Security Concepts

What is Security?
Security is a combination of devices and mechanisms designed to protect something of . This is accomplished by controlling or preventing access to the area where the valuables are kept.

What is Computer Security?
Computer Security is a combination of devices and mechanisms designed to protect information on a computer network from those who do not have the required access permission.

Protecting the Perimeter
A fortified wall protects an attack on the castle by preventing access within its perimeter. If you need to get inside the wall, you need to pass through a guarded gate. If you are not a threat to the castle, you will be allowed within the perimeter. With computer security, you may consider your computer or computer network to be the castle. A fortified wall in computer security is referred to as a Firewall.

Firewalls
Firewalls exist to either permit or restrict access to a computer network. The Firewall is really like the guard at the gate. If proper authentication is determined, access will be allowed. Firewalls will work in one of two ways.

  1. Remember, information is sent along a network in a series of packets. Using TCP/IP, the files are broken down into packets, information is placed within a header of the packet that determines where the information is going to and how it should be reassembled. The Firewall will examine the packet information and determine its origin. If the information authenticates with the required permissions, and the is coming through the correct door, access is granted. This is usually invisible to the user. That is until access is not granted.

  2. The other way a Firewall may be set up is to require showing ID at the door. Before a user is granted access to the network, they must provide a user name and password. Once this information is obtained, you can grant or restrict access to your network, or just portions of it. Computer Security experts usually consider this to be the only true form of Firewall.

For more information on Firewalls and how they work:

Firewall Q&A (courtesy Vicomsoft)

My Recommendation

Millions of users have made ZoneAlarm the most trusted Internet security solution available. The award-winning personal firewall automatically blocks dangerous Internet threats - known and unknown - guarding your PC from hackers and data thieves. ZoneAlarm provides the basic protection individuals need to secure their PC and keep their valuable information private.

 

ZoneAlarm is free for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions). For-profit business entities, governmental entities, or educational institutions, your license will be free for an introductory sixty (60) day period but you must purchase a valid end-user license after 60 days in order to continue using the software.

ZoneAlarm makes it easy. Unlike other personal firewalls, ZoneAlarm protects automatically from the moment it's installed - no programming required. ZoneAlarm barricades your PC with immediate and complete port blocking. And, then runs in Stealth Mode to make your PC invisible on the Internet - if you can't be seen, you can't be attacked.

ZoneAlarm delivers simplicity without compromising your security. A getting started tutorial explains controls and alerts to get you up and running quickly. And, to keep you confident that you're always protected, intuitive color-coded alerts rate security risks - in real time.

Secure Sockets Layer Protocol
SSL provides a way for secure on-line communications between a client and a server. When a secure webpage is requested from the client, the server will send a certificate key which will allow you to verify that the web site you are currently on is the one you think you are on. This digital certificate is the electronic equivalent of a business license. Server IDs are issued by a trusted third party,called a Certification Authority (CA). Once the protocol establishes that the certificate is valid, an encryption key is sent to the client. All information transferred at this point is encrypted (scrambled) and can only be decrypted (unscrambled) by the decryption key on the server.

128-bit SSL encryption is the world's most powerful and has never been broken over the Internet. According to RSA Labs,it would take a trillion- trillion years to crack using today's technology. The encryption power of Global Server IDs make them ideal for sites that exchange sensitive, personal information, such as credit card numbers, with customers.

For more information on securing your site and digital certificates:

Securing Your Website for Business (courtesy VeriSign - requires registration)
Secure Sockets Layer (courtesy Netscape)

My Recommendation

VeriSign, Inc. (Nasdaq:VRSN) is the leading provider of digital trust services that enable businesses and consumers to engage in commerce and communications with confidence. VeriSign's digital trust services create a trusted environment through three core offerings—name services, authentication services, and payment services—powered by a global infrastructure that manages more than five billion communications and transactions a day.

Intruder Alert
The security of the castle is only as strong as its weakest gate. What puts a gate or Firewall at risk?

  • Loopholes within applications may provide a backdoor to a network. See Trojan Horses below.
  • Access can be gained by using another users login information. This information may be gained by contacting a person within an organization and asking them for their login information to their network. Typically, the attacker would lie about who they are (obviously). This is referred to as social engineering.
  • If passwords are too simple, it is possible for an attacker to guess them.
  • A dial-up modem attached to a computer on the network may be used to access the network through a backdoor.
  • The users of the network. What are they doing with the information they have access to.

Remember - Firewalls control access to a network, they can not control what a user does once they are within that network.

Be on the look out for:

Hackers - Individuals whose main goal is to crack the security of computer networks. They thrive on being able to get inside a network. Sometimes that is their only motivation. Unfortunately, they may be there to steal corporate secrets or confidential information, or just be malicious and destroy files and applications.

Viruses - Designed to wreak havoc on individual computer systems, a virus is a computer application that attaches itself to (infects) other applications or documents. In order for it to be a true virus, it must be self replicating. This means the virus will add itself on to other applications and documents on your system. Viruses, although not a good thing, are not always destructive.

Worms - Like viruses, worms are self replicating however, they attempt to effect more computer systems than individual computer files. Most commonly, a worm takes the form of an executable program that when it is run, triggers a series of events - in particular, sending copies of itself over a network to other computer users.

Trojan Horses - These do not replicate themselves but can be equally damaging as viruses. Usually disguised as a useful application, when they are run they begin to do damage.

Virus Detection and Prevention Tips

  1. Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
  2. Do not open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know. Some viruses can replicate themselves and spread through email. Better be safe than sorry and confirm that they really sent it.
  3. Do not open any files attached to an email if the subject line is questionable or unexpected. If the need to do so is there always save the file to your hard drive before doing so.
  4. Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network.
  5. Do not download any files from strangers.
  6. Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site. If you're uncertain, don't download the file at all or download the file to a floppy and test it with your own anti-virus software.
  7. Update your anti-virus software regularly. Over 500 viruses are discovered each month, so you'll want to be protected. These updates should be at the least the products virus signature files. You may also need to update the product's scanning engine as well.
  8. Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
  9. When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments. Not executing is the more important of these caveats. Check with your product vendors for updates which include those for your operating system web browser, and email. One example is the security site section of Microsoft located at http://www.microsoft.com/security.
My Recommendations


Norton AntiVirus™ is the world's most trusted antivirus solution. Now it repairs common virus infections automatically, without interrupting your work. It scans and cleans both incoming and outgoing email, and defends against script-based viruses such as "I Love You" even between virus definition updates. Protect your PC today with award-winning Norton AntiVirus!

www.symantec.com

McAfee VirusScan
McAfee VirusScan technology detects and removes all types of known viruses from any source-including e-mail attachments, Internet downloads, shared disks, CD-ROMs, and synchronization with your PDA. McAfee VirusScan software also detects destructive ActiveX and Java applets, which are often downloaded without your knowledge while you browse.

www.mcafee.com
AVG Anti-Virus System - Version 8.0
Here's an excellent, freeware anti-virus utility that also offers you free monthly updates. An easy-to-use program, AVG features resident protection, an E-mail scanner and automatic healing of infected files.

http://grisoft.com/

 

modifed: 2008-05-26
Google
web www.digitalvertebrae.com
Exercises
The exercises for this week are listed below and available in PDF or MS Word formats.
 
©2009 Web Site Development: an introduction