Computer Security

• Computer Security as a principle;

• Computer Security in UNIX for specific;

• Conclusion.

Computer Security in General

Threats to Computer Security

• Errors and Omissions• Employee Sabotage • Loss of Physical and

Infrastructure support • Malicious Hackers•

And More interesting ones……….

• Malicious Code • Foreign Government

Espionage – Industrial Espionage

malicious codes

• Virus: A code segment that replicates by attaching copies of itself to existing executables. The new copy of the virus is executed when a user executes the new host program. The virus may include an additional "payload" that triggers when specific conditions are met. For example, some viruses display a text string on a particular date. There are many types of viruses, including variants, overwriting, resident,

stealth, and polymorphic.

Trojan Horse

• Trojan Horse: A program that performs a desired task, but that also includes unexpected (and undesirable) functions. Consider as an example an editing program for a multiuser system. This program could be modified to randomly delete one of the users' files each time they perform a useful function (editing), but the deletions are unexpected and definitely undesired!

Worm

• A self-replicating program that is self-contained and does not require a host program. The program creates a copy of itself and causes it to execute; no user intervention is required. Worms commonly use network services to propagate to other host systems.

Computer Security Program

------From a managerial viewpoint

An example of computer security program:

An central computer security program

• How to be effective?

First… ...

• Stable Program Management Function.

Second---

• Stable Resource Base

What are remaining...

• Published Mission and Functions Statement

• Long-Term Computer Security Strategy.

• Intraorganizational Liaison and Liaison with External Groups

How to do if incident happens?

• A Incident Handling Capability

Five requirements for IHC:

• An understanding of the constituency it will serve;

• an educated constituency;

• a means of centralized communications;

• Expertise in the requisite technologies;

• Links to other groups to assist in incident handling.

One of the weakest links in security systems is

• Awareness, training and education of people

Three things to do….

• Improving awareness of the need to protect system resources;

• developing skills and knowledge;

• Building in-depth knowledge.

Comparison of these three factors

awareness Training education

Attribute: “what” “how” “why”

Level: Information Knowledge Insight

Objective: Recognition Skill Understanding

TeachingMethod

Media PracticalInstruction

TheoreticalInstruction

Test measure True/false Problemsolving

Eassay

Impacttermframe

Short-term Intermediate Long-term

Conclusion

•

• What a good security should be?

First:

– Computer Security Supports the Mission of the Organization.

Second:

• Computer Security is an Integral Element of Sound Management

Third:

– Computer Security Should Be Cost-

Effective.

Fourth:

– Computer Security Requires a

Comprehensive and Integrated Approach.

And also:

– Computer Security Should Be Periodically

Reassessed.

References

• Http://csrc.ncsl.nist.gov/nistpubs/800-12

• William Stallings: Operating Systems: Internals and Design Principles, Third Edition. Prentice Hall, 1998.

• Alvare,A. "How Crackers Crack Passwords or What Passwords to Avoid." Proceeding, UNIX Security Workshop II, August 1990

• Artsy,Y.,ed.Newsletter of the IEEE Computer Society Technical Committee on Operating Systems, Winter 1989.

• S. Carl-Mitchell and John S. Quarterman, Building Internet Firewalls. UnixWorld; February, 1992;

• Shabbir J. Safdar. Giving Customers the Tools to Protect Themselves. USENIX Proceedings, UNIX Security Symposium III; September 1992.

And…

• Wietse Venema. TCP Wrapper: Network Monitoring,Access Control and Booby Traps. USENIX Proceedings,UNIX Security Symposium III; September 1992.

• David and Michelle Koblas. SOCKS. USENIX Proceedings, UNIX Security Symposium III; September 1992.

• J. David Thompson and Kate Arndt. A Secure Public Network Access Mechanism. USENIX Proceedings, UNIX Security Symposium III; September 1992.