The Information Management Digest - March 2007
A Service of Data Storage, Inc.
INTERNET SECURITY – HOW FAR HAVE WE COME?
In the beginning, the Internet was nothing more than a
cold war response to Sputnik. A series of radar stations
were linked together in a network in order to communicate
information to each other. From this modest start,
university computer labs combined resources to introduce the
concept of timesharing nearly three decades later. By the
early 1980s there was regular communication and electronic
mail across networks like ARPANET, BITNET, TelNet, UseNet
and NSFNet whose launch in 1983 is generally thought of as
the point of origin of the modern Internet. The Internet
was, and remains, a networked array of computers linked
together by cables. What we think of as the modern Internet,
actually called the World Wide Web, did not come into being
as a concept until 1991. The first web pages created in
Hypertext Transfer Protocol (HTTP) did not appear until
1993. For a very interesting look at historical web pages
visit “The Wayback Machine” found at
http://www.archive.org/index.php. The site contains
snapshots of more than 85 billion web pages from 1996 to the
present.
REVIEW OF COMMON THREATS The first recorded computer virus
outside a lab occurred in 1982 on a computer running Apple
DOS
3.3. The first PC virus was recorded 4 years later and
originated in Pakistan. Prior to large-scale Internet
connectivity viruses were most frequently transmitted by
contaminated floppy disks used to transfer programs and data
between computers. Transmission via the Internet began to
occur in the late 1980s on BBS (bulletin board) or newsgroup
systems such as USENet. Trojan horse virus infections were
most often spread through the sharing of pirated software
programs or shareware.
In the mid-1990s macro viruses made their debut. This type
of virus exploits vulnerabilities contained within
legitimate programs such as Microsoft Word™ or Microsoft
Excel™ programs; these programs are capable of memorizing a
series of keystrokes or commands in order to more quickly
complete repetitive tasks – these are called macros. Because
Apple™ computers also utilized these programs, viruses were
also written to infect the Mac OS. Macro viruses are
difficult to detect due to the fact that macros are a
legitimate function of the software. These programs now
allow macros to be detected, if they are present, and
disabled prior to opening the file. One famous macro virus
was the “Melissa” virus.
While viruses of all types seek to do harm to individual
computers, computer worms seek to harm computer networks.
Worms were invented in a laboratory setting in 1978 but the
first widespread network attack of a computer work occurred
in 1987. This attack completely disabled IBM’s international
network and BITNET. Worms may be used to create alternate
points of access to the network which enables the sender to
effectively take control of a network in order to send spam,
e-mails or for other purposes. Computer worms such as
ILOVEYOU, Sobig and Mydoom created zombie networks for
spammers.
A computer fraud technique known as phishing has become a
significant modern threat. Phishing is an attempt to force a
user to reveal personal information by responding to what is
seen as a legitimate request. Users may receive an e-mail or
instant message from a financial institution, E-bay account
or other legitimate entity requesting that the individual
respond by verifying billing information, account
information or identity by clicking a web link. If the
criminal is successful, sensitive personal information,
including credit card information, may be obtained under
fraudulent circumstances and used without the permission of
the owner.
This practice originated on AOL in the mid-1990s. In June,
2005 more than 15,000 phishing attacks were reported.
A variation of phishing is called spoofing. This technique
is employed by computer worms such as ILOVEYOU to change
e-mail header information in order to make the e-mail appear
as thought it came from another person. This is accomplished
when the worm searches the e-mail address book of the
infected user and begins to send infected e-mails from
persons in the address book to other persons contained in
the address book. Very often the individual who is the
supposed “sender” of the e-mail has no idea that e-mails are
being sent with their name identified as the source of the
mail.
Denial of service attacks are another relatively recent
development. In this type of attack a network is flooded
with e-mail or requests for service in order to exhaust the
resources of the network. Another type of denial of service
in some systems is using an incorrect password with a
legitimate user ID in order to lock the account of the
legitimate user. These types of attacks may be initiated by
disgruntled current or former employees, irritated
customers, or by random spammers as a means of retribution
against the organization.
STRATEGIES FOR DIGITAL INFORMATION PROTECTION The list of
potential causes of injury to digital informa
tion assets is almost limitless. Network users must be
constantly on guard for suspicious e-mail traffic and must
closely adhere to security practices and procedures outlined
by IT professionals who administer the network. An
individual failure could expose the complete network
infrastructure of the company to costly delays and downtime,
information destruction or misuse, and could prove damaging
to the reputation and brand of the organization. There are
three critical areas of focus for network security:
prevention, detection and response.
According to Computerworld Magazine and Trusted Strategies
LLC, 84 percent of serious network attacks could have been
prevented if organizations would have taken steps to verify
the identity of computers connecting to their network, in
addition to requiring user names and passwords. (This
statistic considers all network attacks in which federal
officials were able to charge someone with a crime.) This
indicates the importance of protecting user names and
passwords from theft or misappropriation. Change user names
and passwords frequently and guard them against theft or
misuse. IMMEDIATELY DELETE PASSWORD ACCESS OF ANY TERMINATED
EMPLOYEE.
Social networking (Instant Messenger, etc.) has become much
more common in the workplace and is a frequently used
channel to deliver malicious code. If company policies
permit the use of social networking for business purposes,
extreme caution should be used when interacting with unknown
persons.
Create policies that eliminate or greatly restrict social
networking. Train employees as to the dangers of virus
delivery through messaging, web advertising and media
software.
One of the most important preparedness actions that can be
taken is to ensure that a complete backup of all digital
data is kept offsite and out of the control of any employee.
This is absolutely essential in order to prevent acts of
employee sabotage. Restoration from backup media should be
periodically tested in order to ensure that backup media is
functioning correctly and that systems can be restored in
the event of a major attack or other disruption. Store a
complete set of backup media offsite and out of the control
of any employee. Periodically test the restoration
capabilities of the backup.
Intrusion detection systems may be installed at the network,
application or host level and use sensors and other
techniques to monitor and log traffic. Some systems also
look for anomalies in the system in order to alert IT
personnel to the possibility that an intrusion is taking
place. Devices such as network, server and application
firewalls help to restrict access and limit the possible
points of intrusion. An additional technique called “honeypots”
places decoy network resources within easy reach of
intruders. This functions similarly to a “canary in a coal
mine” to provide early warning of danger. Ensure that robust
firewalls and intrusion detection systems are installed,
properly functioning and closely monitored.
Microsoft’s best practices document on network attacks
suggests the following strategies during and after a network
attack: Identify the nature of the attack – an effective
response strategy is difficult until the type of attack is
known. Find the source and shut it down – This could involve
pulling infected computers off the network, close ports,
block the attacker’s IP address or coordinate with your ISP
if the source is beyond your immediate control. Protect
evidence – logs and other information can be vitally
important to law enforcement as they investigate the
incident. Make sure to preserve all information related to
the attack. Locate all affected machines – Run appropriate
antivirus or patches to repair machines that are involved in
the incident. Don’t reinvent trouble – When reinstalling
operating systems and files, use a backup that you know has
not been compromised. Don’t try to patch your way back to
functionality; the risks are too great.
Network security is the responsibility of every employee who
has access to the network. Vigilance, attention to detail,
good training and adherence to procedures are key to helping
protect your digital information. Preparedness by continuous
rotation of data backups offsite provides an effective route
for restoration in case of attack. Ask your offsite data
protection partner for more information.
MER ‘07 PROGRAM ANNOUNCED
Cohasset Associates, Inc. is pleased to announce the program
for the 2007 National Conference on Managing Electronic
Records (MER ‘07).
DATE: May 21 - 23, 2007 for the conference, May 20th for the
pre-conference tutorials.
LOCATION: Chicago, Illinois at the Westin Michigan Avenue
Hotel
SPECIAL FEATURES
KEYNOTE ADDRESS — A special two-part presentation by Karen
Strong of Clarity - together with an “A” Team of Compliance,
Records Management, and Technical professionals.
Keynote Part 1 This interactive MER ‘07 Keynote introduces a
framework for Enterprise Content and Records Management
(ECRM) process improvement. Karen Strong will define the
organizational processes that contribute to the attainment
of legal, operational, and technical goals.
Every audience member will participate, through a real-time
data capture system, to demonstrate the value of knowing
‘your ECRM number’.
This first part of the MER ‘07 Keynote will provide you with
the information foundation for Wednesday’s second part of
the Keynote - where the concepts presented in this session
are applied in an innovative and insightful case study.
This year’s two-part MER Keynote session will change the way
you think about enterprise content and records management.
Keynote - Part 2 The Enterprise Content and Records
Management (ECRM) process model introduced in the opening
Keynote session on Monday will have established a standard
approach for improving the processes that contribute to the
attainment of legal, operational, and technical goals.
In this Second part of the MER Keynote, the
cross-function-al communication and collaboration necessary
to accomplish your organizational objectives and improve
your ECRM number will be discussed. The highlight of this
second part of the MER Keynote will presentations by an “A”
team of experienced industry experts detailing their roles
and the processes they used in the development of this
innovative and practical approach that will accelerate the
successful management of electronic records.
This year’s two-part MER Keynote session will change the way
you think about enterprise content and records management.
CASE STUDIES Learn from the experiences of the leaders of
ERM implementation:
• Altria (Compliance & ERM training
• Central Intelligence Agency (Managing Electronic Records:
“Hurry up and LISTEN!”
• ConocoPhillips (e-Records Holds: Preserving e-Records and
ESI
• National Archives of Sweden (Total Cost of Ownership
• National Archives and Records Administration NARA
(Searching Techniques: The Next Contested Area in Discovery
• Microsoft (The ERM functionality of Office 2007
• Philip Morris International (Automatic Retention of e-Mail
for Litigation Purposes
• United States Patent & Trademark Office USPTO (Searching
Techniques: The Next Contested Area in Discovery
• Valero Energy (Keynote Address Part 2
CONFERENCE PROGRAM The MER ‘07 Conference program will
include:
• 39 outstanding speakers
• 26 informative sessions
• 16 leading solution providers
• 4 in-depth all day pre-conference tutorials
• 2 special Keynote Addresses Opening Keynote Closing
Keynote
NETWORKING There will be three of the MER’s highly
successful Networking Receptions: Sunday, Monday and
Tuesday.
FREE AUDIO CDs OF EVERY SESSION In addition to their
conference notebook, every registrant will receive a
complimentary audio CD of all the sessions, so every
attendee will benefit from all the information provided in
every session.
SPECIAL PRE-CONFERENCE TUTORIALS Four outstanding 6-hour
tutorials, conducted by renowned experts, will be held on
May 20th:
• e-Mail Management...or Mis-Management???
• Charting the Path to Enterprise Content Management:
Strategy, Methodology and Architecture”
• Microsoft’s 2007 Electronic Records Keeping Capabilities:
How to Put Them to Work for You
• Assured Records Management: Align ERM Performance to
Business Strategy
EXHIBITORS In addition to the conference program, MER
attendees will have an opportunity to meet with the 16
Select Solution Providers who will be exhibiting in suites
at the conference hotel.
COMPLETE CONFERENCE INFORMATION Full details about the MER
‘07 conference program are available on the web site
www.merconference.com
Records Management Added to List of Clinger-Cohen Core
Competencies
IT managers need to know more about records management.
That’s the message they received when records management was
added to the Clinger-Cohen Core Competencies latest version.
The CIO Council, which serves as the principal interagency
forum for improving the federal government agency
information resources, along with 13 federal agencies and
academic representatives collaborated to make the changes to
the list of IT management knowledge and skills required for
all federal government CIO staff.
“Records management is a key competency for IT managers and
with the recent issues regarding personally identifiable
information it even becomes that more critical,” says Barry
C. West, Chief Officer and Co-Chair of the IT Workforce
Committee.
The CIO Council and its IT workforce committee is committed
to developing and maintaining an effective IT workforce by
encompassing the full employment life cycle, focusing on
planning, recruitment and retention. With the government
streamlining more IT resources, creating more
enterprise-wide programs, they must ensure that the
workforce is well versed and trained to execute their
programs with little risk.
For more information please visit: www.cio.gov
About ARMA International
ARMA International (www.arma.org) is a not-for-profit
professional association and the authority on managing
records and information. Formed in 1955, ARMA International
is the oldest and largest association for the records and
information management profession with a current
international membership of more than 10,000. It provides
education, publications, and information on the efficient
maintenance, retrieval, and preservation of vital
information created in public and private organizations in
all sectors of the economy. It also publishes the
award-winning Information Management Journal.
