|
|
|
From a security and management perspective, the NC is clearly a step forward, a cost-effective one at that. It is not unreasonable to suggest that individuals who still need or want a truly personal computer can either use their own machine at home, or use a nonnetworked system at the office. In any event, organizations should not lose sight of the fact that the “personal” computers it provides to its employees are actually the property of the organization, which is free to control the manner in which they are used, particularly when some uses such as Web surfing can increase risks to valuable data, not to mention the negative impact on productivity. Network Security Implications Constant improvements in hardware and software enabled LANs to grow in size and power. By the early 1990s some LANs had evolved into mission-critical information systems. The security implications increased dramatically but, even when network managers have had time to think about these implications, they have often lacked the resources and tools with which to address them. Furthermore, because many of these PC-based networks resembled the familiar paradigm of a powerful central computer supporting numerous, less powerful machines, many people assumed that the security problems could be solved in familiar ways, such as (1) give users password protected network accounts and don’t let anyone log onto the network unless they can supply a valid account name and password; and (2) perform regular backups. In practice, (2) has been easier to achieve than (1), but in a typical LAN environment (2) offers less protection than you might expect. The reason is simple. As was noted earlier, desktop computers are computers, they are not terminals. A desktop computer runs its own operating system under local control, does its own processing, has its own storage and its own input and output capabilities. Of course, you can try and make a desktop computer emulate a terminal, but unless you turn it into a terminal it will still be a computer. Of course, there are many positive reasons for increased intercomputer communications, such as:
There are also potential security benefits. Any serious network operating system, or NOS, contains security features, and every NOS is more mindful of security than the popular desktop operating systems. The centralized storage of information that comes with server-based networking makes that information easier to protect, at least in terms of backup. But these gains come with risks attached. Connecting two computers opens up a new front for the attacker who can exploit the connection, either to get at the data being transferred, or to penetrate one or more of the connected systems. Simply put, establishing a connection between two or more computers means:
The increase in potential gains from a single successful penetration of security makes the connected computer a far more promising target for the attacker. You still have to worry about in-house interlopers, both the merely curious and the seriously fraudulent, as well as disgruntled employees for whom intercomputer connections are a target for belligerence. But you also need to consider outside hackers, both amateur and professional, who live and breath intercomputer communications.19 The security implications of networking personal computers can be assessed as two different factors:
|