RM Online - All that juicy fruit in your system is easy to pluck

Why would anybody be interested in the information on your computer? A famous bank robber, Willie Sutton, was asked why he robbed banks. His reply: "That's where the money is."

Do you have any idea what information is on your computer workstation or office network? Your customer list, your inventory, bank account numbers, credit card receipts, personal information, passwords, private e-mail and sales figures - and that's just a few of the items that can be valuable to others. You certainly wouldn't want all this information to fall into the wrong hands.

But could this information become available to anyone who tries to steal it? The answer to this question is absolutely!

There is a lot to worry about. There are security risks that affect your office computer, your local network and your Web site. The moment you install hardware or software to attach to the Internet, you are at risk. Damage can range from someone simply replacing your home page with an obscene parody to someone completely damaging and corrupting your entire customer database. Or let's say you go to the bank and find that your account has been tampered with.

There are four major ways your computer data can be accessed. First, bugs or misconfigurations in the Web server or network server that is attached to the Internet can occur. If this happens, confidential documents can be obtained from your hard drive, remote commands can be issued to modify your system and your system can be rendered unusable by either planting a virus or destroying critical startup files.

Second, once someone obtains your password (usually through e-mail or encryption breaking) he can enter your computer and gain access to any information he wants, usually without your even knowing it.

Third, interception of data sent from you to the Internet or vice versa. This is like eavesdropping. Anyone who eavesdrops can operate from any point on the pathway between you and your Internet browser. If you think this stuff only happens in movies and books, you're wrong.

Fourth, anyone can go into your office and, with the right codes or passwords, take any information and do whatever damage to your network the culprit wants to.

Large and small corporations are very protective of their privacy and spend big money to guard against computer piracy. Many of the steps they take can be incorporated into our businesses, such as the following:

· Limit the number of log-in accounts on your system.

· Delete inactive users.

· Change your password often and make passwords unique and hard to crack. Your name spelled backwards is an example of an easy password to crack. Use numbers, special characters and letters to form a complicated password (example: SK745552>).

· If possible, turn off all services not used when you are not there, such as any possible Internet connections.

· Allow only your key people permission to use certain files. File rights can be set up by your network administrator.

· Always keep a secure backup of your data in a safe place.

· Check for viruses often. There are many software packages that can be purchased that can be configured to operate automatically in the evenings when no one is present to check for viruses.

· Password-protect key documents and account figures and keep these passwords in a safe place.

Many people ask me if one operating system is more at risk than others. The answer to this is yes. If you have a UNIX-based system, you might not want to hear this.

Because UNIX has such a powerful and extremely flexible operating system, this opens it up for attack. UNIX can have built-in servers, interpreters and other services that allow many portals of entry for hackers to exploit. Less powerful but more secure systems - such as Novell, Macintosh and MS-Windows - are less likely to be exploited.

But there are ways to secure your UNIX operating system. A great book to read on this subject is Practical UNIX Security by Simson Garfinkel and Gene Spafford.

You should be familiar with encryption, which is a way of encoding and decoding the text of a message with a key. This is now commonly used as a way to distribute private incoming and outgoing transactions. Many new software products you purchase will ask you to create your own private key, which is usually a series of key strokes. This becomes your personal key and will have to be used when you receive or send messages. This system can also be used to create unforgettable digital signatures.

You will also be hearing a lot about Verisign, which is basically an inexpensive personal certificate (cost is about $9.95 per year) that identifies you when you need information or want to share information on the Web. Both Microsoft's Internet Explorer Browser and Netscape's Navigator Browser use this system.

Can we use credit cards online and safely accept them from our customers? The best answer is to allow your customers the option to call their number in, fill out a form that uses encryption technology or use one of the new credit card proxy systems such as Digicash or Cybercash.

Digicash is a digital cash system that works something like a phone card. Users purchase "CyberBucks" from a bank that supports the Digicash system. CyberBucks can be purchased remotely with credit cards or by wire transfer and can be used just like real cash. The software that supports Digicash prevents CyberBucks from being forged or spent more than once. Digicash leaves no paper trail - like cash, it is anonymous. Expect to see many applications using Digicash shortly.

Cybercash is a new software that allows merchants and customers to use secure payments across the Internet. A free piece of software called the Wallet has to be used to initialize payments. The wallet stores encrypted information about your credit cards and bank account numbers. When you go to purchase something, your wallet pops up on the screen and requests the user to select a payment method. The payment can come from your credit card or directly from a bank account. The transaction is validated within 15 seconds and the Wallet maintains a record of each transaction. This system uses cryptography to prevent transaction information from being intercepted (eavesdropping) by unauthorized third parties. More information can be obtained about Cybercash at the Web site <www.cybercash.com>.

Some people fear that using a credit card on the Internet is like posting on a billboard.

New technology today has made online credit card use as secure or as insecure as traditional shopping in stores. Actually credit card companies think it is less risky to do business on the Internet: people are more likely to try to get your credit card number off a carbon in the dumpster than off the Internet.

Although it's easy to get the impression when browsing the Web that you're doing so anonymously, your activities might be tracked in several ways. One of the most popular techniques for tracking usage is the "cookie." Even if you've heard of them before, you might be surprised at what they can do.

A cookie is like a passport in your computer. Whenever you visit a Web site, the Web server can send a cookie to your computer, which is then stored in your hard drive. As you visit additional sites, you pick up more cookies. Each cookie is a miniature record of your visit to a specific Web site, complete with information such as an ID number, time of your last visit to the site and other information that you give up willingly - a password or an e-mail address. By retrieving the cookie left previously, a Web site can "remember" your site-specific password, your preferences and other tidbits of information.

The existence of such a tracking mechanism has created alarm among Web users. Although cookies are not secret bug devices, many people feel that cookies can be used to develop a profile of individuals that could then be used for marketing or other purposes. Privacy advocates consider this to be potentially an invasive act.

There are many ways through your browsers or through the use of software such as Clean Sweep Deluxe (Quarterdeck software) to eliminate cookies at the end of a set period or just not to accept them at all.

Is a cookie a security risk? If your computer is networked to others, there is the possibility that someone could access your cookie file and read it. If some of the cookies contained passwords that you use for particular Web sites, that information would be readily available. To combat this, most sites don't set cookies with anything more than an encrypted ID number. You should make a habit of using different passwords for Web sites - don't use the same ones you use for more critical things, like locking your computer or your ATM card.

If you want to examine what cookies you've already accumulated, look for a file called COOKIES.TXT on your hard drive. I personally delete all cookies on my computer and when prompted to accept them, I always decline. I appreciate my privacy, and don't want anybody to invade that.

As we enter the new millennium, computers are becoming a greater part of our lives. We have to learn to live with this change and how to adapt to it. This does not mean we have to allow others to have access to information about us that we determine to be private. Learn the new technologies and learn the ways they can be used to benefit you and your company, but always keep your guard up: you never know who can be watching or pulling strings.

A real-life example . . .