Basic Computer Security
Basic Computer Security
Computer security is always changing. New hardware and new software arrive constantly, and the rapid evolution of Internet technologies only compounds the problem. New systems, and even changes in existing systems, require new security analyses. Beyond the technology evolution, changing business requirements demand system changes as well.
Key Security Issues
Computer security has many enemies, including complexity, flexibility, and people. Complex software has bugs, which can be exploited by an adversary. Very flexible software is difficult to configure correctly, which leads to errors. An excessive number of users leads to diffusion of the responsibility for security.
Complexity
Software has bugs, and more complex software has more bugs. Sometimes bugs are fairly harmless. When they are not, they may open paths of attack. This kind of bug often occurs when software is given unexpected inputs. Although the software may work when the input is within bounds, it may fail in dangerous ways when an adversary drives it outside its intended regime. For example, a network application may fail to check the length of character strings submitted over the network. An adversary sends a very long string, which overwrites the application’s stack, causing it to execute code sent by the attacker. The adversary now has all the privileges of that application, which may include access to the entire system.
Flexibility
Complex systems are often difficult to configure correctly. Configuration entries may appear innocuous but have great consequences for security. Systems that are changed frequently are particularly vulnerable to such problems, and frequent change is common for Internet systems responding to changing business requirements. For example, suppose that a user asks that a file be made readable to everyone temporarily. When the immediate need is over, no one remembers to change it back, leaving a part of the system unprotected.
People
Generally speaking, the more people who have access to a computer, the less secure it will be. Although most multiuser computers go to some trouble to isolate users from one another, that isolation is effective only if carefully administered.
Security Principles
When constructing applications for networked computers, the following principles are useful to help ensure the security of the system.
Complex applications may be unavoidable, along with their attendant bugs. One way to help protect such a system is to isolate it from some kinds of network access with a firewall. A firewall limits the kinds of network traffic allowed through to the end system. In practice, a firewall system should be simple enough so that the correctness of the firewall implementation and configuration can be easily evaluated. If you have some complex software, protect it from the bad guys with some simple software.
- Limit changes in system configuration.
Every change in the configuration of the system is a potential source of security problems. Obviously, a mistake in configuration may open a hole, but sometimes even a seemingly correct change may cause a problem in combination with other configuration options. In any event, careful records of changes are essential. If you do not understand the configuration of the system, you do not understand its security.
- Consider new versions carefully.
New versions of software may offer attractive new features, but they may also have unknown security problems. You may need some time to learn how to operate them securely. Of course, it is important to track and install patches for security problems as quickly as possible, but other changes should receive cautious deliberation. New software is seductive, but it may be dangerous.
Possibly related posts: (automatically generated)
Basic Computer Security
- Why your Computers get attacked and how? PC Privacy Security Issues
- Wireless Security Issues
- Hardware Public Key Storage vs. Software Public Key Storage
- Website Hosting Sever, some Pitfalls you need to avoid part 2
- Inexpensive Firewalls for SOHO Environments
- Count on Mobile Software
- Security Facilities in Java
- How Public Key Generate and Store
- Basic Network Security Measures Part 1
- Basic Network Security Measures Part 3
- October 24th
This summer, Symantec and keepsake are taking the initiative on the road with nationwide Norton Connected and Protected mobile tour, an Internet safety classroom on wheels boasting 21 computers manned by a knowledgeable staff ready to answer questions about Internet safety. … Symantec Corp
In the same way as an encyclopaedia can be built by gathering the knowledge of all Internet users, by collecting information on all the malware installed on Internet users’ computers, a collective intelligence system can be formed, based systems. … Internet Safely
Once we receive your transmission, we will take reasonable precautions to ensure its security on our systems. … Surveillance System Complete
We love what we do, and we want to share our stories about imaging and its power to influence our world. … Skin Care Rx
This is the most popular type of domain name for companies and individuals who trade or live in the UK. … Domain Name Hosting
Cisco IOS Software is the world’s leading network infrastructure software, delivering seamless integration of technology innovation, business-critical services, and hardware support. … Leading Network Infrastructure Software
Virus 2007 software is fully installed and registered, the limited warranty will qualify you to receive reimbursement hardware damage resulting from a virus on your three (3) Pac s. … Trial Software