Saturday, February 04, 2006

Emails And Network Security

With the number of small, home-based businesses at present, computers and the internet are fast establishing themselves as essential tools for business management. But the active use of computers in business as means of banking and other financial transactions has attracted unscrupulous individuals. These individuals come up with programs and viruses that are threats to network security in hopes of intercepting important files from home computers. The Computer Emergency Response Team (CERT) at Carnegie Mellon University says that there are several ways how internet criminals threaten network security through emails. These methods seem harmless and are virtually undetectable until it is too late.

These threats include: email spoofing and email viruses. All these are classified as intentional computer misuses but are unwittingly spread by people who are not aware of their possible effects on network security. CERT explains that the writers of the viruses and malicious programs usually exploit the ignorance of most computer users to spread their viruses.

Email spoofing happens when emails display sources other than the original source. The virus writer or the original source manipulates the virus program to make it appear that the source written on the "From" box is the actual sender of the message. Most cases involve "messages" from network system administrators asking the users to modify and send them new passwords or other important information. Others report receiving strange emails from banks or telephone companies. The recipient opens the email, thinking that it is an urgent reminder. The virus then starts spreading in the computer system. The usual function of viruses like this is to weaken network security in order for the virus writer to infiltrate the system.

Viruses can also infiltrate systems by email attachments. This happens when a virus writer programs a virus and sends it to people disguised as a harmless email or attachment. The criminal usually attaches a funny picture or story in the email to entice recipients to open it. The recipient, thinking that the message is harmless and funny, sends it to other people. The virus spreads and disables network security with minimum effort from the writer. Email viruses usually come as attachments with hidden or concealed file extensions. Most victims open attachments thinking that these are harmless text documents or images taking note only of the ".txt" or ".jpg" in the filename. CERT advises that the first file extensions are not important in an attachment or file. The important attachment is the last because it indicates how the attachment functions. Extensions like ".exe" or ".vbs" means that the attachment will run as a program once the recipient opens it.

There are no foolproof ways on how to prevent the spread of malicious programs and viruses. To maintain network security, CERT recommends ignoring strange emails even if these are sent by an authority. Verify the messages' origin by calling the agency that "sent" them. For best protection, CERT advises email users to avoid downloading and saving attachments in their computers unless they have verified its source. Installing firewalls and other anti-virus software also strengthens network security.