Wednesday, May 9, 2012

Human Factor on the Security System

The Problem with Technology and the Human Factor

Some organizations see the solution to information security problems as a technical problem. Several suppliers propose the same idea with technical solutions. The technologies of the security manager are firewalls, antivirus software, PKI systems, and VPN. All of them are valuable and protecting their network. If technology is fallible like humans, the technology is equal to the person who knows how to use it.
Computer Security

Everyone should have security on their computers and networks. There are several shortcomings that view. Even the software can be perfect, it would still have problems from hacker, testers, viruses and software mistakes. They will find unchecked memory, backdoors, and other weaknesses in commercial and in-house developed software. The problem is multiplied by the complication of modern information technology systems. Organizations that use multi-layered security are going the right direction, but it is hard for every layer of protection to be perfect. Protection of the organizing systems needs intelligent users that do not create security bug for their systems.
Many organizations really don’t understand their information security problems. They do not have all the information to make sure that they know exactly the right technical solution to a problem. They recognize the need for standard information security software; however they rarely have basic information of requirements. They buy firewalls for protection only with no care to monitor security alarms, update attack signatures, or respond to new forms of network traffic. They scan emails for viruses but ignore JavaScript. For a good security you need to educate your workers about worms, spam mails viruses etc.
The term “Technical solution” brings high unrealistic expectations because technology requires the human keep it up to date. Custom-made security technology is extremely expensive, while standard cheap software is not as good and offer little advantage to custom-made security technology.  It puts creating the best technology out of the hands of the uneducated people, because the people are stuck with below standard technology when they do not know better. Last but not least, someone has to use this technology. This can bring big problems, because people can make mistakes.
Information Security is not much different from security in general. After all, no one would put heavy security on something not important.  For example, who would put a heavy security lock on a box if it only has something as unimportant as a rock? Also, if a car looks good but has a broken window, then the whole car is not safe, just like the information security. Protection against cyber attacks works on the same idea. All weak points should be secured whether on a desktop computer, an organization’s server, or a corporate network.  Information should also be entered through safe paths.
Human Factor on the Security System

There are a lot of security software in the world, for example there is firewalls, intrusion detection systems, anti viruses etc. All types of software designed are made to do a certain function. This software will help protect a system. However, even the best software cannot guarantee a hundred percent system security. Even with the most advanced technology and passwords cannot be a hundred percent safe. This is because people made the system and they can make mistakes. So, people are the weakest part of technology.
The human factor is the main reason why attacks on many computers and systems are successful. There are many great examples, hackers, virus writers, and dangerous users use the human factor to their advantage. Therefore, they use people to penetrate systems.
Some Examples about Security

Many people do not understand why using software with many weaknesses poses a security risk to their computer or system. The many computer users see their computer as an object. They want to use it as a washer, a microwave, or any other simple device. They don’t want to know how it works. Even if they do, they would not know how it works like other objects they use. They just think that if they install a system that protect against viruses and software without weaknesses, they’ll have nothing to worry about.
Not knowing the problems of threats is only part of the problem. The human factor also comes into play. Many bad code starts to show at the drafting stage, especially when they create security policies and procedures. The security of wireless networks is in a poor state. Many errors were made when wireless protocols were being made. There is much written about them having bad program errors. While programmers and testers continue to find bypass security, new exploits will be found. Even the most developed software will be used, but again the human factor will be there. If you have a poorly trained system administrator and user, the best firewall or other protection systems in the world will not protect your system.
The way users treat confidential information is a careless approach to security. A similar situation can be shown in everyday life. An example is a person leaving their keys on the door. A lot of systems use an empty or weak password. Some systems have the user’s name as the password just to access their system easily. Even when users use a complicated password which no one can think, they write their password on a paper or they forget it, therefore other users can find their passwords.
Another human sense which hackers use is that humans are curious. Many of us find email worms at some time in our life. We know that these worms arrive as attachments to infected messages. Sending the virus out is only having of what the virus writer has to do. The worm has to be activated to multiply through the system and to other computers. It could be activated by opening the attachment. You might think that users might become worried when seeing attachments to unexpected email.  But surprisingly, the hackers know how to use our curiosity.
It is interesting that people open unprotected e-mails even if they are not supposed to. However, the numbers of people who open the e-mails are always the same. This can be explained by the fact that virus writers find new ways to trick people. On the other hand, viruses do not only infect e-mail message, but you can also find them all over the internet.

Computers are becoming more common every day. Hacking is becoming more dangerous day to day. Hacking technologies is becoming more complex. Creating a good security system is not easy. There are many weak points in the system which is a never-ending process to protect. There is always new technology being developed. They are use to solve problems. They have their disadvantages too. Hackers, virus writers, dangerous users invent new ways to exploit the security software being used. The result is a war between cyber criminals and security professionals.  It does not matter if you have the best security product or a professional security engineer, technology is only as good with users that know what they are doing.
Ali Kapucu

No comments:

Post a Comment