By: Bob J. Valkovski
One type of computer security risk is unauthorized access and use.
Unauthorized access is the use of a computer or network without permission. Hackers typically break into a computer by connecting to it and then logging in as a legitimate user. Some intruders do no damage but they merely access data, valuable information or programs on the computer.
Unauthorized use is the use of a computer or its data for unapproved or illegal activities. It includes a variety of activies such as gaining access to a bank computer and performing an unauthorized bank transfer etc.
Preventing Unauthorized Access and Use
1. Have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and the network may and may not be used.
2. The use of firewall
3. Access Controls
4. Intrusion detection software
5. Audit trails
Intrusion detection software = analyzes network traffic, asssesses vulnerability, identifies unauthorized access and notifies network administrators of suspicious behaviour patterns or system breaches.
Access controls = defines who can and cannot access a computer, when they can access it and what actions they can take. Includes a user name and password, a possessed object, a biometric device and a callback system.
Audit trail = records in a file both successful and unsuccessful access attempts.
