Your computer is one among millions of other computers networked together. As a broadband subscriber, your computer is (generally) reliably connected to the Internet, and your connection is quickly responsive. You have physical control over your machine, and can take informed action to protect your resources and files.
Authentication and Authorization
If you don't want to allow global access to your files, you may need to set logins and passwords to limit your computer's users. Authentication means verifying the user. Authorization is allowing that user access to your system. Verifying users of your machine can help you track the activity in files and resources.
To further limit access to your resources, you may wish to set permissions on individual files. For instance, you may have a text file that anyone can read. This is called global access. Another file may only be read by anyone in a special group that you design. This is group access. A third file may only be readable by you--individual access.
Your computer may generate logs which can be important diagnostic tools. For instance, your web server keeps track of machines that have requested your web pages:
If you run an FTP server, you also have logs of who moved files in or out. Your security products also produce information logs that can inform you about traffic, system users, and more. In combination with active security products, logs can be a powerful tool to mitigate your security risks.
In reality, these five "A"s are somewhat intertwined. For example, it doesn't make sense to have Authentication without Authorization. Access control doesn't happen without Authentication and Authorization, and none of these make sense without Awareness.
The first step is awareness about your computerized self.
Most people keep stored computer files that reflect their lives. Generally, the "ordinary life" is not of interest to malicious hackers and crackers--unless they have easy access to your financial persona: transactions, credit card numbers, mother's maiden name, etc.
The second step is awareness about your system.
Many of your system's vulnerabilities are known and described on public security sites. In some cases, fixes (often called patches) are also published for your use.
What you can do to reduce your system's security risks:
If you only have one computer:
If you have a home network with more than one computer:
The third step is awareness about your network.
Don't open email attachments from strangers. Confirm attachments
from friends. Be especially wary of unexpected files ending
Do not volunteer more info to web sites or strangers than is absolutely necessary. You already leave plenty of information behind in the logs of sites you've visited.
Use encrypted email services and programs when possible. Encryption is a process by which plain text (what you type on the screen) is "scrambled" into a code that can't be read without a special "key" that unscrambles that code. Encryption programs such as PGP have plug-ins that enable them to work with common email programs. Encryption isn't very easy to use yet, but many developers are working on this problem. (Appendix I has a few resources that might be informative.)
Do not run public servers without adequate protections. Many vulnerabilities are known and published on the net; many fixes and system patches are also available.
Look at your logs and run security scans periodically. Your logs and tools can provide a picture of what's going on.
Being comfortable with your computer and the Internet, and being aware of the inherent risks, is an important part of the broadband environment. Many resources exist to help you get a handle on your situation. The following Appendices provide more links, perspectives, and information to help you with this important task.
Home or Next: Footnotes