Basic Security Concepts:
Protection: You should configure your systems and networks as correctly as possible
Detection: You must be able to identify when the configuration has changed or when some
network traffic indicates a problem
Reaction: After identifying problems quickly, you must respond to them and return to a safe
state as rapidly as possible.
Objectives of Security:
Confidentiality: This means secret data must remain confidential. This means that if somebody
wants some data to be available to certain people, then the operating system must make that data
available to those particular people, with no one else allowed to see that data. It prevents
unauthorized disclosure of secured information.
Integrity: This means restricting unauthorized modification of secured information. Unauthorized
users must not be allowed to modify the data without the owner’s permission. Data modification
includes not only changing or deleting data, but also removing data or adding false data to change
its behavior.
Availability: This means nobody can disturb the system to make it unusable. It assures that the
system works promptly, and that service is not denied to authorized users. This is to restrict
unauthorized users by withholding information, causing a denial of service to authorized users.
Authenticity: This means the system must able to verify the identity of users. Users can login to the
system by providing a combination of username and password, or matching any other security
parameters.
Types of Threats
1) Interception:
An interception means that some unauthorized party has gained access to an asset. The
outside party can be a person, a program, or a computing system. Examples of this type of
failure are illicit copying of program or data files, or wiretapping to obtain data in a network.
Although a loss may be discovered fairly quickly, a silent interceptor may leave no traces by
which the interception can be readily detected.
2) Interruption:
In an interruption, an asset of the system becomes lost, unavailable, or unusable. An
example is malicious destruction of a hardware device, erasure of a program or data file, or
malfunction of an operating system file manager so that it cannot find a particular disk file.
3) Modification:
If an unauthorized party not only accesses but tampers with an asset, the threat is
a modification. For example, someone might change the values in a database, alter a
program so that it performs an additional computation, or modify data being transmitted
electronically. It is even possible to modify hardware. Some cases of modification can be
detected with simple measures, but other, more subtle, changes may be almost impossible
to detect.
4) Fabrication:
�Finally, an unauthorized party might create a fabrication of counterfeit objects on a
computing system. The intruder may insert spurious transactions to a network
communication system or add records to an existing database. Sometimes these additions
can be detected as forgeries, but if skillfully done, they are virtually indistinguishable from
the real thing.
Comprehensive Security plan:
When developing a comprehensive security plan you must remember the three basic elements of
physical security:
1) Mechanical (electronic systems):
Covering the use of security hardware including access control, CCTV, door locks, monitoring
systems and intrusion alarms.
2) Operational (security staff and procedures as well as organizational security):
Covering the involvement in the security programs by management, security staff and employees.
3) Natural (architectural elements):
Covering basic security philosophies involving property definition, natural surveillance and access
control.
Security plan consists of the following steps:
Identify what you are trying to protect.
Determine what you are trying to protect it from.
Determine how likely the anticipated threats are.
Implement measures that will protect your assets in a cost-effective manner.
Review the process continually and make improvements each time a weakness is
discovered.
