zeal and dedication in the unending war of computer security. . nerabilities in operating systems and communications software should be made public. Why Computer Security? Computer Security is important for protecting the confidentiality, integrity, and availability of computer systems and their resources. Basic Computer Security Practices. • Make backups of important files. • Apply patches to the operating system. • Use anti-virus software, update definitions very .
|Language:||English, Spanish, French|
|Genre:||Business & Career|
|Distribution:||Free* [*Registration needed]|
Computer System Security. Lecture 1 notes. 1) What is computer Security? • Something that cannot be bypassed. • Complete mediation. • Not vulnerable to. Intro to computer and network security. t o to co pute a d et o Application and operating system security . browsers, media players, PDF readers, etc.,. p y. systems. The second section presents a classification of security threats, and the last mechanisms and techniques for ensuring security of a computer system.
The specific DOD policies for ensuring confidentiality do not explicitly itemize the range of expected threats for which a policy must hold. Instead, they reflect an operational approach, expressing the policy by stating the particular management controls that must be used to achieve the requirement for confidentiality. Thus they avoid listing threats, which would represent a severe risk in itself, and avoid the risk of poor security design implicit in taking a fresh approach to each new problem.
The operational controls that the military has developed in support of this requirement involve automated mechanisms for handling information that is critical to national security. Within each level and compartment, a person with an appropriate clearance must also have a "need to know" in order to gain access. These procedures are mandatory: elaborate procedures must also be followed to declassify information. Some commercial firms, for instance, classify information as restricted, company confidential, and unclassified Schmitt, Even if an organization has no secrets of its own, it may be obliged by law or common courtesy to preserve the privacy of information about individuals.
Medical records, for example, may require more careful protection than does most proprietary information. A hospital must thus select a suitable confidentiality policy to uphold its fiduciary responsibility with respect to patient records. In the commercial world confidentiality is customarily guarded by security mechanisms that are less stringent than those of the national security community. For example, information is assigned to an "owner" or guardian , who controls access to it. With Trojan horse attacks, for example, even legitimate and honest users of an owner mechanism can be tricked into disclosing secret data.
The commercial world has borne these vulnerabilities in exchange for the greater operational flexibility and system performance currently associated with relatively weak security. Integrity Integrity is a requirement meant to ensure that information and programs are changed only in a specified and authorized manner. It may be important to keep data consistent as in double-entry bookkeeping or to allow data to be changed only in an approved manner as in withdrawals from a bank account.
It may also be necessary to specify the degree of the accuracy of data. Some policies for ensuring integrity reflect a concern for preventing fraud and are stated in terms of management controls. For example, any task involving the potential for fraud must be divided into parts that are performed by separate people, an approach called separation of duty. A classic example is a downloading system, which has three parts: ordering, receiving, and payment.
Someone must sign off on each step, the same person cannot sign off on two steps, and the records can be changed only by fixed procedures—for example, an account is debited and a check written only for the amount of an approved and received order. In this case, although the policy is stated operationally—that is, in terms of specific management controls—the threat model is explicitly disclosed as well.
Other integrity policies reflect concerns for preventing errors and omissions, and controlling the effects of program change. Integrity policies have not been studied as carefully as confidentiality policies.
Computer measures that have been installed to guard integrity tend to be ad hoc and do not flow from the integrity models that have been proposed see Chapter 3. Availability Availability is a requirement intended to ensure that systems work promptly and service is not denied to authorized users.
From a security standpoint, it represents the ability to protect against and recover from a damaging event. The availability of properly functioning computer systems e. Contingency planning is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system unavailable. Traditional contingency planning to ensure availability usually includes responses only to acts of God e. However, contingency planning must also involve providing for responses to malicious acts, not simply acts of God or accidents, and as such must include an explicit assessment of threat based on a model of a real adversary, not on a probabilistic model of nature.
For example, a simple availability policy is usually stated like this: "On the average, a terminal shall be down for less than 10 minutes per month.
This policy means that the up time at each terminal, averaged over all the terminals, must be at least A security policy to ensure availability usually takes a different form, as in the following example: "No inputs to the system by any user who is not an authorized administrator shall cause the system to cease serving some other user.
Instead, it identifies a particular threat, a malicious or incompetent act by a regular user of the system, and requires the system to survive this act. It says nothing about other ways in which a hostile party could deny service, for example, by cutting a telephone line; a separate assertion is required for each such threat, indicating the extent to which resistance to that threat is deemed important.
Non-verbal communications can be considered coded and may have different meanings to different recipients. Many times, non-verbal communication or gestures complement or negate the words spoken and may emphasize the words spoken or give them a different meaning than the meaning of the words spoken.
Strong observation and hearing is required to understand the non-verbal communications, particularly if they are embedded with secret signals. Sometimes, information needs to be communicated to only a few people and understood by only a few people, like the messages sent by kings, military commanders, diplomats, and other military people.
Since the early days of writing, kings and commanders in India used secret codes to send messages to other kings and commanders outside the state. During war time, secret messages were sent by a network using simple alphabetic substitutions often based on phonetics. The ancient Chinese used the ideographic nature of their language to hide meanings of words. In the past, sensitive messages were transported through trusted persons, were guarded and were stored in a secure environment, thus ensuring the security of information.
Julius Caesar 50 B. The Caesar cipher is named after Julius Caesar, who used simple coding techniques to protect messages of military significance. Caesar used a simple technique of replacing each letter in the plaintext by a letter shift of 3.
He used this method for all his military communications. It is unknown how effective the Caesar cipher was at that time, but there are incidences in the nineteenth century where the personal advertisements section in newspapers would sometimes be used to exchange messages encrypted using simple cipher schemes. According to Kahn , there were instances of lovers engaging in secret communications coded in Caesar cipher in The Times personal ads.
More complicated Caesar cipher was also in use by the Russian army during war times because it was difficult for their enemies to decipher. The need for communication not only helped in the development of many languages, but also the basic need to communicate with those at a distance resulted in the invention of telegraphs and telephones.
The telegraph is a communication system invented by Samuel Morse — , in which information is transmitted over a wire through a series of electrical pulses called Morse code.
Morse code is a series of dots and dashes. Telegraph operators used Morse code to code the plain text messages before transmission over the electric cable and at the receiving end, where operators translated the Morse code back to plain English. The electric telegraphs transformed how wars were fought, and how military commanders sent their messages to distant soldiers and commanders.
Rather than taking weeks to deliver messages by horse carriages and trusted messengers, information could be exchanged between two telegraph stations almost instantly. There are records of using telegraph systems during the Crimean war of — In the s, the Russian army used telegraphs for communication between field officers and headquarters.
After the telegraph, further inventions led to distance-based communication, such as radio and telephone. During the early days of distance-based communications, messages were disguised to protect the confidentiality and to avoid them being revealed to others. It is natural that the messages sent through the telegraph, telephone, and eventually the radio, were also expected to be disguised in the form of codes. With the advent of distance communication methods using radio signals, the use of cryptography became very important, especially for coordinating military operations.
Historically, we know that the French, American, and German armies were actively using various kinds of cipher methods during World War I. There is no doubt that the world wars had significant influence on the field of security.
Telegraphs, telephones, and radios have changed the meaning of communication. The demand for these services came from the railroads, the press, business and financial sectors, and private citizens.
However, it became even more important for military communication. The telegraph led to considerable improvements in the commanding of troops, but it also required qualified specialists. The invention of the telephone by Alexander Graham Bell in opened a new sphere of communication. Telephone connections required a significant amount of cabling, power, and time for laying, and the same cable could not be used for both a telephone and telegraph.
The invention of the radio became one of the greatest inventions in world history. Guglielmo Marconi was an Italian inventor who invented radio communication in which changed the world of communication, particularly in the military. However, messages sent through these devices were not protected and could be overheard by others. Messages sent over a telegraph line or radio link cannot be packed in an envelope and anyone who has access to the lines or a radio receiver could intercept messages and read everything without being identified.
Thus emerged the need for secure communication for the military as well as civilians and has become essential that even when messages are heard, nobody other than the intended listeners should make out the contents. Most pre-World War II military communication relied on the simple shuffling of words or a number representation for each word.
Other methods were easily decipherable using frequency analysis. During this time, Enigma emerged as a means of communication due to its complex encryption methods. Initially, he thought he could sell these machines to banks to make secure transactions over regular telephone and telegraph channels.
But neither banks nor the government showed any interest. After a few years, the patent went to Arthus Scheribus, who sold these machines to the German government.
During war time, Germans used Enigma to encode military commands over the radio. Enigma is an electromechanical device where you can set the rotor to a certain position and type the message just like a typewriter, for a mechanically encoded message.
The intended receiver needed to know the exact position of the rotor in order to decode the message.
The basic three-rotor Enigma with a 26 X 26 X 26 had 17, possible combinations of rotor states. The Enigma had three normal rotors and one reflector that could be set in one of 26 positions.
For ten pairs of letters connected to each rotor and six wheels, there could be as many as ,,,, possible states. This gave the Germans a huge advantage in the war. Each time the messages were generated using a different set of combinations and with billions of combinations, the German military thought that the Enigma messages would remain unbreakable. After Hitler was appointed Chancellor of Germany on January 30, , the Nazi Party began to consolidate their power by conquering neighboring countries.
Germany conquered most of Europe by , and then threatened Britain next. Britain and her allies were unable to understand the military strategy of Hitler and worried about the use of Enigma and the problem posed by this machine.
Even the early mainframe computers were put to use to try and break the Enigma code.
The Germans thought that the Enigma code was impossible to break because of the many key combinations. They also developed an electro-mechanical machine, called the Bomba, to break the Enigma code. During this process, they found two major flaws in the design. The Turing Bombe searched for the enigma settings for a given piece of plain and cipher text. Turing used his mathematical skills to decipher the Enigma codes.
Initially, Turing and his colleagues relied on guessing the content based on external information. This helped them to reduce the strength of the key and finally they were able to break the Enigma codes. The Turing machine is one of the major inventions during the world war apart from atom bombs.
The development of security has a military origin. Since the early days of World War II, breaking into any information is considered another technological challenge. As we described in earlier paragraphs, the German military relied on Enigma to encrypt all military communications in World War II, and to win the war, it became absolutely necessary for the allies to break the Enigma coded communication. The allies finally broke into it under the leadership of Alan M.
The work done by Turing and his colleagues in Bletchley Park brought a new dimension to cryptography in the modern world. Cryptography required an understanding of logic, statistical theory, information theory, and advanced technology. In the early days of computers, security was concerned only with the physical device and access to it.
Early mainframe computers were used to store government records, personal information, and transactional processing. The security was to safeguard the data stored in the computers. Hence, physical access to the location was guarded and very few personnel had access to this location. Access was only achieved by authorized photo identification. The entry and exit to the computer rooms were monitored to ensure that the device, as well as the data stored in the device, was secured.
The security concerns increased as the technology advanced from single user mainframes to multiuser systems. UNIX brought in the concept of authentication for secure access of files and data in a shared environment. However, the system needed to be configured properly. Misconfiguration of the system could lead to the exposure of data and files to other unintended users, thus creating security holes. Much of the UNIX system was developed by students as a research project by including many of networking utilities and protocols.
Since these programs were not written with proper design and are not formally tested, earlier versions of UNIX were buggy and could be exploited easily. In , the U.
The objective of this project was to develop a communication protocol that would allow computers to communicate transparently across different geographies. Today, billions of users are connected across the globe on the Internet which continues to grow exponentially.
The basic need of a computer network is to share information on the network. A Sendmail protocol allows for the sending and receiving of e-mails from one system to another. Today, the WWW has changed the way we live, how we interact with others, share information, how we download and sell goods and do business.
On the WWW, you can share texts, pictures, images, video, and audio files. To support different applications on the web, multiple utilities and protocols have been developed. With the rise in e-commerce, not only the good guys transact on the web, but we also find many bad guys out there attempting to steal information and make a profit.
The United States Cyber Command was created in  and many other countries have similar forces. Cybersecurity is a fast-growing field of IT concerned with reducing organizations' risk of hack or data breach. The fastest increases in demand for cybersecurity workers are in industries managing increasing volumes of consumer data such as finance, health care, and retail.
Typical cyber security job titles and descriptions include: Student programs are also available to people interested in beginning a career in cybersecurity. In the United Kingdom , a nationwide set of cyber security forums, known as the U. K Cyber Security Forum , were established supported by the Government's cyber security strategy  in order to encourage start-ups and innovation and to address the skills gap  identified by the U. K Government. From Wikipedia, the free encyclopedia.
Main article: Vulnerability computing. Social engineering security. Spoofing attack. See also: Medical device hijack and Medical data breach. Secure by design. Vulnerability management.
Computer security compromised by hardware failure. Security-evaluated operating system. Secure coding. Main articles: Access control list and Capability computers. Further information: List of cyber-attacks and List of data breaches. Morris worm. Global surveillance disclosures —present. Ashley Madison Data Breach. Computer emergency response team. Ross J. Denning Peter J. Neumann Susan Nycum Roger R.
Stolfo Willis Ware Moti Yung.
Journal of Digital Forensics, Security and Law. New Directions in Theory and Methods". Politics and Governance. Archived from the original on 12 October Retrieved 4 August Archived from the original on 6 August Retrieved 12 November MSSP Alert. July 24, SC Magazine UK. Informa PLC. Archived from the original on 13 September Archived PDF from the original on 3 December Financial Times 25 Feb Archived from the original on 23 June Retrieved 7 May Associated Press.
Archived from the original on 20 May Retrieved 20 May Archived from the original on 30 June Oxford Reference. Oxford University Press. Retrieved 8 October Handbook of Biometric Anti-Spoofing: Advances in Computer Vision and Pattern Recognition. Ars Technica. Archived from the original on 4 August Retrieved 3 August Reimers, D.
South African Computer Journal. Emory Law Journal. Minnesota Law Review. CNN Money. Cable News Network. Archived from the original on 18 February Retrieved 16 April Archived from the original on 17 October Retrieved 4 November Zellan, Aviation Security. Hauppauge, NY: Nova Science, , pp. Archived from the original on 8 February Archived from the original on 13 October Archived from the original on 12 December Archived from the original on 19 March Archived from the original on 13 March Retrieved 15 June Cybersecurity Firms Are On It".
Archived from the original on 11 February Archived from the original on 18 December Breach may have affected 1. Archived from the original on 21 December Retrieved 21 December Archived from the original on 1 December Retrieved 29 November The New York Times. Archived from the original on 2 November FBI warns healthcare sector vulnerable to cyber attacks". Archived from the original on 4 June Retrieved 23 May Archived from the original on 5 January Retrieved 12 October Infosecurity Magazine.
Archived from the original on 9 November Retrieved 8 November Archived from the original on 27 March Retrieved 29 March Archived from the original on 29 March What we know now". Archived from the original on 4 January Retrieved 4 January Only Released Gigabytes So Far". Business Insider. Archived from the original on 17 December Retrieved 18 December Lee 18 January Archived from the original on 17 March Archived PDF from the original on 9 November It will take a 'major event' for companies to take this issue seriously".
Archived from the original on 20 January Retrieved 22 January The Guardian. Archived from the original on 16 March Berkeley, CA, US: Archived PDF from the original on 21 February Archived from the original on 19 January The Independent. Archived from the original on 2 February The Telegraph. The Government". Archived from the original on 14 February Archived PDF from the original on 21 January Anonymous' Operation Megaupload explained".
Archived from the original on 5 May Retrieved 5 May Autistic 'hacker' who started writing computer programs at 14". The Daily Telegraph. Archived from the original on 2 June BBC News. Archived from the original on 6 September Retrieved 25 September Archived from the original on 7 March Retrieved 30 January Archived from the original on 5 June Retrieved 5 June Archived from the original on 6 June Archived from the original on 24 June Education Week.
Archived from the original on 10 June Archived from the original on 26 June Retrieved 26 June Archived from the original on 27 June Science Fiction or Business Fact? Harvard Business Review. River Publishers. Archived PDF from the original on 12 October Archived from the original on 14 May Dark Reading. Archived from the original on 29 May The Daily Beast. Cybersecurity In ". Archived from the original on 29 December Retrieved 29 December Wirtschafts Woche. NBC News.
The Register. Archived from the original on 16 November Next dump is sansad. The Indian Express. RT International. CBS Boston. Archived from the original on 29 September Healthcare IT News. The Verge. Archived from the original on 28 December Archived PDF from the original on 29 December Daily Energy Insider. Retrieved The Economic Impact of Cyber-Attacks. Washington DC: The Library of Congress. Journal of Contemporary Criminal Justice. Archived PDF from the original on 20 November Janalta Interactive Inc.
Archived from the original on 3 October Retrieved 9 October Archived from the original on 13 July Archived from the original on 20 August Retrieved 13 July Archived from the original on 25 September Vulnerability Management , page 1. Find Hidden Vulnerabilities Synopsys".