NIGERIA COMPUTER SECURITY AND WEAPONS FOR CYBER CRIME PREVENTION The Tide Online: "Weapons for cyber crime prevention
Wednesday, Feb 15, 2006
During the out gone week, the headquarters of the Corporate Affairs Commission (CAC) Abuja announced that Information Technology would begin to propel the activities of her operations.Incidentally, I was in Abuja for most of the week, where I was a regular visitor to the commission's headquarters in Wuse, zone 5.

What this development means is that the CAC has opened its doors to online registration of companies in Nigeria, thereby making a journey to Abuja for that purpose unnecessary. And as with most online services, this will be available 24 hours a day, and 7 days a week. Many people will hopefully take advantage of this opportunity and undoubtedly, Cyber criminals will think in the same direction as well; cracking their brains on how to break into such networks and wreck unimaginable damage.

This is because the Internet is an Information Super Highway and as with all highways, the good, the bad and the ugly ply along those routes at varying speeds and with separate motives. Anyone who gets on the highway unmindful of others might just get crushed. The same scenario is also applicable to the Information Super Highway.

This is where computer security readily comes into Focus. Last Wednesday on this column, I had x-rayed cyber crime and how it is perpetrated, with a promise to present security options available to computer users.

Computer Security comprises of some techniques developed to safeguard information stored on PCs. Computers and the information they contain are often considered confidential systems because their use is typically restricted to a limited number of users. But this confidentiality can often be compromised in a variety of ways.

For example, hackers violate confidentiality by impersonating authorised users of computers in order to gain access to the users’ systems. They invade computer databases to steal the identities of other people by obtaining private, identifying information about them. Cyber criminals also engage in software piracy and deface Web sites on the Internet.

But the most serious threats to the integrity and authenticity of computer information come from those who have been entrusted with usage privileges and yet commit computer fraud. For example, authorised persons may secretly transfer money in financial networks, alter credit histories, sabotage information, or commit payroll fraud. Modifying, removing, or misrepresenting existing data threatens the integrity and authenticity of computer information.

Malicious hackers are increasingly developing powerful software crime tools, such as automatic computer virus generators, Internet eavesdropping sniffers, password crackers, vulnerability testers, and computer service saturators. For instance, an Internet eavesdropping sniffer intercepts internet messages on traffic. A password cracker tries millions of combinations of characters in an effort to guess a users password. Vulnerability testers look for software weaknesses. These crime tools are also valuable security tools used for testing the security of computers and networks.

In fact, it would be difficult to count all of the spam sent across the Internet each day. Some experts estimate that more than seven hundred million spam messages are sent around the world each day. Some experts say more than half of all e-mail sent is spam. This has gradually become a major problem for a lot of computer users. Many angry people have begun to fight back. Among these are private citizens, Internet service provider companies and even governments. The federal government is also considering a bill to check computer and internet related crimes. This bill known as the Cyber crime bill is now before the National Assembly, and has received inputs from the Economic and Financial Crimes Commission EFCC.

Meanwhile, a variety of simple techniques can help prevent computer crimes, such as protecting computer screens from observation, keeping printed information and PCs in locked facilities, backing up copies of data files and software, and clearing desktops of sensitive information and materials. Increasingly, however, more sophisticated methods are needed to prevent computer crimes. These include using encryption techniques, establishing software usage permissions, mandating passwords, and installing firewalls and intrusion detection systems. In addition, controls within application systems and disaster recovery plans are also necessary.

Storing backup copies of data and having backup computers are important basic safeguards because the data can then be restored if it was altered or destroyed by a computer crime.

Another technique to help prevent abuse and misuse of electronic data is to limit the use of computers and data files to approved persons. Security software can verify the identity of users and limit their privileges to use, view, and alter files. The software also securely records their actions to establish record of usage.

Passwords are confidential sequences of characters that allow approved persons to make use of specified computers, software, or information. To be effective, passwords must be difficult to guess and crack. Effective passwords must not be less than 7 characters, which must also include not only alphabets, but also numbers and symbols. To thwart imposters, computer systems usually limit the number of attempts and restrict the time it takes to enter the correct password.

Firewall protects computers that are linked to a network. Computers connected to the Internet, are particularly vulnerable to electronic attack because so many people have access to them. The firewall actually examines, filters, and reports on all information passing through the network to ensure its appropriateness.

Generally, organisations and businesses that rely on computers need to institute disaster recovery plans that are periodically tested and upgraded. It should also be noted that no security system is totally safe if the individuals managing it fail to enforce the measures that ensures its safety.