implementing Internet Security. New Riders Publishing: Indianapolis. Crothers, Tim. 2001. Internet Lockdown: Internet Security Administrator's Handbook. Hungry Minds: New York, NY. Crume, Jeff. 2000. Inside Internet Security. Addison-Wesley: Harlow, GB. Dahl, Andrew and Leslie Lesnick. 1996. Internet Commerce. New Riders: Indianapolis, IN. Danesh, Arman, Ali Mehrassa and Felix Lau. 2002. Safe and Secure. Sams Publishing: Indianapolis, IN. Davis, Peter T. 1994. Manager's Guide to Internet Security. CSI: San Francisco. Edwards, Mark Joseph. 1998. Internet Security with Windows NT. Duke Press: Loveland, CO. Freiss, Martin. 1997. Protecting Networks with SATAN. O'Reilly & Associates, Inc.: Sebastopol, CA. Hahn, Harley. 2002. Harley Hahn's Internet InSecurity. Prentice Hall: Upper Saddle River, NJ. Hare, Chris, and Karanjit Siyan. 1996. Internet Firewalls and Network Security. New Riders Publishing: Indianapolis, IN. Howard, Garry S. 1995. Introduction to Internet Security: From Basics to Beyond. Prima Online: Rocklin, CA. Hughes Jr., Larry J. 1995. Actually Useful Internet Security Techniques. New Riders: Indianapolis, IN. Kyas, Othmar. 1997. Internet Security. International Thomson Computer Press: London. Lynch, Daniel C. and Leslie Lundquist. 1996. Digital Money: The New Era of Internet Commerce. John Wiley & Son: New York. Mansfield, Richard. 2000. Hacker Attack!. Sybex: San Francisco, CA. McCarthy, Linda. 1998. Intranet Security: Stories from the Trenches. Sun Microsystems Press: Mountain View, CA. McMahon, David. 2000. Cyber Threat: Internet Security for Home and Business. Warwick Publishing Inc.: Toronto. Pabrai, Uday O. and Vijay K. Gurbani. 1996. Internet & TCP/IP Network Security. McGraw-Hill: New York. Randall, Neil. 1995. Teach Yourself the Internet in a Week. Sams.Net: Indianapolis, IN. Schwartau, Winn and Chris Goggans. 1996. The Complete Internet Business Toolkit. Van Nostrand Reinhold: New York. Schweitzer, Douglas. 2002. Internet Security Made Easy. AMACOM: New York. Stallings, William. 1995. Internet Security Handbook. IDG Books: Foster City, CA. Stallings, William; Peter Stephenson et al. 1995. Implementing Internet Security. New Riders Publishing: Indianapolis, IN.

Vacca, John. 1996. Internet Security Secrets. IDG Books: Foster City, CA. Vacca, John. 1997. Intranet Security. Charles River Media, Inc.: Rockland, MA. Various. 2001. Security Complete. SYBEX: Alameda, CA. Weiss, Aaron. 1995. The Complete Idiot's Guide to Protecting Yourself on the Internet. Que: Indianapolis, IN. Ahuja, Vijay. 1996. Network and Internet Security. Academic Press, Inc.: Boston. Ahuja, Vijay. 1997. Secure Commerce on the Internet. Academic Press Professional: Boston. Atkins, Derek; Paul Buis et al. 1996. Internet Security: Professional Reference. New Riders: Indianapolis, IN. Bahadur, Gary, William Chan and Chris Weber. 2002. Privacy Defended: Protecting Yourself Online. Que: Indianapolis, IN. Barrett, Daniel J. 1996. Bandits on the Information Superhighway. O'Reilly & Associates, Inc.: Sebastopol, CA. Bernstein, Terry; Anish B. Bhimani; Eugene Schultz and Carol A. Siegel. 1996. Internet Security for Business. John Wiley & Sons, Inc.: New York. Cohen, Frederick B. 1995. Protection and Security on the Information Superhighway. John Wiley & Sons, Inc.: New York. Cole, Eric. 2001. Hackers Beware. New Riders: Indianapolis, IN. Cooper, Frederic J., et al. 1995. Implementing Internet Security. New Riders Publishing: Indianapolis. Crothers, Tim. 2001. Internet Lockdown: Internet Security Administrator's Handbook. Hungry Minds: New York, NY. Crume, Jeff. 2000. Inside Internet Security. Addison-Wesley: Harlow, GB. Dahl, Andrew and Leslie Lesnick. 1996. Internet Commerce. New Riders: Indianapolis, IN. Danesh, Arman, Ali Mehrassa and Felix Lau. 2002. Safe and Secure. Sams Publishing: Indianapolis, IN. Davis, Peter T. 1994. Manager's Guide to Internet Security. CSI: San Francisco. Edwards, Mark Joseph. 1998. Internet Security with Windows NT. Duke Press: Loveland, CO. Freiss, Martin. 1997. Protecting Networks with SATAN. O'Reilly & Associates, Inc.: Sebastopol, CA. Hahn, Harley. 2002. Harley Hahn's Internet InSecurity. Prentice Hall: Upper Saddle River, NJ. Hare, Chris, and Karanjit Siyan. 1996. Internet Firewalls and Network Security. New Riders Publishing: Indianapolis, IN. Howard, Garry S. 1995. Introduction to Internet Security: From Basics to Beyond. Prima Online: Rocklin, CA. Hughes Jr., Larry J. 1995. Actually Useful Internet Security Techniques. New Riders: Indianapolis, IN. Kyas, Othmar. 1997. Internet Security. International Thomson Computer Press: London. Lynch, Daniel C. and Leslie Lundquist. 1996. Digital Money: The New Era of Internet Commerce. John Wiley & Son: New York. Mansfield, Richard. 2000. Hacker Attack!. Sybex: San Francisco, CA.

McCarthy, Linda. 1998. Intranet Security: Stories from the Trenches. Sun Microsystems Press: Mountain View, CA. McMahon, David. 2000. Cyber Threat: Internet Security for Home and Business. Warwick Publishing Inc.: Toronto. Pabrai, Uday O. and Vijay K. Gurbani. 1996. Internet & TCP/IP Network Security. McGraw-Hill: New York. Randall, Neil. 1995. Teach Yourself the Internet in a Week. Sams.Net: Indianapolis, IN. Schwartau, Winn and Chris Goggans. 1996. The Complete Internet Business Toolkit. Van Nostrand Reinhold: New York. Schweitzer, Douglas. 2002. Internet Security Made Easy. AMACOM: New York. Stallings, William. 1995. Internet Security Handbook. IDG Books: Foster City, CA. Stallings, William; Peter Stephenson et al. 1995. Implementing Internet Security. New Riders Publishing: Indianapolis, IN. Vacca, John. 1996. Internet Security Secrets. IDG Books: Foster City, CA. Vacca, John. 1997. Intranet Security. Charles River Media, Inc.: Rockland, MA. Various. 2001. Security Complete. SYBEX: Alameda, CA. Weiss, Aaron. 1995. The Complete Idiot's Guide to Protecting Yourself on the Internet. Que: Indianapolis, IN. Alexander, Michael. 1997. Net Security: Your Digital Doberman. Ventana Communications Group: Research Triangle Park, NC. Anonymous. 1997. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network. Sams Publishing: Indianapolis, IN. Ballew, Scott M. 1997. Managing IP Networks with Cisco Routers. O'Reilly & Associates, Inc.: Sebastopol, CA. Brenton, Chris with Cameron Hunt. 2001. Active Defense: A Comprehensive Guide to Network Security. Sybex: San Francisco. Davis, Peter T. Editor. 1996. Securing Client/Server Computer Networks. McGraw-Hill: New York. Hu, Wei. 1995. DCE Security Programming. O'Reilly & Associates, Inc.: Sebastopol, CA. Hunt, Craig. 1992. TCP/IP Network Administration. O'Reilly & Associates, Inc.:Sebastopol, CA. Klander, Lars. 1997. Hacker Proof: The Ultimate Guide to Network Security. Jamsa Press: Las Vegas, NV. Kosiur, Dave. 1998. Building and Managing Virtual Private Networks. John Wiley & Sons: New York. Murhammer, Martin W., Tim A. Bourne, Tamas Gaidosch, Charles Kunzinger, Laura Rademacher and Andreas Weinfurter. 1998. A Guide to Virtual Private Networks. PH PTR: Upper Saddle River, NJ. Simonds, Fred. 1996. Network Security: Data and Voice Communications. McGrawHill: New York. Stallings, William. 1995. Network and Internetwork Security. Prentice Hall: Englewood Cliffs, CA. Stang, David J. and Sylvia Moon. 1993. Network Security Secrets. IDG Books: San Mateo, CA.

A Michael Wolff Book. 1996. How You Can Access the Facts and Cover Your Tracks. Wolff New Media: New York. Bacard, Andre. 1995. The Computer Privacy Handbook. Peachpit Press: Berkeley, CA. Banks, Michael A. 2000. PC Confidential. Sybex: Alameda, CA. Banks, Michael A. 1997. Web Psychos and Stalkers and Pranksters. Coriolis Group Books: Albany, NY. Cavoukian, Ann and Don Tapscott. 1995. Who Knows: Safeguarding your privacy in a networked world. Random House of Canada: Toronto. Goncalves, Marcus et al. 1997. Internet Privacy Kit. Que: Indianapolis, IN. Pfaffenberger, Bryan. 1997. Protect Your Privacy on the Internet. John Wiley & Sons: New York Alexander, Michael. 1997. Net Security: Your Digital Doberman. Ventana Communications Group: Research Triangle Park, NC. Anonymous. 1997. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network. Sams Publishing: Indianapolis, IN. Ballew, Scott M. 1997. Managing IP Networks with Cisco Routers. O'Reilly & Associates, Inc.: Sebastopol, CA. Brenton, Chris with Cameron Hunt. 2001. Active Defense: A Comprehensive Guide to Network Security. Sybex: San Francisco. Davis, Peter T. Editor. 1996. Securing Client/Server Computer Networks. McGraw-Hill: New York. Hu, Wei. 1995. DCE Security Programming. O'Reilly & Associates, Inc.: Sebastopol, CA. Hunt, Craig. 1992. TCP/IP Network Administration. O'Reilly & Associates, Inc.:Sebastopol, CA. Klander, Lars. 1997. Hacker Proof: The Ultimate Guide to Network Security. Jamsa Press: Las Vegas, NV. Kosiur, Dave. 1998. Building and Managing Virtual Private Networks. John Wiley & Sons: New York. Murhammer, Martin W., Tim A. Bourne, Tamas Gaidosch, Charles Kunzinger, Laura Rademacher and Andreas Weinfurter. 1998. A Guide to Virtual Private Networks. PH PTR: Upper Saddle River, NJ. Simonds, Fred. 1996. Network Security: Data and Voice Communications. McGrawHill: New York. Stallings, William. 1995. Network and Internetwork Security. Prentice Hall: Englewood Cliffs, CA. Stang, David J. and Sylvia Moon. 1993. Network Security Secrets. IDG Books: San Mateo, CA. A Michael Wolff Book. 1996. How You Can Access the Facts and Cover Your Tracks. Wolff New Media: New York. Bacard, Andre. 1995. The Computer Privacy Handbook. Peachpit Press: Berkeley, CA. Banks, Michael A. 2000. PC Confidential. Sybex: Alameda, CA. Banks, Michael A. 1997. Web Psychos and Stalkers and Pranksters. Coriolis Group Books: Albany, NY.

Cavoukian, Ann and Don Tapscott. 1995. Who Knows: Safeguarding your privacy in a networked world. Random House of Canada: Toronto. Goncalves, Marcus et al. 1997. Internet Privacy Kit. Que: Indianapolis, IN. Pfaffenberger, Bryan. 1997. Protect Your Privacy on the Internet. John Wiley & Sons: New York