A01 chaf6542 06 se fm indd

Computer systems can also be protected by limiting access at the point the external net-

work enters the company. 

Firewalls

 are essential to prevent outside access to confidential 

company information, particularly where an extranet has been set up. Firewall software can 

then be configured to only accept links from trusted domains representing other offices in 

the company.

Measures must also be put in place to stop access to systems through published security 

vulnerabilities. The BBC (2003) reported that in 2003 there were 5,500 security vulnerabili-

ties that could be used. A policy on updating operating systems and other software with the 

latest versions is also required. It is not practical to make all updates, but new vulnerabilities 

must be monitored and patches applied to the  highest-  risk categories. This is a specialist 

task and is often outsourced. TruSecure (

www.trusecure.com

) is an example of a special-

ist company that monitors security vulnerabilities and advises organisations on prevention. 

They also employ a team of people who attempt to infiltrate hacker groups to determine 

the latest techniques. TruSecure gave the FBI over 200 documents about the ‘Melissa’ virus 

author. Although they did not know his real name, they knew his three aliases and had built 

a detailed profile of him. ‘

’ are former hackers who now apply their skills to 

test the vulnerabilities of existing systems.

Sometimes ‘ low-  tech’ techniques can be used too. The Guardian (2003) reported cases 

where criminals had impersonated  call-  centre staff in order to gain access to customer 

accounts!