What’s the problem? Why is it so easy for someone to do damage to your computer or read or change your files? Really, it isn’t that easy, but computers are very complex tools. And complexity and security often run counter to each other. People want their computers and networks to be safe, powerful, and easy to use.
Computer and network security is a multidimensional problem, requiring
solutions that are multidimensional. This will be a short tour of the network
and computer security space, briefly describing the threats as well as
Notebook computers are especially susceptible to the theft of files in data, simply because they themselves are easily stolen. To protect sensitive files, programs that encrypt important files are an especially good defensive measure. Encryption programs scramble data in a file in such a way that only the owner of the file, or someone to whom he has given permission, can access the information to read it or change it. One can think of this encryption as "locking." Encryption software to lock files and folders against snoopers cannot keep someone from stealing a notebook PC, but any private data on the computer is safe if it is so locked. Such software can have an emergency access for the owners of the data — the user or the company for which she works — should the person who locked the data be unavailable.
Another important use for cryptography at this level is the digital
signature. This is not a computer image of someone’s hand written signature
(a "wet signature in the vernacular). It is a method of using cryptography
to make a mathematical model of the data in the file and encrypt it in
such a way that it can be shown that the file has not been modified. It
can also be used to prove ownership.
Intrusion detectors and scanners may also be used on the inside network itself. Insiders perpetrate most computer crimes, mandating monitoring of the inside network. Also, because users of a network can unintentionally introduce insecurities, network intrusion detection devices can be used to keep watch on the security perimeter, making sure it is unchanged, making sure it is intact.
Speaking of the network, the information that flows over that network
is also vulnerable to attack through snooping or eavesdropping. It is possible
to program a computer to "listen in" on all information flowing over the
wire used for the office network or for the Internet. Again here, to protect
the privacy of the data, we employ encryption.
The same sort of technology is available for e-mail. Software allows someone to "seal" an e-mail message against snoopers. This technology protects the contents of files or messages; only the recipients and sender — only those authorized by the owner of the information — have access to the information.
The device most relied upon is the Internet firewall. The purpose of an Internet firewall is to provide a single point of defense with controlled and audited access to services. These are like guards at guardposts, or the security gateways at airports. Usually a firewall sits between a private, to-be-protected network and another network, such as the Internet. A firewall controls network services, allowing some and denying others. As a controlled gateway, it limits who and what can come through the firewall. Further, it enforces other security checks, such as scanning files for viruses as they pass through the firewall.
User authentication — identification of an individual — along with access
control mechanisms are a necessary part of access control. Tools such as
these, using cryptographic-based authentication tokens and access control
lists, provide protection against unauthorized access to services and data,
while allowing legitimate access (an enabling technology). This can be
comparable to color coded badges and an escort for an individual through
a secure facility.
The most important steps before anyone decides on or deploys any security mechanisms on their computers or networks are the planning and the development of a security policy. For security management, planning means doing a business needs analysis and a risk analysis, often starting with a security survey. A risk analysis is an organization's review of potential threats to its network and its estimate of the probability of those threats occurring. Typically, a risk analysis attempts to answer such questions as "What am I trying to protect and what is it worth?" and "What are the threats, vulnerabilities, and risks?" You ask a lot of "What if ...?" and "What would happen if ...?" questions. A risk analysis ensures that a security policy matches reality.
After the risk analysis and business needs analyses are complete, a corporation can deploy an computer and network security policy, stating what is permitted and what is denied, and what methods and mechanisms are used to protect the private network.
Computer and network security is a multidimensional problem, requiring a multidimensional approach to security. Typically, organizations start with desktop security, such as anti-virus software. As they expand to Internet connectivity, they deploy perimeter defense mechanisms, such as firewalls. As the organization needs more sophisticated network access, it puts in place user authentication devices and VPNs. Intrusion and misuse detection devices are often next. Then firewalls and intrusion detection are spread across an internal network, as access criteria becomes more granular.
Computer, network, and Internet use are here to stay, and will continue
to grow. The threats are real. But then, so are the countermeasures.