UNH CIS Signals

Don't Be the Weakest Link

Petr Brym

October, 2008

AccountsUsing a computer to access services over the Internet or on a local network is a bit like driving a car. It usually goes well, but if we do not take certain precautions things can go wrong in a hurry.

A lot goes into a safe car ride. Your car, and other vehicles on the road, must be well maintained. Everyone must drive safely. The roads must be well designed and maintained. The whole transportation system must improve over time to address new problems and the needs of society.

Any one thing (such as a bald tire, an impaired driver, faulty brakes, or a damaged road) can spoil your trip and/or create an unsafe situation. The one thing that causes a danger or problem in an otherwise well functioning system is called a “weak link.” Weak links can be things or the actions of a person.

Safe driving is much like safe computing. To use a computer safely and productively, whether for work or fun, many things must be true. The computer, including the network and services accessed, must be properly configured and updated frequently to mitigate new and existing dangers that threaten one’s privacy.

Best practices must be followed such as using strong passwords that are not easily guessed. Both you and information technology service providers must be able to recognize situations that could result in disruption of service availability, information integrity, or confidentiality. If one or more of these things are not true, weak links will exist in the chain of information technology security.

How do we prevent weak links? One way is to take advantage of special events at UNH planned for October, National Cyber Security Month.

In October, UNH will host a series of programs designed to raise awareness about the dangers associated with using your computer, the Internet, and how you can protect yourself. It is an opportunity to learn how to protect yourself, your confidentiality, and how to keep up with the bad guys.

We all face instances of increasingly sophisticated malicious software that can take control of our computer. This software exists on what appears to be legitimate websites or seemingly innocent E-mail attachments. We are subjected daily to messages that appear to have been sent by IT accounts administrators only to realize the message was yet another phishing attempt designed to encourage users to give away passwords or social security numbers. Attacks against our network, servers, and personal computers have become more sophisticated. The attackers have evolved their methods so their activity is more difficult to detect. Every day the confidential information of commercial businesses, public services, educational organizations, and individuals is compromised via the Internet and internal attacks. Web services and web-hosted information is under pressure from attacks that are increasing in frequency and sophistication. These attacks launch from thousands of compromised computers at once to overwhelm well-designed systems.

All is not lost, however. Practicing safe computing and following best practices, much like wearing your seatbelt, DOES make a difference.