Content
Editorial
Events/Classes
News
Contact Us
Faith
Health
Bollywood
Mental Health
Immigration
Financial advice
Youth Matters
Seniors
Techno Corner
Arts
Astrology
Books
Cuisine
Home
Archives
Classifieds
 


Arun Marballi
PROTECTING LAPTOP COMPUTERS - STATES SET UP CHIEF INFORMATION SECURITY OFFICER POSITION
By ARUN MARBALLI

In our increasingly mobile society, notebook or laptop computers have rapidly become the electronic computing and communications devices of choice. Thanks to the technological advances, these machines today, regardless of their small format, pack quite a punch and have evolved into machines with power and capability comparable to any desktop computer, albeit at a significantly higher price point.

While their portability makes them vulnerable and their price provides substantial motivation, their hard drive invariably contains sensitive information that has led to an ever-increasing number of laptop computer thefts. It seems that almost everyday we come across news reports of laptop computers with sensitive information that have been stolen.

Protection of these portable devices is therefore a matter of paramount importance – especially if we depend on them for our daily work. First of all, almost all notebook computers allow the owner to physically tether the device down using a steel cable and lock designed for the purpose.

In fact, some high-end devices even include an audible alarm if the lock or cable is tampered with. These devices, while not particularly expensive (between $20-$70), provide a level of physical security that will, at the least, make it inconvenient for someone to casually walk away with an unattended notebook computer. The second measure of security is to always set up a password for all users of the computer including and especially all users with administrator access privileges on the computer.

Having the passwords in place by itself is not sufficient; it is necessary that we get into the habit of activating password protection by using the Control+Alt+Delete keys to lock the computer. This way even when the notebook computer is left unattended, a casual passerby cannot access the information stored on it. The data on the computer may be further protected with data encryption software and depending on its sensitivity, biometric access control devices such as fingerprint or retinal scanners also may be considered.

Since many of the more recent notebook computer thefts have been at government agencies, it heartens me when I learn that Colorado recently passed legislation creating a new cabinet level position of Chief Information Security Officer (CISO), to increase accountability for information security in the governor’s administration. The only other state at this time also to have a cabinet level CISO is New York. If other states follow this lead and create CISO positions within their cabinets, perhaps we can expect to see a few less laptops stolen from government agencies?

I have often addressed the growing scourge of phishing in the past and it appears that the perpetrators of these schemes have now found another vector for pursuing their victims. The growing popularity of SMS Text Messaging has offered these folks another medium for taking the gullible amongst us for a ride – literally. As in most phishing schemes, the attackers use social engineering (behavioral) techniques that trigger the intended victim into taking the action that the attacker needs taken but that the victim would under normal circumstances not take.

In the SMS world, people have reported that they have received messages that are purportedly confirming the message receiver’s membership in a dating service and that they will be charged $2 per day until they cancel membership – which they can do by visiting the Web site indicated. It is the reference to the “$2 per day” charge that will prompt the receiver of the message to take the hasty action of accessing the indicated website and that site obliges by downloading a Trojan horse program onto their phones, allowing them to be controlled by the attackers. A devious scheme indeed! Now, here is the revelation in all of this. Sending SMS messages is not free, as in the case of sending e-mails, and there is a per-message charge that the sender must pay.

With that kind of initial investment, there has got to be a substantial payback for the whole thing to be economically worthwhile. So, the assumption that this is the work of a few wayward college students does not hold any more. Phishing has indeed become mainstream and I daresay even smells of organized crime.

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail amarballi@hotmail.com.

Home



Contact Information
The Editor: editor@khaasbaat.com
Advertising: advertising@khaasbaat.com
Webmaster: webmaster@khaasbaat.com
Send mail to webmaster@khaasbaat.com with questions or comments about this web site. Copyright © 2004 Khaas Baat.

Anything that appears in Khaas Baat cannot be reproduced, whether wholly or in part, without permission. Opinions expressed by Khaas Baat contributors are their own and do not reflect the publisher's opinion.

Khaas Baat reserves the right to edit and/or reject any advertising. Khaas Baat is not responsible for errors in advertising or for the validity of any claims made by its advertisers. Khaas Baat is published by Khaas Baat Communications.