Getting software onto a computer can be done in three ways:
The simplest form of access would be via a new, unique computer virus. This is because it may not be picked up by virus scanning software. It could also use the facilities on your system to compile a digest of the information and usage of your computer, and send that back to its base. Whilst access to your system whilst you are online is possible, it would be difficult to arrange because unless you are online all the time, they will not when precisely when you use the Internet.
To protect against people accessing your computer from the Internet, and also protecting against rogue programs on your computer, you should use a firewall on your network or Internet connection. (refer to Firewalls in briefing 6) This will flag up a warning whenever an unauthorised access takes place. But beware of the Microsoft firewall - it only works on connections going into your computer, so rogue programs can still connect out.
Getting access to your computer is the next most likely. This is a real possibility, since you must assume that the types of people engaged in this kind of surveillance, because of the technical barriers involved, are professionals. They are also likely to have the technical capability to gain access to your home or workplace. You should therefore take steps to limit access to your system.
The briefing on Introducing Information Security (no.1) outlines how to protect your information. Perhaps one of the most effective means of preventing opportunistic access, apart from a boot password, is a screen saver with password protection. This is a simple means of preventing access whilst you are away from the computer.
Computer networks are another surveillance problem. Networks operate by sending packets of data to every computer on the network, but only the computer matching the packet address will process that packet of data. Using programs called "packet sniffers" it is possible to read all the packets that cross the network. Using a packet sniffer it is possible for one computer on the system to intercept all data transactions over the system, or just those for one of the other computers. This again could be done using software installed on the system without the knowledge of the computers operator. The problem would be extracting the large volumes of information that sniffing packets can generate. But for only a short period of time, packet sniffing could reveal all sorts of information.
One of the lesser known forms of surveillance goes by the name of 'TEMPEST'. Computer monitors and some other digital equipment emit radio waves as the high-powered coils and transistors switch electricity to create the video image. The same type of emissions can be used by TV companies to detect if their programmes are being watched on an ordinary TV without a license being paid. But with better technology, the actual image on the screen of a computer monitor can be captured and displayed.
One solution to the TEMPEST problem is to use a low powered display, such as a laptop computer. But it is possible that these displays could also emit waves that could be resolved to produce an image. The only certain solution to TEMPEST is to shield a monitor, which is a very difficult thing to do, or specifically buy an extremely expensive shielded monitor.
Finally, computers themselves can be tapped physically. For example, it would be possible to bug the keyboard in a way that transmitted the codes of the keys pressed - in this way it is easy to discover the passwords use to start the computer, as well as the passwords for accessing the Internet, email and encryption keys. Anything beyond tapping the keyboard would require taking your computer apart.
See also:
Search Encyclopedia
|
Featured Article
|