The Strength of a Computer Systems Security - Literature review Example

Running head: WEAKEST LINK REVIEW The Weakest Link: A Review of the Literature in Wireless Security Your College The Weakest Link: A Review of the Literature in Wireless Security As Loo (2008) writes, “the strength of a computer system’s security is always measured by its weakest component” (p. 68). While wireless technologies bring a wealth of benefits and mobility for end users, there is always a cost for this convenience. As Leo (2008) and others bear out, these drawbacks can be devastating if the wrong people can gain access. The primary danger that outsiders pose to sensitive information is the mistaken belief that the sensitive information is secured behind the metaphorical wall of wireless security. Yet, as recent events have shown, this wall is at best overstated and at worst illusory altogether. Regardless, wireless security is no longer a concern for only the home and business. As wireless access points grow in popularity, there is a growing need to secure networks that are designed to be used by members of the public. As Chenoweth, Minch and Tabor (2010) point out, these networks offer little or no security for the end user, which is a completely different problem, but related in the potential consequences of misuse. Finally, Potter (2006) believes that achieving true security at one of these public networks is impossible and that “Laptops and PDAs are so vulnerable in wireless hotspots, users would do well to turn them off” (p. 51). The views of wireless security that those authors give are separable into two different sets of categories. First, the authors either give an optimist/descriptive view or a pessimist/normative view of how end users should interact with wireless technology given security concerns. Loo (2008) witnessed the breach in internet security at a U.S. credit card processing center (a “descriptive” view) and wrote about how users can protect themselves. On the other hand, Chenoweth, Minch and Tabor (2010) and Potter (2006) described how there is virtually no security on wireless networks (a “pessimistic” view) and that users might be better off not using them (“a normative view”). Second, the authors give either an account of private home or business wireless security or an account of public hotspot wireless security. Once again, while Loo (2008) is writing primarily about private end users operating their own private networks, Chenoweth, Minch and Tabor (2010) and Potter (2006) are discussing networks in the context of public hotspots, as opposed to private channels. Seeing the literature in this way, one might realize that there is a certain consistency at work: from the time between 2006 and 2010, little advancements have been made in improving the wireless security for public networks. Meanwhile, private networks remain potentially unprotected, but that the weakest link in that chain is the end user, not the network itself as seems to be the case with public wireless hotspots. From this perspective, one can begin to put into context the kind of advice or observations that each article makes. Loo (2008) opens his discussion of private network wireless security by overviewing why end users are the weakest components in a computer system’s security. He writes, “In most systems, the weakest components are the end users, particularly when they are accessing the corporation’s databases with wireless facilities at home” (p. 68). Of course, what he is suggesting here is that corporations must safeguard their information from private individuals because, although those private individuals may think their connection is secure, it may be the easiest access way that an outsider has to gain access to the sensitive information contained within a corporation’s network. Loo (2008) dispels some of the myths above this private security, including the common belief that home computers are not attractive to hackers. However, this belief is false considering the increasingly digitized way that individuals share knowledge and communicate. Not only do people access corporate files from home, but also they buy and sell things online, access bank records, apply for credit cards, and so on. Each of these processes contains sensitive information that a hacker can potentially misuse for his or her advantage. Although Loo (2008) admits that security systems will never be perfect, he allows for some methods to effectively combat and deal with the threat that hackers pose to wireless security. He recommends protecting corporate interests with SSL techniques and that users create difficult passwords that vary between different access points on the internet. Essentially, a belief that individuals can protect themselves on networks is a kind of optimism, at least in comparison to those who readily declare the prospect of wireless security impossible. However, Loo (2008) is discussing security in private networks, which some may say has room for optimism. With respect to public networks, this prospect may not be so bright. Chenoweth, Minch and Tabor (2010) write that, “Given the insecure nature of public wireless networks, it is the responsibility of users to provide for their own security” (p. 134). Knowing what Loo (2008) discussed and his concerns about how the end user is ultimately the weakest link in the computer system’s security, it is a harrowing thought that the “weakest link”, as he describes it, is the only protection against hackers. This thought adds to the justifiable pessimism that their article brings to the fore. In the end, the study that Chenoweth, Minch and Tabor (2010) present, which shows that data transferred over a wireless network is not reasonably secure, adds to the relevance of a paper like Loo (2008), which is a description of how end users should go about creating a more secure connection with the internet over a network. Nevertheless, because the advice presented in Loo (2008) was intended for use with a private network, it may have limited applicability to this more limited, less secure context. In their study, Chenoweth, Minch and Tabor (2010) discovered the ease with which individuals can take and misuse information passed along university computer systems. In terms of open ports, the authors discovered that 65% of the time, a user is vulnerable over the network (p. 136). Although it is the oldest of the article, Potter (2006) is still an interesting article in the context of wireless security because (1) it provides a benchmark to evaluate current wireless security standards and (2) it agrees, at least partially, with the results of Chenoweth, Minch and Tabor (2010). However, Potter (2006) is slightly different from Chenoweth, Minch and Tabor (2010) in that the former is actually discussing secured public networks while the latter is discussing unsecured public networks (or “hotspots”) like one might find in a coffee shop. That might explain the greater pessimism of Potter (2006) in comparison to the other authors. He compares the “hotspot” network to a storm in which all users are simply searching for any port that will lead them to the internet (p. 53). He goes on to comment that system administrators of an unsecured public network are always more concerned with protecting the security of their systems, rather than the security of their users, which means that “users of wireless hotspots are ultimately responsible for their own security” (Potter, 2006, p. 54). This sounds very similar to the sentiments of Chenoweth, Minch and Tabor (2010), written almost five years later. However, the concern still exists that if end users are the weakest link in the computer system’s security, how much can they be trusted to secure their own systems. There is no guarantee that users will be capable, let alone conscious, of their security needs while using these networks. Throughout the three articles, the recurring theme is the responsibility of the end user to ensure his own security while using wireless network technology. However, this observation is often paired with a sense of pessimism that private end users are characteristically incapable of doing this effectively. A concern that individual users of technology should have going into the future is whether the risks are worth the rewards of utilizing sensitive information over potentially unprotected wireless networks. This observation follows the seemingly clear ethical responsibility that third parties, entrusted with this information, to protect that data. References Chenoweth, T., Minch, R., & Tabor, S. (2010). Wireless insecurity: Examining user security behavior on public networks. Communications of the ACM, 53, 134-138. Loo, A. (2008). The myths and truths of wireless security. Communications of the ACM, 51, 66-71. Potter, B. (2006). Wireless hotspot: Petri dish of wireless security. Communications of the ACM, 49, 51-56. Read More