The objective of security is to protect the hardware, software, data, and other system resources from unauthorized, illegal, or unwanted access, use, modification, or theft. In a traditional information system constructed around a centralized mainframe the computer and most of its peripherals are locked in a restricted access room. Such lock and key security is not very useful on a modern network, however. The combination of large numbers of users and physically unsecured peripherals, cables, communication lines, and access points make modern network-based systems particularly tempting targets. The Internet complicates the problem.
Security threats
To an expert, an item is considered secure if the cost of breaking security (including the risk of getting caught) exceeds the item's value. To some people, such things as military secrets or a corporation's strategic data are considered priceless. Consequently, perfect information system security may be an impossible goal.
A good way to visualize security threats is to imagine the system as a chain and look for weak links. Exposures can come from people, hardware, and/or software.
Physical Security
Physical security is concerned with denying physical access to the sys- tem, preventing the physical destruction of the system, and keeping the system available. For example, mainframe computers are often located in controlled-access rooms and personal computers are sometimes cabled to work tables or placed in locked cabinets when they are not in use. Access to a secure area can be controlled by issuing identification cards, badges, keys, or personal identification numbers (PINs) to authorized personnel, and surveillance cameras are becoming increasingly common. Modern biometric devices can be used to identify an individual via retinal scan, fingerprint analysis, voiceprint, or signature analysis. The Internet is a significant source of security intrusions. Consequently, many organizations use firewalls to insulate their internal net- work from the Internet (or from other public networks). A firewall is a set of hardware, software, and data that sits between the internal network and the Internet, screens all incoming and/or outgoing transactions, and allows only authorized transactions to get through. Often, the firewall is implemented on a physically separate computer, with a public host (the computer that is linked to the Internet) outside the firewall and the internal server inside the firewall. Additionally, critical software can be kernelized, or partitioned to make unauthorized access more difficult.
Logical security
Logical security is implemented by the system as it runs. For example, on most network-based systems, each authorized user is assigned a unique identification code and a password. In some cases, additional passwords are required to access certain critical data or to execute sensitive programs. Often, access privileges are assigned in layers, with most users restricted to read-only access, a smaller group given the authority to change selected data (perhaps subject to independent verification), and only a few people assigned system operator (sysop) status (which implies the authority to access and change anything). Typically, the operating system checks a user profile or an access control matrix to verify a given user 's access privileges. Just having a valid user code and password does not necessarily prove that a user is who he or she claims to be. Authentication, the process of verifying the user 's identity, often relies on remembered information (such as a PIN or a mother 's maiden name) or variations of the biometric devices.
Callback is another useful authentication tool. After a user logs on from a remote workstation, the host computer verifies the user code and pass- word, breaks the connection (hangs up), looks up the authorized telephone number for that user 's workstation, and then redials the workstation.
Viruses can be difficult to detect or remove, so the best defense is prevention. Personnel should not accept “free” software (on diskette, CD-ROM, or via the network) unless the source is known to be clean. Anti-virus software is designed to recognize certain code patterns (called virus signatures) and sound an alarm when a virus is detected. Such soft- ware should be used to screen all foreign disks, CD-ROMs, and down- loaded software (including software from “legitimate” sources) before they are released for use. On many systems, anti-virus software runs continuously in the background.
Other techniques are intended to provide recovery information or legal documentation when a security breech does occur. A transaction log is a list of all of a system's recent transactions. A comparator is a software routine that compares the contents of a file or a record before and after a transaction and reports any differences. Audit trails and audit procedures can help, too.
Personnel security
People cause most security problems. Consequently, although they are expensive and sometimes controversial, such personnel controls as pre- employment screens, periodic background checks, and rotating job assignments are necessary. A basic accounting principle suggests that no single individual should ever be allowed to place an order and pay the resulting bill. Similarly, systems are often designed to segregate such related functions as data entry and data verification by assigning the responsibility to different departments.
Standard operating procedures, policies, and/or security manuals are an important part of any security plan, and training is crucial. Employees must understand how to implement the security procedures. Perhaps more important, they must know why a given security procedure is necessary.
For example, given a choice, most people select an easy to remember (and thus easy to guess) password that they never change. Standard procedures can be implemented by the system to force users to change their pass- words at regular intervals. The password selection software can be designed to help the user select a better password by rejecting dictionary words, requiring a minimum password length, requiring a combination of letters and digits, and so on. Additionally, explaining why security is necessary and outlining some of the tricks hackers use to guess passwords can help encourage employees to do a better job.
Encryption
To make sensitive information difficult to read even if a message is intercepted, the data can be encrypted (converted to a secret code), transmitted, and then decrypted at the other end of the line. The U.S. National Bureau of Standards' Data Encryption Standard (DES) is considered very difficult (perhaps impossible) to break. A public/private key system, DES is used for secure government transmissions and for most electronic funds transfers. Another popular public/private key encryption algorithm called PGP (Pretty Good Privacy) was created without government support and is available on the Internet.
As the name implies, a two-key or public/private key system uses two keys. The recipient's public key, which is published or readily available on- line, is used to encrypt the message. Once the message is received, only the secret private key can be used to decrypt it.