Computer security

From Wikipedia

HomePage | Recent changes | View source | Discuss this page | Page history | Log in |

Printable version | Disclaimers | Privacy policy

Computer Security refers to the measures taken to assure that only the allowed persons or processes can control a computer system and have access to the data inside it. As computer systems serve increasingly important functions and hold more valuable data and, the importance of computer security grows. Systems are constantly becoming more complex, but as its possible to separate security-related parts from security-unrelated, this doesn't have to make security unattainable.

There are many similarities (yet many fundamental differences) between computer and real world security. Computer code is just form of mathematics. It's possible to prove its correctness, and it this way make computer system immune to many attacks. It's also possible to protect communication by means of cryptography. One method of encryption - one-time pad is proved to be unbreakable. Unfortunately it's very inconvenient to use. Other methods of encryption, while breakable in theory, are often virtually impossible to break by means we have today. One specific type of attack - denial of service is in practice very hard to prevent, because behavior of whole network needs to be analyzed, not only of small piece of code.

Social engineering and physical attacks can only be prevented by non-computer means, what is impossible to do realiably.

In practice, only a small fraction of code is mathematically proved or at least goes through extensive security audit, so it's usually possible for determined cracker to read, copy, alter or destroy data in well secured computer. You can reduce cracker's chances by keeping your systems up to date, using a security scaner or and hiring competent person responsible for security. The effects of data loss can be reduced by careful backing up and insurance.

'Computer security' may be generally accomplished by three distinct processes: 1) Prevention, 2) Detection, and 3) Response. Firewalls are by far the most common prevention systems from a network security perspective, while access controls and cryptography can protect systems and data, respectively. IDS or Intrustion Detection Systems are designed to detect network attacks in progress and/or assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems. "Response" is necessarily defined by the security requirements of an individual system and may cover the range from complete destruction of the system to notification of legal authorities, counter-attacks, and the like.

Today, computer security is composed mainly from "preventative" measures, like firewalls. We could liken a firewall to the building of a good fence around your warehouse. But not enough if you keep the fence unguarded (no monitoring), or if you hand a copy of the key to everybody that asks for it by phone (social engineering). If, to add insult to injury, it's widely known that you won't prosecute any trespasser, we could consider the firewall installation as almost an exercise in futility. However, many computer systems are not monitored, and the number of computer crackers to be really brought to justice is abysmally low. In that situation, it's no wonder you have no insurance; the policy would be enormous.

In short, lack of computer security today is a multi-pronged menace to which a multi-faceted defense is the only response. Buying an off-the-shelf software package is no substitute for a careful evaluation of the risks, the possible losses, the counter-measures and the security policies, done at a high enough company level.

Related topics: cryptology, cryptography, Physical Security, hacking, Secure coding practice, full disclosure.

/Talk