First step : identifying the risks to understand how to manage the
risk. What are the risks?
The main risks result from programs and methods likely to
compromise the hardware or the software integrity of a computer; or the confidentiality and
integrity of personal and business data; or the capacity of work of those who use them. There are
also risks related to the law itself, the new worldwide legal and security threads, favoured by
business abuses and cyber-crime. These risks are an issue for PC users and also for Web site
administrators, for corporate networks administrators, and for public networks as well.
Harmful programs
Virus, worms, trojans, spyware, addware and other plagues
enter into PCs via e-mails, simply through the Internet connection, when visiting a site Web, or by
copying CD-ROMs, disks or any removable media, when it isn't by installing a software.
Distant control
It is possible to take control of a remote computer in order
to use its memory for calculation, for instance or to steel data.
Theft of data and abuses on Internet
The private data is an issue for all computer users, even
without considering confidential data or credit card numbers: passwords, birthday dates, addresses,
e-mail addresses, working documents, list of visited Web sites, represent as many common
information that may be plundered malevolently. In the same way, certain Web sites wrongly exploit
or resell the personal data collected.
As an example, in 1997 the Clusif [French Club for the security of information systems] came
down in favour of the security of health data networks. This issue is more important that it seems
at first: a weak password is enough to compromise the security of a network and the medical staff
chain is not necessarily trained to such issues.
Another example: Echelon. Echelon is a system used by the United States National
Security Agency (NSA) to intercept and process international communications passing via
communications satellites and controlled by the US, UK, Canada, New-Zeeland and Australia. Echelon
was in Europe for a long time considered to be science fiction till the European Union Parliament
began investigate it. The EU decided en 2004 to invest 11 Millions Euros in four years to develop a
secure communication system relying on quantics cryptographic processes to produce unbreakable
keys.
Article dont le lien n'aboutit plus http://www.weblmi.com/news_store/
2004_05_18_11_M__pour_la_crypto_75/News_view 18/05/2004, French [second
window]
Legal and security abuses must be considered as well. Private data,
e-mail exchange and Web site owners are at risk. illustrations:
1. Interception systems for the control of the e-mails are
now in power in many countries, including the UK; just as the cyber-surveillance of employees by
corporations.
2. Due to a recent US / EU agreement, now in full power, it
is mandatory for the European airways companies to disclose to the US administration their client's
data [address, telephone, food preference, health data included] as far as a fly to the US is
concerned.
3. The copyright law is more and more used to silence Web
site owners.
As an example, Carnivore, is a
control system for mails. EPIC [Electronic Privacy Information Center] publishes a column about the
FOIA litigation: "The Carnivore FOIA Litigation" [FOIA pour Freedom of Information Act]. If you use
the search box, you may also find articles about Echelon.
The SPAM is a distinct issue. The word SPAM covers the
invasion of our mailboxes by unsolicited emails. The SPAM has a distinct position; by its nature of
business abuse, first, and by its consequences, not harmful in itself but truly devastating for the
capacity of work of people that receive it, its huge volume, sometimes the nature of its
contents.
Vectors used
The main vectors used by harmful programs and SPAM are the
Internet network, WiFi networks, computers or computer networks, programs made available without
intention by Web servers, Web and DNS servers security weakness, theft of files, crossing data from
various fraudulent sources, etc.
See also our Resources portal, which includes many commented resources in English; in particular
the section General resources, SPAM, technical resources and Test tools.
To search our web sites use the box below To search for an exact phrase, put it in double quotes
