The Information Management Digest
March 2007
A Service of Data Storage, Inc.
INTERNET
SECURITY – HOW FAR HAVE WE COME?
In the
beginning, the Internet was nothing more
than a
cold war
response to Sputnik. A series of radar stations were linked
together in a network in order to communicate information to
each other. From this modest start, university computer labs
combined resources to introduce the concept of timesharing
nearly three decades later. By the early 1980s there was
regular communication and electronic mail across networks
like ARPANET, BITNET, TelNet, UseNet and NSFNet whose launch
in 1983 is generally thought of as the point of origin of
the modern Internet. The Internet was, and remains, a
networked array of computers linked together by cables. What
we think of as the modern Internet, actually called the
World Wide Web, did not come into being as a concept until
1991. The first web pages created in Hypertext Transfer
Protocol (HTTP) did not appear until 1993. For a very
interesting look at historical web pages visit “The Wayback
Machine” found at http://www.archive.org/index.php. The site
contains snapshots of more than 85 billion web pages from
1996 to the present.
REVIEW
OF COMMON THREATS The first recorded computer virus outside
a lab occurred in 1982 on a computer running Apple DOS
3.3. The
first PC virus was recorded 4 years later and originated in
Pakistan. Prior to large-scale Internet connectivity viruses
were most frequently transmitted by contaminated floppy
disks used to transfer programs and data between computers.
Transmission via the Internet began to occur in the late
1980s on BBS (bulletin board) or newsgroup systems such as
USENet. Trojan horse virus infections were most often spread
through the sharing of pirated software programs or
shareware.
In the
mid-1990s macro viruses made their debut. This type of virus
exploits vulnerabilities contained within legitimate
programs such as Microsoft Word™ or Microsoft Excel™
programs; these programs are capable of memorizing a series
of keystrokes or commands in order to more quickly complete
repetitive tasks – these are called macros. Because Apple™
computers also utilized these programs, viruses were also
written to infect the Mac OS. Macro viruses are difficult to
detect due to the fact that macros are a legitimate function
of the software. These programs now allow macros to be
detected, if they are present, and disabled prior to opening
the file. One famous macro virus was the “Melissa” virus.
While
viruses of all types seek to do harm to individual
computers, computer worms seek to harm computer networks.
Worms were invented in a laboratory setting in 1978 but the
first widespread network attack of a computer work occurred
in 1987. This attack completely disabled IBM’s international
network and BITNET. Worms may be used to create alternate
points of access to the network which enables the sender to
effectively take control of a network in order to send spam,
e-mails or for other purposes. Computer worms such as
ILOVEYOU, Sobig and Mydoom created zombie networks for
spammers.
A
computer fraud technique known as phishing has become a
significant modern threat. Phishing is an attempt to force a
user to reveal personal information by responding to what is
seen as a legitimate request. Users may receive an e-mail or
instant message from a financial institution, E-bay account
or other legitimate entity requesting that the individual
respond by verifying billing information, account
information or identity by clicking a web link. If the
criminal is successful, sensitive personal information,
including credit card information, may be obtained under
fraudulent circumstances and used without the permission of
the owner.
This
practice originated on AOL in the mid-1990s. In June, 2005
more than 15,000 phishing attacks were reported.
A
variation of phishing is called spoofing. This technique is
employed by computer worms such as ILOVEYOU to change e-mail
header information in order to make the e-mail appear as
thought it came from another person. This is accomplished
when the worm searches the e-mail address book of the
infected user and begins to send infected e-mails from
persons in the address book to other persons contained in
the address book. Very often the individual who is the
supposed “sender” of the e-mail has no idea that e-mails are
being sent with their name identified as the source of the
mail.
Denial
of service attacks are another relatively recent
development. In this type of attack a network is flooded
with e-mail or requests for service in order to exhaust the
resources of the network. Another type of denial of service
in some systems is using an incorrect password with a
legitimate user ID in order to lock the account of the
legitimate user. These types of attacks may be initiated by
disgruntled current or former employees, irritated
customers, or by random spammers as a means of retribution
against the organization.
STRATEGIES
FOR DIGITAL INFORMATION PROTECTION
The list
of potential causes of injury to digital informa
tion
assets is almost limitless. Network users must be constantly
on guard for suspicious e-mail traffic and must closely
adhere to security practices and procedures outlined by IT
professionals who administer the network. An individual
failure could expose the complete network infrastructure of
the company to costly delays and downtime, information
destruction or misuse, and could prove damaging to the
reputation and brand of the organization. There are three
critical areas of focus for network security: prevention,
detection and response.
According to Computerworld Magazine and Trusted Strategies
LLC, 84 percent of serious network attacks could have been
prevented if organizations would have taken steps to verify
the identity of computers connecting to their network, in
addition to requiring user names and passwords. (This
statistic considers all network attacks in which federal
officials were able to charge someone with a crime.) This
indicates the importance of protecting user names and
passwords from theft or misappropriation. Change user names
and passwords frequently and guard them against theft or
misuse. IMMEDIATELY DELETE PASSWORD ACCESS OF ANY TERMINATED
EMPLOYEE.
Social
networking (Instant Messenger, etc.) has become much more
common in the workplace and is a frequently used channel to
deliver malicious code. If company policies permit the use
of social networking for business purposes, extreme caution
should be used when interacting with unknown persons.
Create
policies that eliminate or greatly restrict social
networking. Train employees as to the dangers of virus
delivery through messaging, web advertising and media
software.
One of
the most important preparedness actions that can be taken is
to ensure that a complete backup of all digital data is kept
offsite and out of the control of any employee. This is
absolutely essential in order to prevent acts of employee
sabotage. Restoration from backup media should be
periodically tested in order to ensure that backup media is
functioning correctly and that systems can be restored in
the event of a major attack or other disruption. Store a
complete set of backup media offsite and out of the control
of any employee. Periodically test the restoration
capabilities of the backup.
Intrusion detection systems may be installed at the network,
application or host level and use sensors and other
techniques to monitor and log traffic. Some systems also
look for anomalies in the system in order to alert IT
personnel to the possibility that an intrusion is taking
place. Devices such as network, server and application
firewalls help to restrict access and limit the possible
points of intrusion. An additional technique called
“honeypots” places decoy network resources within easy reach
of intruders. This functions similarly to a “canary in a
coal mine” to provide early warning of danger. Ensure that
robust firewalls and intrusion detection systems are
installed, properly functioning and closely monitored.
Microsoft’s best practices document on network attacks
suggests the following strategies during and after a network
attack: Identify the nature of the attack – an effective
response strategy is difficult until the type of attack is
known. Find the source and shut it down – This could involve
pulling infected computers off the network, close ports,
block the attacker’s IP address or coordinate with your ISP
if the source is beyond your immediate control. Protect
evidence – logs and other information can be vitally
important to law enforcement as they investigate the
incident. Make sure to preserve all information related to
the attack. Locate all affected machines – Run appropriate
antivirus or patches to repair machines that are involved in
the incident. Don’t reinvent trouble – When reinstalling
operating systems and files, use a backup that you know has
not been compromised. Don’t try to patch your way back to
functionality; the risks are too great.
Network
security is the responsibility of every employee who has
access to the network. Vigilance, attention to detail, good
training and adherence to procedures are key to helping
protect your digital information. Preparedness by continuous
rotation of data backups offsite provides an effective route
for restoration in case of attack. Ask your offsite data
protection partner for more information.
MER ‘07
PROGRAM ANNOUNCED
Cohasset
Associates, Inc. is pleased to announce the program for the
2007 National Conference on Managing Electronic Records (MER
‘07).
DATE:
May 21 - 23, 2007 for the conference, May 20th for the
pre-conference tutorials.
LOCATION: Chicago, Illinois at the Westin Michigan Avenue
Hotel
SPECIAL
FEATURES
KEYNOTE
ADDRESS — A special two-part presentation by Karen Strong of
Clarity - together with an “A” Team of Compliance, Records
Management, and Technical professionals.
Keynote
Part 1 This interactive MER ‘07 Keynote introduces a
framework for Enterprise Content and Records Management (ECRM)
process improvement. Karen Strong will define the
organizational processes that contribute to the attainment
of legal, operational, and technical goals.
Every
audience member will participate, through a real-time data
capture system, to demonstrate the value of knowing ‘your
ECRM number’.
This
first part of the MER ‘07 Keynote will provide you with the
information foundation for Wednesday’s second part of the
Keynote - where the concepts presented in this session are
applied in an innovative and insightful case study.
This
year’s two-part MER Keynote session will change the way you
think about enterprise content and records management.
Keynote
- Part 2 The Enterprise Content and Records Management (ECRM)
process model introduced in the opening Keynote session on
Monday will have established a standard approach for
improving the processes that contribute to the attainment of
legal, operational, and technical goals.
In this
Second part of the MER Keynote, the cross-function-al
communication and collaboration necessary to accomplish your
organizational objectives and improve your ECRM number will
be discussed. The highlight of this second part of the MER
Keynote will presentations by an “A” team of experienced
industry experts detailing their roles and the processes
they used in the development of this innovative and
practical approach that will accelerate the successful
management of electronic records.
This
year’s two-part MER Keynote session will change the way you
think about enterprise content and records management.
CASE
STUDIES Learn from the experiences of the leaders of ERM
implementation:
• Altria (Compliance & ERM training
• Central Intelligence Agency (Managing
Electronic Records: “Hurry up and LISTEN!”
• ConocoPhillips (e-Records Holds: Preserving
e-Records and ESI
• National Archives of Sweden (Total Cost of
Ownership
• National Archives and Records Administration
NARA (Searching Techniques: The Next Contested Area in
Discovery
• Microsoft (The ERM functionality of Office
2007
• Philip Morris International (Automatic
Retention of e-Mail for Litigation Purposes
• United States Patent & Trademark Office USPTO
(Searching Techniques: The Next Contested Area in Discovery
• Valero Energy (Keynote Address Part 2
CONFERENCE PROGRAM The MER ‘07 Conference program will
include:
• 39 outstanding speakers
• 26 informative sessions
• 16 leading solution providers
• 4 in-depth all day pre-conference tutorials
• 2
special Keynote Addresses Opening Keynote Closing Keynote
NETWORKING There will be three of the MER’s highly
successful Networking Receptions: Sunday, Monday and
Tuesday.
FREE
AUDIO CDs OF EVERY SESSION In addition to their conference
notebook, every registrant will receive a complimentary
audio CD of all the sessions, so every attendee will benefit
from all the information provided in every session.
SPECIAL
PRE-CONFERENCE TUTORIALS Four outstanding 6-hour tutorials,
conducted by renowned experts, will be held on May 20th:
• e-Mail Management...or Mis-Management???
• Charting the Path to Enterprise Content
Management: Strategy, Methodology and Architecture”
• Microsoft’s 2007 Electronic Records Keeping
Capabilities: How to Put Them to Work for You
• Assured Records Management: Align ERM
Performance to Business Strategy
EXHIBITORS In addition to the conference program, MER
attendees will have an opportunity to meet with the 16
Select Solution Providers who will be exhibiting in suites
at the conference hotel.
COMPLETE
CONFERENCE INFORMATION Full details about the MER ‘07
conference program are available on the web site
www.merconference.com
Records
Management Added to List of Clinger-Cohen Core Competencies
IT managers need to know more about records management.
That’s the message they received when records management was
added to the Clinger-Cohen Core Competencies latest version.
The CIO Council, which serves as the principal interagency
forum for improving the federal government agency
information resources, along with 13 federal agencies and
academic representatives collaborated to make the changes to
the list of IT management knowledge and skills required for
all federal government CIO staff.
“Records
management is a key competency for IT managers and with the
recent issues regarding personally identifiable information
it even becomes that more critical,” says Barry C. West,
Chief Officer and Co-Chair of the IT Workforce Committee.
The CIO
Council and its IT workforce committee is committed to
developing and maintaining an effective IT workforce by
encompassing the full employment life cycle, focusing on
planning, recruitment and retention. With the government
streamlining more IT resources, creating more
enterprise-wide programs, they must ensure that the
workforce is well versed and trained to execute their
programs with little risk.
For more
information please visit: www.cio.gov
About
ARMA International
ARMA
International (www.arma.org) is a not-for-profit
professional association and the authority on managing
records and information. Formed in 1955, ARMA International
is the oldest and largest association for the records and
information management profession with a current
international membership of more than 10,000. It provides
education, publications, and information on the efficient
maintenance, retrieval, and preservation of vital
information created in public and private organizations in
all sectors of the economy. It also publishes the
award-winning Information Management Journal.
