security 1

Introduction to computer security

security 1

 

< استفاده از مطالب سایت فراکنش با ذکر منبع مجاز است.>

What is Security?

the state of being free from danger or threat.

synonyms:  certainty, safe future, assured future, safety, reliability, dependability, solidness, soundness

A successful organization should have multiple layers of security in place:

—Physical security: to protect the physical items, objects, or areas of an organization from unauthorized access and misuse.

—Personal security: to protect the (group of) authorized individual.

—Operations security: to protect the details of a particular operation or series of activities.

—Communications security: to protect an organization’s communications media, technology, and content.

—Network security: to protect networking components, connections, and contents.

—Information security

Basic Components

An Information System is secure if it supports CIA:

—Confidentiality

Keeping data and resources hidden

—Integrity

Data integrity (integrity)

Origin integrity (authentication)

—Availability

Enabling access to data and resources

security

The History of Information Security

Began immediately following development first mainframes

—Developed for code-breaking computations

—During World War II

—Multiple levels of security were implemented

  • Physical controls
  • Elementary

—Mainly composed of simple document classification

—Defending against physical theft, espionage, and sabotage

The 1960s

Original communication by mailing tapes

Advanced Research Project Agency (ARPA)

—Examined feasibility of networked communications

Larry Roberts developed ARPANET

Plan

—Link computers

—Resource sharing

—Link 17 Computer Research Centers

—Cost 3.4M $

ARPANET is predecessor to the Internet

The 1970s and 80s

– ARPANET grew in popularity

– Potential for misuse grew

– Fundamental problems with ARPANET security

—Individual remote sites were not secure from unauthorized users

—Vulnerability of password structure and formats

—No safety procedures for dial-up connections to ARPANET

—Non-existent user identification and authorization to system

– Rand Report R-609

—Paper that started the study of computer security

—Information Security as we know it began‏

– Scope of computer security grew from physical security to include:

—Safety of data

—Limiting unauthorized access to data

—Involvement of personnel from multiple levels of an organization

The 1990s

– Networks of computers became more common

– Need to interconnect networks grew

– Internet became first demonstration of a global network of networks

Initially based on de-facto standards

– In early Internet deployments, security was treated as a low priority

2000 to Present

– Millions of computer networks communicate

– Many of the communication unsecured

– Ability to secure a computer’s data influenced by the security of every computer to which it is connected

– Growing threat of cyber attacks has increased the need for improved security

Challenges of computer security

1.Computer security is not simple

2.One must consider potential (unexpected) attacks

3.Must decide where to deploy mechanisms

4.Involve algorithms and secret info (keys)

5.A battle between attacker / admin

6.It is not perceived on benefit until fails

7.Requires constant monitoring

8.Too often incorporated after the design is complete (not integral)

9.Regarded as a barrier to using system

ادامه مطلب و دانلود مقاله

References

– Matt Bishop, Computer Security: Art and Science, the author homepage, 2004.

– Michael E. Whitman, Principles of Information Security: Chapter 1: Introduction to Information Security, 4/e, 2011.

– Chris Clifton, CS 526: Information Security course, Purdue university, 2010.

– Patrick Traynor, CS 8803 – Cellular and Mobile Network Security, Georgia Tec, 2012.

1 پاسخ

دیدگاه خود را ثبت کنید

تمایل دارید در گفتگوها شرکت کنید؟
در گفتگو ها شرکت کنید.

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *