No vaccine to ward off effects of virus attacks
1
Computers and Security, Vol. 7, No. 5 Government agencies. The New York Times,July 4, 1988, p. A8. Scent of Money Lares Firms to Jump on Antiviral Bandwagon, Rachel Parker. A bushel of com- panies is marketing antiviral or vaccine programs, tapping into users' fear of the seemingly ran- dom and destructive viruses. See- ing financial opportunity, entrepreneurs have started com- panies devoted to virus protection. In addition, vendors say that the virus phenomenon has created a ready market for security devices. Vendors are also concerned about the rise of products claiming virus protection. Users and corporate managers have no way ofjudging the products. InfoWorld,July 4, 1988, p. 30. No Vaccine to Ward offEffects of Virus Attacks, Belden Menkus. Assaults on individual disk files by computer viruses are evolving into attempts to vandalize intercon- nected disk arrays supporting main- frames and efforts to interdict the operation of large communications networks. Although the risk of infection cannot be eliminated yet, some risk-reduction actions should be taken now. These include: Restrict downloading of files and software from bulletin boards. Limit the use of software products that have not been independently verified to be virus-free. Design interfaces to network gateways and other telecommunications ports that prevent direct access from outside-to-disk content. Segment data center-resident direct-access storage device interconnection. Computerworld , July 11, 1988, p. $8. Recoveringfrom a Computer Virus Attack, Frank G. F. Davis and Rex E. Gantenbein. The article discusses what a computer virus is and why it is dangerous and pre- sents a method for detecting the presence of a computer virus and removing it from a computer system. This method would be ap- plicable even if the virus had caused the system to crash. The method is flexible enough to avoid conflict with a site's security policies. The Journal of Systems and Software, De- cember 1987, pp. 253-258. From the U.K. Security in Open System Networks: A Tutorial Survey, AimeJ. Bayle. Open systems are computer systems of various kinds, models or makes which comply with the international communications protocol standard specified by the International Org- anization for Standardization (ISO) for the interconnection of systems. The objective oflSO is to permit the interconnection of heterogeneous/homogeneous systems so that meaningful exch- anges of information can take place between the cooperating applica- tion processes running on those systems. In that world of com- petitive communicating applica- tion processes, security controls and mechanisms must be estab- lished to protect the exchanges of information. This paper first introduces the ISO reference model for Open System Interconnection (OSI) and describes its seven architectural layers. The security motivation and requirements for opensystem networks are then reviewed. The threats to security that may arise in the context of open system networks are analyzed. The secu- rity services and mechanisms pro- vided by the ISO / OSI security standards to counter those threats are defined. The paper then pre- sents the administrative manage- ment aspects of OSI security. The implications of implementing the ISO/OSI security standards on real systems are outlined by using an example and the related issues are discussed. Finally, the current status of the ISO / OSI security standardization activities is prod- uced. Information Age,July 1988, pp. 131-I45. "Remember to Lock the Door": MMI and the Hacker, William Roberts. Increasing empha- asis is being placed on the impor- tance of man-machine interface (MMI) issues in modern computer systems. This paper considers the ways in which common MMI fea- tures can help intruders to breach the security of a system, and sug- gests methods for enhancing system security and data integrity by careful MMI design, aiding both the user and the system ad- ministrator. Information Age, July 1988, pp. 146-I50. Access-Control Software, Michael Friedman. A practical man- agement introduction to access- control software is presented in the context of creating solutions to prevent unauthorized use of com- puter resources. The paper also describes the three most popular IBM access-control software pack- ages and the corresponding evalua- tion criteria as a means of main- taining computer security. Information Age, July 1988, pp. I57-16I. 523
-
Upload
belden-menkus -
Category
Documents
-
view
216 -
download
3
Transcript of No vaccine to ward off effects of virus attacks
Computers and Security, Vol. 7, No. 5
Government agencies. The New York Times,July 4, 1988, p. A8.
Scent o f Money Lares Firms to Jump on Antiviral Bandwagon, Rachel Parker. A bushel of com- panies is marketing antiviral or vaccine programs, tapping into users' fear of the seemingly ran- dom and destructive viruses. See- ing financial opportunity, entrepreneurs have started com- panies devoted to virus protection. In addition, vendors say that the virus phenomenon has created a ready market for security devices. Vendors are also concerned about the rise of products claiming virus protection. Users and corporate managers have no way ofjudging the products. InfoWorld,July 4, 1988, p. 30.
No Vaccine to Ward offEffects o f Virus Attacks, Belden Menkus. Assaults on individual disk files by computer viruses are evolving into attempts to vandalize intercon- nected disk arrays supporting main- frames and efforts to interdict the operation of large communications networks. Although the risk of infection cannot be eliminated yet, some risk-reduction actions should be taken now. These include: Restrict downloading of files and software from bulletin boards. Limit the use of software products that have not been independently verified to be virus-free. Design interfaces to network gateways and other telecommunications ports that prevent direct access from outside-to-disk content. Segment data center-resident direct-access storage device interconnection. Computerworld , July 11, 1988, p. $8.
Recoveringfrom a Computer Virus Attack, Frank G. F. Davis and Rex E. Gantenbein. The article discusses what a computer virus is and why it is dangerous and pre- sents a method for detecting the presence of a computer virus and removing it from a computer system. This method would be ap- plicable even if the virus had caused the system to crash. The method is flexible enough to avoid conflict with a site's security policies. The Journal of Systems and Software, De- cember 1987, pp. 253-258.
From the U.K.
Security in Open System Networks: A Tutorial Survey, AimeJ. Bayle. Open systems are computer systems of various kinds, models or makes which comply with the international communications protocol standard specified by the International Org- anization for Standardization (ISO) for the interconnection of systems. The objective o f lSO is to permit the interconnection of heterogeneous/homogeneous systems so that meaningful exch- anges of information can take place between the cooperating applica- tion processes running on those systems. In that world of com- petitive communicating applica- tion processes, security controls and mechanisms must be estab- lished to protect the exchanges of information.
This paper first introduces the ISO reference model for Open System Interconnection (OSI) and describes its seven architectural layers. The security motivation and requirements for opensystem networks are then reviewed. The threats to security that may arise in the context of open system
networks are analyzed. The secu- rity services and mechanisms pro- vided by the ISO / OSI security standards to counter those threats are defined. The paper then pre- sents the administrative manage- ment aspects o f OSI security. The implications of implementing the ISO/OSI security standards on real systems are outlined by using an example and the related issues are discussed. Finally, the current status of the ISO / OSI security standardization activities is prod- uced. Information Age,July 1988, pp. 131-I45.
"Remember to Lock the Door": MMI and the Hacker, William Roberts. Increasing empha- asis is being placed on the impor- tance of man-machine interface (MMI) issues in modern computer systems. This paper considers the ways in which common MMI fea- tures can help intruders to breach the security of a system, and sug- gests methods for enhancing system security and data integrity by careful MMI design, aiding both the user and the system ad- ministrator. Information Age, July 1988, pp. 146-I50.
Access-Control Software, Michael Friedman. A practical man- agement introduction to access- control software is presented in the context of creating solutions to prevent unauthorized use of com- puter resources. The paper also describes the three most popular IBM access-control software pack- ages and the corresponding evalua- tion criteria as a means of main- taining computer security. Information Age, July 1988, pp. I57-16I.
523
