General Security Concepts

Computer Security refers to techniques for ensuring that data stored in a computercannot be read or compromised by any individuals without authorization. Most computer security measures involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A password is a secret word or phrase that gives a useraccess to a particular program or system.

Security is unlike any other topic in computing. To begin with, the word is so encompassing that it is impossible to know what you mean just by using it. When you talk about security, do you mean physical security of servers and workstations and protecting them from those who might try to steal them or from damage that might occur if the side of the building collapses? Or do you mean the security of data and protecting it from viruses and worms or from hackers and miscreants who have suddenly targeted you and have no other purpose in life than to keep you up at night? Or maybe security to you is the comfort that comes in knowing that you can restore files if a user accidentally deletes them. The first problem with security is that it is next to impossible for everyone to agree on what it means because it can include all of these items. The next problem with security is that we don’t really mean that we want things to be completely secured. If you wanted the customer list file to truly be secure, you would never put it on the server and make it available.

It is on the server because you need to access it and so do 30 other people. In this sense, security means that only 30 people can get to it and not anyone outside of the select 30. The next problem is that while everyone wants security, no one wants to be inconvenienced by it. To use an analogy, few are the travelers who do not feel safer by watching airport personnel frisk and pat down all who head to the terminal—they just don’t want it to happen to them. This is true in computing as well; we all want to make sure data is accessed only by those who truly should be working with it, but we don’t want to have to enter 12-digit passwords and submit to retinal scans. As a computer security professional, you have to understand all of these concerns. You have to know that a great deal is expected of you but few users want to be hassled or inconvenienced by the measures you must put in place. You have a primary responsibility to protect and safeguard the information your organization uses. Many times that means educating your users and making certain they understand the “why” behind what is being implemented.

Understanding Information Security

Information security narrows down the definition of security. The term information security covers a wide array of activities in an organization. It includes not only the products, but also the processes used to prevent unauthorized access to, modification of, and deletion of information.
This area also involves protecting resources by preventing them from being disrupted by situations or attacks that may be largely beyond the control of the person responsible for information security. From the perspective of a computer professional, you’re dealing with issues that are much bigger than protecting computer systems from viruses. You’re also protecting an organization’s most valuable assets from people who are highly motivated to misuse those assets. Fortunately, most of them are outsiders who are trying to break in, but some of these people may already be inside your organization and discontented in their present situation. Not only do you have to keep outsiders out, but you have to be prepared for the accountant who has legitimate access to files and wants to strike out because he did not get
as good a performance review as he thought he should. Needless to say, this job isn’t getting any easier. weaknesses and vulnerabilities in most commercial systems are well known and documented, and more become known each day.
Your adversaries can use search engines to find vulnerabilities on virtually any product or operating system. To learn how to exploit the most likely weaknesses that exist in a system,they can buy books on computer hacking, join newsgroups on the Internet, and access websites that offer explicit details. Some are doing it for profit or pleasure, but many are doing it just for the sheer thrill of it. There have been many glamorized characters on television and in movies who break into computer systems and do things they should not. When was the last time you saw a glamorized security administrator on such a show? If you make things look fun and exciting, there is some part of the audience that will attempt it.

Information security includes a number of topics of primary focus, each addressing different parts of computer security. An effective computer security plan and process must evaluate the risks and create strategies and methods to address them. The following sections focus on three such areas:

  •  Physical security
  •  Operational security
  •  Management and policies

from compTIA Security+ and Webopedia

Forwardbit Security categories:

Computer Security Gate

Network  Security  Gate

Network and  Security  Ebooks