Computing [Home Page]
---------------------------------------------------------------------------

Originally published in 
Berkeley Computing & Communications, Volume 9, Number 3 (Summer 1999)
University of California at Berkeley
 

The long path to security

Security is the safeguarding of resources for appropriate use. Computers and worldwide networking have added vast, new dimensions to this age-old responsibility. This article will cover general security concepts.

What are we securing?

The computer resources to be secured are information,  services, and equipment. More to the point, the qualities of these resources that we seek to secure are privacy,  integrity,  authenticity, and availability.  Attacks,  errors, and malfunctions threaten these qualities.

Attacks, errors and malfunctions threaten the security of information, services, and equipment.

Privacy provides that a resource can only be used by appropriate persons. For email, privacy may mean that only the sender and the intended recipients can read a message. For an email group, it may mean that only registered members of the list may participate. For a departmental server, privacy may mean that only the intended user can access an account, and that accounts are limited to bona fide departmental users.

Integrity provides that a resource is intact and has not been modified, damaged, or lost. Specifically, the content is delivered as originally recorded and has not been unintentionally or maliciously modified. Services and equipment should not have been modified for some other purpose, such as to undermine privacy or authenticity.

Authenticity provides that a resource is correctly identified. For email and documents, this might require electronic signatures to prove that the content originated from a specific person or source. For web servers, this could mean authentication of the server, as with server identification certificates.

Availability provides that a resource is accessible and usable as intended and when needed.

What compromises security?

In the real world, various problems beset the qualities that we desire for our resources.

Attacks are intentional acts to subvert privacy, undermine integrity, fake or deny authenticity, steal resources, or simply to deny use. This reflects the dark side of human nature.

Errors are unintentional acts by users, staff, maintenance personnel, etc. To err is human.

Malfunctions are glitches, bugs, breakdowns, natural disasters, and the like. They are Nature's way of letting us know we can't control everything.

How do we ensure security?

The three main areas of security activity are prevention, detection, and recovery. Activity must be balanced among all three areas to be effective.

Prevention is the main defense. Alas, there is no panacea, no wall high enough, no moat deep enough. Your defenses may be finagled, end-run, or overcome by brute force. You will study and apply defenses step by step, based on your resources and analysis of risk, for all eternity.

Your defenses may be overcome by brute force, finagled, or end-run.

Detection is the essential partner of defense. No defense is perfect, even for a limited purpose. Your best hope is to stop damage as soon as possible and design new defenses based on the new knowledge.

Look for trouble! It is coming!

Recovery is the last defense. Once prevention has failed, preplanned and tested recovery methods are needed. Backups, spare parts and equipment, and a written plan are good starting places. Of course, some losses, such as privacy, cannot be restored.

Risk analysis

We achieve security by deploying policies, procedures, and technologies to defend the qualities of our resources from various threats. The threats and defenses are so varied that we must analyze and prioritize our responses.

The main steps in using risk analysis to develop a security plan and a security policy are:

  1. Identify the qualities and resources to be protected.
  2. Analyze the threats.
  3. Estimate the cost of loss (time and money).
  4. Analyze available countermeasures.
  5. Select and prioritize countermeasure deployment.
  6. Analyze effectiveness and restart at (1).

The choices you identify above are included in your security policy. The prioritized steps become your security plan.

On a network, constructive paranoia is healthy!

Berkeley Computing & Communications, Volume 9, Number 3 (Summer 1999)
Copyright 1999, The Regents of the University of California

Page modified: 08 Jul 2010 09:50:43 -0700

--------------------------------------------------
[Back to Top   [Home Page]