Introduction to computer security
< استفاده از مطالب سایت فراکنش با ذکر منبع مجاز است.>
What is Security?
the state of being free from danger or threat.
synonyms: certainty, safe future, assured future, safety, reliability, dependability, solidness, soundness
A successful organization should have multiple layers of security in place:
Physical security: to protect the physical items, objects, or areas of an organization from unauthorized access and misuse.
Personal security: to protect the (group of) authorized individual.
Operations security: to protect the details of a particular operation or series of activities.
Communications security: to protect an organization’s communications media, technology, and content.
Network security: to protect networking components, connections, and contents.
Information security
Basic Components
An Information System is secure if it supports CIA:
Confidentiality
Keeping data and resources hidden
Integrity
Data integrity (integrity)
Origin integrity (authentication)
Availability
Enabling access to data and resources
The History of Information Security
Began immediately following development first mainframes
Developed for code-breaking computations
During World War II
Multiple levels of security were implemented
- Physical controls
- Elementary
Mainly composed of simple document classification
Defending against physical theft, espionage, and sabotage
The 1960s
Original communication by mailing tapes
Advanced Research Project Agency (ARPA)
Examined feasibility of networked communications
Larry Roberts developed ARPANET
Plan
Link computers
Resource sharing
Link 17 Computer Research Centers
Cost 3.4M $
ARPANET is predecessor to the Internet
The 1970s and 80s
– ARPANET grew in popularity
– Potential for misuse grew
– Fundamental problems with ARPANET security
Individual remote sites were not secure from unauthorized users
Vulnerability of password structure and formats
No safety procedures for dial-up connections to ARPANET
Non-existent user identification and authorization to system
– Rand Report R-609
Paper that started the study of computer security
Information Security as we know it began
– Scope of computer security grew from physical security to include:
Safety of data
Limiting unauthorized access to data
Involvement of personnel from multiple levels of an organization
The 1990s
– Networks of computers became more common
– Need to interconnect networks grew
– Internet became first demonstration of a global network of networks
Initially based on de-facto standards
– In early Internet deployments, security was treated as a low priority
2000 to Present
– Millions of computer networks communicate
– Many of the communication unsecured
– Ability to secure a computer’s data influenced by the security of every computer to which it is connected
– Growing threat of cyber attacks has increased the need for improved security
Challenges of computer security
1.Computer security is not simple
2.One must consider potential (unexpected) attacks
3.Must decide where to deploy mechanisms
4.Involve algorithms and secret info (keys)
5.A battle between attacker / admin
6.It is not perceived on benefit until fails
7.Requires constant monitoring
8.Too often incorporated after the design is complete (not integral)
9.Regarded as a barrier to using system
References
– Matt Bishop, Computer Security: Art and Science, the author homepage, 2004.
– Michael E. Whitman, Principles of Information Security: Chapter 1: Introduction to Information Security, 4/e, 2011.
– Chris Clifton, CS 526: Information Security course, Purdue university, 2010.
– Patrick Traynor, CS 8803 – Cellular and Mobile Network Security, Georgia Tec, 2012.