Computer Security

Computer Security

Since computers are used for high value and mission critical applications, their security is important. Hackers try to compromise computer installations both for fun and financial gain. Computer security professionals have a challenging task, because despite millions of things they do right, just one loophole is enough for the system to be compromised. Since more and more computers are becoming connected to Internet, this risk can only increase. To further complicate the matter, computer systems were originally designed primarily in university settings and the security was never given importance in the design. However, pulling the wire and isolating your computer from the network is probably not the smartest option. In the future computers may become ubiquitous and wearable. In both cases, stakes of not providing enough protection are very high. Many operating system developers were giving importance to GUI, making it easy for users to access and use computers. The security, again, was ignored until recently. As a result, identity thefts, phishing, financial and intellectual property theft are on the rise, day by day. Computer Security can be viewed from the broader perspective of information warfare. The objective of computer security is to defend your computer system from threats. A threat can be accidental or intentional. Either way, the computer system needs to be protected. The counter measures can be prevention, detection and reaction. Prevention deals with safeguarding systems from attacks. No matter what you do, attacks can still happen. Should a threat be realized, the system should be able to detect it, and react in such a way that the damage is minimized.

Security Approaches

Securing a computer system could mean creating a perimeter (like a fence) that protects the systems within it. Any intruder would now need to compromise the perimeter before they can attack the computer system. The main problem with this approach is that, it does little to protect from attacks within. Another approach would be to create multiple layers of security. Each layer is specifically designed to protect the computer system. The layers can be system monitoring, user profiling, vulnerability assessment, encryption etc. While layered approach seems to be appealing, the major problem is its complexity. Security can be proactive or reactive. In proactive approach, the system anticipates potential threats and takes proactive measures to safeguard the system. In reactive system, the system tries detect attacks, as they happen and takes steps to minimize damages. Modern security systems are normally hybrids of above mechanisms.

Security Terms

Some of the most commonly used security terms are discussed below. A threat is something that can cause a security problem. For example, fire is a threat since it can destroy computer systems. A threat can be internal or external. A hacker would be an external threat. A dishonest employee could be an internal threat. An attack is a realization of threat. Safeguards protects systems from possible threats. A password is a safeguard that prevents an unauthorized user from logging on. A vulnerability is absence of safeguard or weakness in the safeguard. An account without password is a vulnerability. Risk is the estimated cost of a vulnerability. Risk assessment examines two factors, one is the cost incurs in the event of an attack, and the probability of an attack occurs exploiting the vulnerability. An attack that may never happen and an attack that might cost nothing are not of big concern. A security domain is an area in which security must be enforced. There are different types of security that may be enforced:
  1. Physical Security (physical protection -- e.g., armed guard posted outside a data processing center)
  2. Personnel Security (making sure all employees are trustworthy -- e.g., periodic background checks of database administrators
  3. Administrative Security (making sure that policies and procedures are conducive to system security.)
  4. Media Security (protecting media containing data. e.g., hard disks are wiped clean before the old computers are sold.)
A security policy is a set of rules pertaining to all security related activities with respect to ensuring security in a security domain. For example, do not share your password with anyone; do not use your first name as the password; do not post your password on the wall; and so on.

Security Properties

Ensuring security means ensuring all or any of the following security properties.
  1. Confidentiality (e.g., information not disclosed to unauthorized users)
  2. Integrity (e.g., information is not modified by unauthorized users)
  3. Authenticity (e.g., making sure that a user is really who she claims she is)
  4. Availability (e.g., a system is available to its authorized users)
  5. Non-repudiation (e.g., a user should not be able to deny what he did)

Privacy Vs Confidentiality

Confidentiality is general and deals with all kinds of information including intellectual property and trade secrets. Whereas, privacy is usually about personal information, such as, social security numbers, pay etc.

Hacker

Originally the term "Hacker" referred to a smart programmer, who can come up with clever programs. However, these days, someone who (illegally) breaks into computer systems is often referred to as a hacker. There are different kind of hackers.
  1. White Hats: self claimed "good" hackers. They break into system to uncover vulnerabilities.
  2. Black Hats: hackers break into system, often, for stealing information or for doing something bad.
  3. Grey Hats: often between the above two. Sometimes ethical, sometimes not.
Other hacker terms: script kiddies are want-to-be hackers, who normally run scripts (written by others) to break into systems; cyber terrorists try to make a political statement or promote their propaganda using their hacking skills.

Security Audit

Security audits see how well the security policy is enforced. Security audit includes risk assessment, vulnerability testing, and constant verification for determining the adherence to the established policies. Security audits are often conducted by outside firms although they may also be conducted internally. Internal audit, however, may be biased because the personnel are from within the organization. Next: Security Tools and Resources.

You may share this article on Facebook.