Computer Security and Incident Response: A Case Study - NASIRC
MetadataShow full item record
From the perspective of a college student on the brink of the 21st century, it is difficult to imagine what life would have been like at the beginning of the 1900s. Cars and phones were just beginning to take their places in society, television was still a distant dream, and the computer was decades from becoming a reality. Business was conducted in person and deals were completed with a handshake. As technology has improved, its role in both business and society as a whole has grown tremendously. No example of this is more apparent than that of the computer. The past fifty years have seen the role of the computer go from a research curiosity to a hobbyist's toy to a valuable business tool to, today, a heavily relied on method of doing business. Businesspeople can communicate with colleagues around the world with a few clicks of a button, companies store a wealth of information on computerized databases, and consumers can find virtually anything they want on the Internet. With this increased dependence on the computer and its abilities has come a new set of dangers, including the emergence of those who wish to use this technology for illegal purposes. History has seen its share of villains and criminals, many of whom have been glorified in movies and on television. These 'bad guys' come in, guns blazing, wreaking havoc everywhere they go. In the end though, the hero always gets his man, rides off into the sunset and lives happily ever after. Today's computer criminals, though, do not fit this stereotype - they can wreak their havoc anywhere in the world from the comfort of their desk chairs. This anonymity can make locating and prosecuting the perpetrators of these crimes a daunting task indeed. These so-called hackers (also known as crackers) present a new challenge to organizations wishing to keep their business private and secure. Along with my colleagues at NASA's Automated Systems Incident Response Capability (NASIRC), I took this challenge in an endeavor to protect NASA's valuable computing and information resources. While our efforts were met with a mixture of success and failure, the problem of keeping computers and information safe is not going to go away. In this paper, I will discuss some of the issues facing computer security today, how to deal with them, and then take a look at what one high-profile organization, NASA, is doing to combat this problem.