Information from OIR concerning State of TN Information Systems:
Today, worms, viruses, Trojan horses, and Denial of Service attacks are all too familiar. The information you are about to learn will give you guidance and help you develop good computer 'habits'.
* Acceptable Use Policy - policy that identifies specific actions or behaviors that are acceptable as well as those that may result in the termination of a user's account
* Access rights - controls designed to restrict access to computer resources available to the authorized users and programs
* Internet Service Provider (ISP) - an organization, such as the Office for Information Resources (OIR), that provides users with some combination of email, and Internet access
* Password - a confidential character string used to authenticate a user's identity before granting network and applications access
* Patch - a temporary fix to an identified problem in the operating system or software
* Peer-to-peer - a communications model in which each party has the same capabilities and either party can initiate a communication session
* Policy - high level overall statement of goals (tells what is to be done)
* Procedures - An ordered set of tasks for performing some action (tells how to do something)
* Trojan horse - a program that hides inside an authorized program and performs an unauthorized function. It typically takes over legitimate user's access rights and gathers information that the perpetrator should not have. Trojan horses can gather passwords for later unauthorized access to information resources.
* User and Client - any person or entity that has been granted authority and rights to access the WAN
* Virus - a fragment of a computer program that copies itself into another program and modifies the original program. It does not run independently of another program, but it does reproduce itself and infects other programs. Some viruses become active at a certain date or time. A virus may infect any computer storage device. It degrades computer performance and alters software performance or processing
* Wide Area Network (WAN) - interconnected State Local Area Networks that span the entire state
* Worm - an independent program that reproduces itself from one networked computer to another. Worms do their damage by taking information processing away from legitimate tasks and can cause a system to shut down.
Computer security is all of the efforts (both technical and managerial) required to protect information assets and physical assets from misuse, improper disclosure, improper alteration, or abuse. Security breaches range from simply proving that access to a computer network can be attained to actually destroying or stealing information or other valuable assets. Because of the interconnectivity among networks in the State's environment, we are only as strong as the weakest link. Therefore, all network users have to be vigilant and adopt behaviors to protect our information resource assets.
* Probes and scans - attempts to gain access or discover information about remote computers
* Account compromise - discovery of user accounts and their passwords
* Packet sniffing - capturing data that is sent across a network; the data can contain sensitive information like passwords
* Denial of Service - flooding a network with requests that can overwhelm it and ultimately make a computer slow down or ultimately crash
* Malicious code - Trojan horses, worms, viruses
* Poor Device configuration - computers and other network devices that have been configured to allow unnecessary services or are not properly patched
* Weak physical access controls - computers and other network devices are not physically protected from intruders
There are other forms of cyber vandalism or cyber destruction. One of our objectives as stewards of State resources is to protect State of Tennessee information resources from these threats.
In the State's environment, skilled and trained technicians, frequently referred to as Systems Administrators, are responsible for the maintenance of the infrastructure and the devices attached to it. These technicians identify and defend the network against probes, scans and Denial of Service attacks. They maintain software and systems that identify and remove potentially malicious code. They are responsible for initial system configurations and subsequent patches. They are responsible for adding and removing users, devices and software. Users are responsible for protecting their passwords and should not post them to the monitor or share them with any other user or technician. Users are generally responsible for creating backup copies of files or data located on the workstation that is assigned to them.