Computer and Network Security: A Short Primer

Frederick M. Avolio
3/10/98
The majority of people in the civilized world now use computers, to be sure. More and of them are not only being networked — connected — together, but they are also often connected to the world wide Internet. Like chicken pox running through a class of 7 year olds, security problems in one computer can affect — and infect — all the computers in a home, classroom, or office.

What’s the problem? Why is it so easy for someone to do damage to your computer or read or change your files? Really, it isn’t that easy, but computers are very complex tools. And complexity and security often run counter to each other. People want their computers and networks to be safe, powerful, and easy to use.

Computer and network security is a multidimensional problem, requiring solutions that are multidimensional. This will be a short tour of the network and computer security space, briefly describing the threats as well as the countermeasures.
 

At the Desktop

Computers, even those unconnected to others, can share things used by other computers: removable disks and the files they contain. Computer viruses are the most common and well-known attack against computers. Computer viruses are programs that imbed themselves in other programs and perform malicious actions against the computer, usually the destruction of data files. Antivirus software recognizes patterns of known viruses, takes the bad or "infected" file, and removes the file or cleans it up.

Notebook computers are especially susceptible to the theft of files in data, simply because they themselves are easily stolen. To protect sensitive files, programs that encrypt important files are an especially good defensive measure. Encryption programs scramble data in a file in such a way that only the owner of the file, or someone to whom he has given permission, can access the information to read it or change it. One can think of this encryption as "locking." Encryption software to lock files and folders against snoopers cannot keep someone from stealing a notebook PC, but any private data on the computer is safe if it is so locked. Such software can have an emergency access for the owners of the data — the user or the company for which she works — should the person who locked the data be unavailable.

Another important use for cryptography at this level is the digital signature. This is not a computer image of someone’s hand written signature (a "wet signature in the vernacular). It is a method of using cryptography to make a mathematical model of the data in the file and encrypt it in such a way that it can be shown that the file has not been modified. It can also be used to prove ownership.
 

At the Server and Inside Network

Encryption programs can safeguard files on a server system, our next security domain. Files on servers used by many people have to be protected to keep someone from accidentally, or purposely, reading another’s private information. Servers can also be protected with intrusion detection software. Like motion detectors in a building, but much more sophisticated, these software packages running on a server can recognize unauthorized or unusual actions on the computer and sound an alarm as well as putting a stop to the behavior. Intrusion detection software can also correct changes, such as replacing a modified web page with the correct original. A scanner is a less elaborate kind of intrusion detector. A scanner can run a systems check on a server, reporting on changes or possible security problems (kind of like the last person out of the building checking to make sure all the locked cabinets and doors really are locked).

Intrusion detectors and scanners may also be used on the inside network itself. Insiders perpetrate most computer crimes, mandating monitoring of the inside network. Also, because users of a network can unintentionally introduce insecurities, network intrusion detection devices can be used to keep watch on the security perimeter, making sure it is unchanged, making sure it is intact.

Speaking of the network, the information that flows over that network is also vulnerable to attack through snooping or eavesdropping. It is possible to program a computer to "listen in" on all information flowing over the wire used for the office network or for the Internet. Again here, to protect the privacy of the data, we employ encryption.
 

On the Internet

The final domain of security is the network security perimeter, protecting a private network from outsiders while giving some access to the Internet from the private network. The use of a private connection, called a Virtual Private Network (VPN), prevents eavesdropping on communications. On the scene for two or three years, they are just recently coming into common use. Encryption insures that only the invited parties of a conversation (computers communicating with other computers, for example) can understand that conversation. The communication flow is encrypted (scrambled). Someone can "eavesdrop" on the communication, but the snoop can understand nothing. This can be set up between computers in an office, between offices communicating over the Internet, or from a mobile PC at a trade show, or from a hotel room in a foreign city.

The same sort of technology is available for e-mail. Software allows someone to "seal" an e-mail message against snoopers. This technology protects the contents of files or messages; only the recipients and sender — only those authorized by the owner of the information — have access to the information.

The device most relied upon is the Internet firewall. The purpose of an Internet firewall is to provide a single point of defense with controlled and audited access to services. These are like guards at guardposts, or the security gateways at airports. Usually a firewall sits between a private, to-be-protected network and another network, such as the Internet. A firewall controls network services, allowing some and denying others. As a controlled gateway, it limits who and what can come through the firewall. Further, it enforces other security checks, such as scanning files for viruses as they pass through the firewall.

User authentication — identification of an individual — along with access control mechanisms are a necessary part of access control. Tools such as these, using cryptographic-based authentication tokens and access control lists, provide protection against unauthorized access to services and data, while allowing legitimate access (an enabling technology). This can be comparable to color coded badges and an escort for an individual through a secure facility.
 

The Stuff that Pulls it Together

We’ve not mentioned digital certificates in this discussion yet. They are what make user authentication and encrypted communications work for large numbers of people. Using cryptographic means, they provide an electronic identification card containing information about what organization vouches for a person’s identity. Additionally it can provide a mechanism for the individual to "digitally sign" computer files, and for others to send private (encrypted) information to that user.

The most important steps before anyone decides on or deploys any security mechanisms on their computers or networks are the planning and the development of a security policy. For security management, planning means doing a business needs analysis and a risk analysis, often starting with a security survey. A risk analysis is an organization's review of potential threats to its network and its estimate of the probability of those threats occurring. Typically, a risk analysis attempts to answer such questions as "What am I trying to protect and what is it worth?" and "What are the threats, vulnerabilities, and risks?" You ask a lot of "What if ...?" and "What would happen if ...?" questions. A risk analysis ensures that a security policy matches reality.

After the risk analysis and business needs analyses are complete, a corporation can deploy an computer and network security policy, stating what is permitted and what is denied, and what methods and mechanisms are used to protect the private network.

Computer and network security is a multidimensional problem, requiring a multidimensional approach to security. Typically, organizations start with desktop security, such as anti-virus software. As they expand to Internet connectivity, they deploy perimeter defense mechanisms, such as firewalls. As the organization needs more sophisticated network access, it puts in place user authentication devices and VPNs. Intrusion and misuse detection devices are often next. Then firewalls and intrusion detection are spread across an internal network, as access criteria becomes more granular.

Computer, network, and Internet use are here to stay, and will continue to grow. The threats are real. But then, so are the countermeasures.