January 18, 1999
Experts say stymie hackers by using several safeguards
David Troester   Business First

If your company has a computer, a computer system or a series of computer
networks with online Internet access, then it's vulnerable to "hackers"
and "crackers." 

How do you safeguard a computer system? 

Firewalls are the most common method. Firewalls check passwords and other
ID of users seeking system access from the outside. 

[Technically, no. Firewalls act a method of allowing or 
disallowing traffic based on a ruleset. If traffic is deemed 'allowed',
then it is passed through the firewall and to the target machine, at
which point the user must authenticate themselves.]

"It's a piece of equipment or a piece of software that runs on a
computer,"  said Michael Rockwell, CTG principal consultant. 

Firewalls may filter by address or actually interrogate a message. Hackers
often attach a file to e-mail which, when opened, can damage a system. 

[Hackers often attack a file to mail that can damage a system?
I don't think that quite meets the description of your average hacker.]

"It's like placing a landmine somewhere and just waiting for somebody to
step on it," said Natalie Neubauer, business manager at PC Expanders Inc.
in Amherst. 

[A better analogy would be "trying to convince someone to pull
the pin of a grenade". You aren't trying to hide the program usually, rather, 
hoping they will run it when they see it.]

Firewalls can vary in price, depending on the system and needs, from
hundreds to thousands of dollars. 

Passwords are another way to keep out hackers. 

Each system user should have a password, typically known by only the user
and system administrator. Passwords should not be common, trite or
familiar words, names or dates. 

[Even the system administrator should NOT know your password. They
have full access to the system and should never have need for that
piece of information.]

"We suggest a combination of both characters (letters) and numbers," 
Neubauer said. "We always tell our users, `If you can't remember the
password then it's a good password.' " 

System users should be required to change passwords on regular intervals,
monthly is recommended for best safety. 

"Never send your password through e-mail. The e-mail can actually get
snatched, and they can get the information out of the e-mail," Neubauer

Encryption is another good way to safeguard a system from outside

Encryption software essentially scrambles information sent across a
network in a code, to be decoded by the intended receiver. 

Private and public keys are the most common form of encryption. 

"Essentially what happens is you generate a key pair. One of those keys
you keep for yourself, which is a private key and then the public key you
make available to everyone," said Rockwell. 

Tracking and recording of information and messages sent on a network also
may avert potential hackers from hacking. 

Most systems, encryption programs or other software log network activity. 
For example, PC Expanders' ISP operating system uses Lynux software to
monitor activity and has traced malicious users in the past. 

[Might they mean 'linux'?]

Tracking also can identify the password and equipment used to enter a
system during an inside intervention. 

[What?! This sounds more like a kludge of terms than a valid
factual statement. Is this a sniffer or tracking software or both?]

"What I keep hearing is most of the things that happen are internal," said
Stephen Adorian, president of Cybernetic Communication Systems Inc. in
Lockport. For example: "People want to find out what the guy is making
down the hallway so they get into employee payroll records," he said. 

Smart Cards can protect a system in a method similar to passwords with
much heightened security. About the size of a credit card, they are used
for access to a system and generate new entry codes about every minute in
synchronization with system entry points. 

"Those actually work really well," Neubauer said. "Even if you are on the
Internet and someone snags that password, it changes within 60 seconds." 

Smart card software costs about $500, she said. The danger of smart cards
arises if the card is lost or stolen. 

Biometrics is another sophisticated way to protect systems, but used only
in high-security organizations. Biometric technology allows system access
by scanning thumb prints, eye retinas or other physical characteristics. 

"There's not much of a request for it around here," Neubauer said. 

System administrators and computer professionals agree no system is hacker
proof. System upgrades, software patches and monitoring need to occur on a
regular basis to maintain defense against invaders. 

"You can set up different kinds of equipment so that just like moats of
old it's going to take somebody to swim through the alligators to get to
your machine," Adorian said. 


These are the most annoying articles regarding hackers and/or security.
Because they contain no hard facts, and insist on using several buzz words
and vague descriptions of technology, the reader has a hard time understanding
what is real and what is opinion. Pointing out the mistakes is difficult
because it often requires going into a lot more background explaining
the concepts, then pointing out why each part is wrong when used in 
conjunction with each other.