FORMS OF SECURITY
FORMS OF SECURITY I
Meaning of Computer Security We are beginning our journey on the discourse-forms of security with the subject of computer security. Layman may define computer security as all aspects of security, which involves protecting our computing systems from malicious attacks and intrusion. Meanwhile, let us consider some other definitions of computer security. Computer security touches draws from disciplines as ethics and risk analysis, and is concerned with topics such as computer crime; the prevention, detection, and remediation of attacks; and identity and anonymity in cyberspace (Kinkus, 2002).
Computer security is a branch of technology known as information security as applied to computers. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible.... (://en.wikipedia.org/wiki/ Computer_security). Computer Security can also be described as:
the concept of attaining a secure computing environment (ie, an ideal state free from risk or danger) by mitigating the vulnerabilities associated (Error! Hyperlink reference not valid.).
....a general term relating to measures designed to protect computer assets in all configurations (.securiguard.com/glossary.html) Computer security can be described as an aspect of information security which basically involves putting some measures in place to secure your computers and networks, or simply protect them against infiltration, illegitimate access or corruption of data. In recent time, computers have replaced normal traditional paper system where information is stored in physical files. You go into government ministries, you often see files on the tables or shelves or storage cabinets marked with ‘confidential’. In Nigeria, almost every file is marked ‘confidential’ and the irony of it, is that any stranger can have access to any of these files because of the carefree attitude of many public servants, official corruption and absence of security consciousness that characterize the nation’s bureaucracy.
It is most disheartening the way important and valuable files get missing, with no trace of recovery. Several pensioners are losing their pension entitlements simply because their files cannot be traced. And such a situation may have security implication on the State. For instance, a pensioner who has a number of children in tertiary institutions, and is unable to have his entitlements because his file cannot be traced. If the retiree does not have any other means of survival, to take care of his
family, the children will need to fend for themselves. And in the face of job drought, there is the tendency for (some of such) children to be tempted to engage in anti-social activities like ‘yahoo business’ (online scam), street begging, stealing, to mention a few, thereby constituting a threat to the security of the larger community. Emotionally, the children of the deprived retiree will tend to develop hatred towards a system that denies their father of his entitlements. This problem may have also denied the poor retiree an opportunity to carry-out his financial obligations to the family. It is only when these children have creative thinking and positive perception that they might not develop negative emotions, which can sometimes lure them into social vices. I could remember a colleague of mine at the university who always complained of hunger and financial incapacitation due to late and irregular payment of the peanuts his father was receiving as pension. The abominable verification exercise, which pensioners are often subject to, appears to be a source of worry. Coming to the story of the retiree’s son, consequently, the guy had to fend for himself, and in the process due to his vulnerability, some of his peers in the neighbourhood introduced him into armed robbery. He was later arrested but many of his university colleagues were astonished and sympathetic too because he was not only homely but also academically brilliant. The argument here is that if someone could engage in crime due to the inability of his father, to oblige him financially, resulting from late and irregular payment of his father’s pension by the government, then what would be the fate of a dependant whose father was not paid at all for the inability of the relevant authorities to trace the file that contains his employment records? The foregoing painted the danger inherent in ineffective storing and misadministration of information. There is no doubt that absence of proper management of information can provoke a security threat to any State. However, through the use of computer, the long queue and frustration that adorn pensioners’ verification exercise would have fizzled out, and every genuine pensioner can collect his/her pension promptly and happily without stress. The traditional means of data management are becoming obsolete. The files that fill up a whole building can be saved in a small and compact storage device like computer hard disk or removable disks whereby one can store or/and retrieve or/and amend any file timely and easily. How much space do you think will be acquired, if we physically have to open files for ten million people? Here, it may involve occupying a very big building, which may cost several millions of Naira to acquire but with less than five hundred thousand Naira, we can get computers of high storage capacity that can accommodate several hundreds of millions of such files without taking any space beyond that where you mount your desk(s) that supports the computer(s). Even, one may not need a desk at all, with the use of computing systems like laptops.
If information is vital to the continued existence of any organization, it is pertinent to put in place necessary structures and applications to protect your computer(s) against any infiltration or damage. The emergent revolution in Information and
Communication Technology has rendered the traditional means of storing information like paper files moribund whereby computers have gradually replaced them. It is no surprise therefore, that the managements of many organizations in Nigeria have begun to mandate their staff to undergo various computer trainings in order for such to remain relevant in their various work places. Many public workers can now use computers effectively, as many government job functions are carried out electronically. Many state governments especially Lagos state have computerized their public service, as most services are now being rendered through electronic means. Taxes are currently paid by individuals and corporate bodies through electronic medium. The Immigration Service in Nigeria has also gone computerized. Processing and issuance of passport is now done electronically, and this appears to be faster and more convenient. However, let us consider a scenario where the details of all those who applied for Nigerian passports in the last two years get erased through malicious attack from intruders or hackers. Another case is a situation whereby the data system of a commercial bank gets corrupted through virus attack. How do you think the bank will manage to get out of such crisis without any back-up? Considering these two scenarios, you may agree with me that it is important to provide adequate security for our computer system(s). Essential measures and applications must be put in place to secure our computer system especially as security experts. The nature of the security profession demands for adequate computer security, and we should make enough efforts to protect our computer systems from malicious attack like corruption of data, theft, intrusion, illegal access to data, and damage emanating from natural disaster. In the subsequent part of this segment, we shall be discussing various ways to secure our computers but before we do that, let us quickly explain key concepts of computer security in order to stimulate a better appreciation of the subject. SELF ASSESSMENT EXERCISE Describe the term computer security. 3.1.1 Key Concepts in Computer Security
Anti-Virus Software: There is a conflict among scholars on the originator of anti-virus software but history has it that the first public virus removal task was performed by Bernt Fix in 1987 (Wells, 1996). Anti-virus software is used to detect, prevent and destroy any malware like computer viruses, worms as well as trojan horses. Apart from protecting the computer against malicious attacks, anti-virus also helps to detect spyware or any other programmes or websites that can constitute security threats to the computer system like virus attack, intrusion and hacking. It also assists the computer user to identify sites that are not secure, or those designed to perpetrate online scam, through prompt alert and warning of the imminent danger such sites pose to the user and/or system, and will advise that the user should not give the details of
his/her vital information or betterstill to close the suspected sites and avoid copying anything from such sites. Anti-virus software is actually a set of computer programmes designed purposely to identify, block or destroy computer viruses and malicious agents with the aim of protecting the computer from information theft, corruption, hardware damage, to mention a few. There are various types of anti-virus software in the market today, including Norton, AVG, McAfee among others. Due to the way new viruses are generated almost on a daily basis for commercial, strategic or other reasons, it is very pertinent to upgrade the anti-virus software on one’s computer from time to time, so that your computing system will be immune from any attack. Apart from virus attack, hackers may try to break into your system to steal, modify or delete some of the files in your system or the whole information contained therein. Before the advent of the internet, computer viruses were usually spread through floppy disks (diskettes) but now computing systems get infected with viruses and other forms of malware through the internet. Before now, it was rare for computer to be infected with viruses through the use of recordable or rewritable discs but now the story is different. That is why it is advisable to restrict access of people into your computer and avoid the use of storage facilities like MP3, Flash disk, diskette etc, that have used somewhere else especially at commercial cyber centers without being scanned properly. It is also important to note that it is most appropriate to delete any virus infected files that cannot be repaired by the anti-virus package on your computer system. Authentication
....the process of identifying an individual, usually based on a : This involves a technique in which we create password to restrict access to one’s computer. In this case, it is only those who can provide the correct password that can be allowed by the computer to gain entry into it. Authentication can also be defined as:
username and password. In security systems, authentication is distinct from authorization , which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual (Error! Hyperlink reference not valid.). Sometimes, within the same system, there may be several users, each of whom will create his/her username and password before he/she can access his/her information on the system but the computer will prevent every user from gaining access to another user’s information, if he/she fails to provide the correct username and password. There are several ways compute authentication is initiated by the system, and these may identify the users through username or/and password, identification cards, smart cards, as well as biometric systems.
Automated Theorem Proving: This is a verification tool in secure computing system that allows vital algorithms as well as code to be proven mathematically through which the specification of the computer can be met. Backups: These are simple techniques that help us to secure information in our computing systems by copying and keeping our important files in another storage locations like a more secure section in the computer hard drive (less reliable because it goes with the computer in case of theft), MP3 storage device, i-pods, recordable and/or rewritable discs, tapes, flash disk, external hard drive and file hosting on the web. It is noteworthy to know that there are inherent dangers in keeping files on the web, if adequate security cannot be guaranteed. Highly secure backups are supposed to be very safe and secure storage locations that are not easily susceptible to theft, loss, or destruction resulting from fire, heat, water, or even natural disasters. A good example is a university that has been existing for more than forty years, and experiences fire outbreak that destroys all its academic records. Without any backups, how do you think it will be able to supply the academic records of those who have graduated from the school? You answer may be the same as mine. Capability and Access Control List: These techniques are usually used to guarantee privilege separation and compulsory access control. Chain of Trust: This enables us to verify the authenticity of any software loaded on the system, through which we can identify the software certified authentic by the system’s designer. Cryptographic Techniques: These techniques are applied basically to reduce the risk of interception or modification of data whenever data are being exchanged between two or more systems. These techniques involve changing information in such a way that it will remain unreadable to any intruder when data is transmitted from one system to another. In this case, it is only the genuine recipient of the information that can unravel the content of the message while anybody who gains access to such message will not understand the content of the message unless it he/she can break the code to unscramble it, which may be very difficult if the encryption is done very securely. Encryption: This tool is used to prevent any strange or unintended person from comprehending the content of a message. It involves scrambling of the information in a way that it will be unreadable by anybody other than the real recipient(s) whom the information is meant for. It is the recipient who has the code to unlock the information that can decipher a message. This approach can be used to send secret or very confidential information to several people irrespective of their number in as much they have the cryptographic key, which will enable them to decrypt it.
Decryption: Decryption can be defined as the tool used with the aim of “…reversing an encryption, i.e. the process which converts encrypted data into its original form” (://en.wikipedia.org/wiki/decryption). Firewall: This technique helps to protect your system against any malicious attack or illegal access by hackers and intruders whenever you are online. It alerts you whenever it senses any intrusion, so that your computer will not be vulnerable to bugs. Honey pots: These are computing systems made vulnerable to intrusion and attacks by hackers most times deliberately, to identify areas of defect or vulnerability to effect fixing it.
Mandatory Access Control (MAC): MAC is used to “protect the network and file systems, block users from accessing certain ports and sockets, and more” (://www.freebsd.org/doc/en/books/handbook/mac-understandlabel.html). It is however advisable for optimum use of policy modules, to load many security policy modules at the same time with the aim of providing a multi-layered security setting, and thus “….a multi-layered security environment, multiple policy modules are in effect to keep security in check” (ibid). The MAC application does not allow the users to change their access codes indiscriminately because all security features are usually controlled by the access rules presented by the selected security policy modules. Here, it is the system administrator that (absolutely) controls the MAC access rules.
Secure Cryptoprocessorcomputer: A secure cryptoprocessor can be said to be “a dedicated for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance” (://neohumanism.org/s/se/secure_cryptoprocessor.html). The essence of a secure cryptoprocessor is to serve as the foundation of securing the system. It is a security sub-system that ensures protection of the system against any intrusion or malware. Some of the examples of secure cryptoprocessor include smart cards and ATM cards. The ways through which secure cryptoprocessor works include:
• tamper-detecting and tamper-evident containment;
• automatic zeroization of secrets in the event of tampering;
• internal battery backup;
• chain of trust boot-loader which authenticates the operating system before loading it;
• chain of trust operating system which authenticates application software before loading it; and
• hardware-based capability registers, implementing a one-way privilege separation model (://neohumanism.org/s/se/secure_cryptoprocessor.html).
Microkernelsaddress space: Microkernel can be described as a computer kernel that enables relevant mechanisms, which help to initiate an operating system like low-level management, thread management, and inter-process communication. In a situation whereby multiple priviledge levels are offered by the hardware, “the
microkernel is the only software executing at the most privileged level (generally referred to as supervisor or kernel mode). Actual operating system services, such as device drivers, protocol stacks, file systems and user interface code are contained in user space” (Joe, 1996 cited on ://en.wikipedia.org/wiki/Microkernel). In securing the computing system, microkernels are often used for systems designed for use in high security applications like KeyKOS, EROS and strategic security systems.
Computer security is a branch of technology known as information security as applied to computers. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible.... (://en.wikipedia.org/wiki/ Computer_security). Computer Security can also be described as:
the concept of attaining a secure computing environment (ie, an ideal state free from risk or danger) by mitigating the vulnerabilities associated (Error! Hyperlink reference not valid.).
....a general term relating to measures designed to protect computer assets in all configurations (.securiguard.com/glossary.html) Computer security can be described as an aspect of information security which basically involves putting some measures in place to secure your computers and networks, or simply protect them against infiltration, illegitimate access or corruption of data. In recent time, computers have replaced normal traditional paper system where information is stored in physical files. You go into government ministries, you often see files on the tables or shelves or storage cabinets marked with ‘confidential’. In Nigeria, almost every file is marked ‘confidential’ and the irony of it, is that any stranger can have access to any of these files because of the carefree attitude of many public servants, official corruption and absence of security consciousness that characterize the nation’s bureaucracy.
It is most disheartening the way important and valuable files get missing, with no trace of recovery. Several pensioners are losing their pension entitlements simply because their files cannot be traced. And such a situation may have security implication on the State. For instance, a pensioner who has a number of children in tertiary institutions, and is unable to have his entitlements because his file cannot be traced. If the retiree does not have any other means of survival, to take care of his
family, the children will need to fend for themselves. And in the face of job drought, there is the tendency for (some of such) children to be tempted to engage in anti-social activities like ‘yahoo business’ (online scam), street begging, stealing, to mention a few, thereby constituting a threat to the security of the larger community. Emotionally, the children of the deprived retiree will tend to develop hatred towards a system that denies their father of his entitlements. This problem may have also denied the poor retiree an opportunity to carry-out his financial obligations to the family. It is only when these children have creative thinking and positive perception that they might not develop negative emotions, which can sometimes lure them into social vices. I could remember a colleague of mine at the university who always complained of hunger and financial incapacitation due to late and irregular payment of the peanuts his father was receiving as pension. The abominable verification exercise, which pensioners are often subject to, appears to be a source of worry. Coming to the story of the retiree’s son, consequently, the guy had to fend for himself, and in the process due to his vulnerability, some of his peers in the neighbourhood introduced him into armed robbery. He was later arrested but many of his university colleagues were astonished and sympathetic too because he was not only homely but also academically brilliant. The argument here is that if someone could engage in crime due to the inability of his father, to oblige him financially, resulting from late and irregular payment of his father’s pension by the government, then what would be the fate of a dependant whose father was not paid at all for the inability of the relevant authorities to trace the file that contains his employment records? The foregoing painted the danger inherent in ineffective storing and misadministration of information. There is no doubt that absence of proper management of information can provoke a security threat to any State. However, through the use of computer, the long queue and frustration that adorn pensioners’ verification exercise would have fizzled out, and every genuine pensioner can collect his/her pension promptly and happily without stress. The traditional means of data management are becoming obsolete. The files that fill up a whole building can be saved in a small and compact storage device like computer hard disk or removable disks whereby one can store or/and retrieve or/and amend any file timely and easily. How much space do you think will be acquired, if we physically have to open files for ten million people? Here, it may involve occupying a very big building, which may cost several millions of Naira to acquire but with less than five hundred thousand Naira, we can get computers of high storage capacity that can accommodate several hundreds of millions of such files without taking any space beyond that where you mount your desk(s) that supports the computer(s). Even, one may not need a desk at all, with the use of computing systems like laptops.
If information is vital to the continued existence of any organization, it is pertinent to put in place necessary structures and applications to protect your computer(s) against any infiltration or damage. The emergent revolution in Information and
Communication Technology has rendered the traditional means of storing information like paper files moribund whereby computers have gradually replaced them. It is no surprise therefore, that the managements of many organizations in Nigeria have begun to mandate their staff to undergo various computer trainings in order for such to remain relevant in their various work places. Many public workers can now use computers effectively, as many government job functions are carried out electronically. Many state governments especially Lagos state have computerized their public service, as most services are now being rendered through electronic means. Taxes are currently paid by individuals and corporate bodies through electronic medium. The Immigration Service in Nigeria has also gone computerized. Processing and issuance of passport is now done electronically, and this appears to be faster and more convenient. However, let us consider a scenario where the details of all those who applied for Nigerian passports in the last two years get erased through malicious attack from intruders or hackers. Another case is a situation whereby the data system of a commercial bank gets corrupted through virus attack. How do you think the bank will manage to get out of such crisis without any back-up? Considering these two scenarios, you may agree with me that it is important to provide adequate security for our computer system(s). Essential measures and applications must be put in place to secure our computer system especially as security experts. The nature of the security profession demands for adequate computer security, and we should make enough efforts to protect our computer systems from malicious attack like corruption of data, theft, intrusion, illegal access to data, and damage emanating from natural disaster. In the subsequent part of this segment, we shall be discussing various ways to secure our computers but before we do that, let us quickly explain key concepts of computer security in order to stimulate a better appreciation of the subject. SELF ASSESSMENT EXERCISE Describe the term computer security. 3.1.1 Key Concepts in Computer Security
Anti-Virus Software: There is a conflict among scholars on the originator of anti-virus software but history has it that the first public virus removal task was performed by Bernt Fix in 1987 (Wells, 1996). Anti-virus software is used to detect, prevent and destroy any malware like computer viruses, worms as well as trojan horses. Apart from protecting the computer against malicious attacks, anti-virus also helps to detect spyware or any other programmes or websites that can constitute security threats to the computer system like virus attack, intrusion and hacking. It also assists the computer user to identify sites that are not secure, or those designed to perpetrate online scam, through prompt alert and warning of the imminent danger such sites pose to the user and/or system, and will advise that the user should not give the details of
his/her vital information or betterstill to close the suspected sites and avoid copying anything from such sites. Anti-virus software is actually a set of computer programmes designed purposely to identify, block or destroy computer viruses and malicious agents with the aim of protecting the computer from information theft, corruption, hardware damage, to mention a few. There are various types of anti-virus software in the market today, including Norton, AVG, McAfee among others. Due to the way new viruses are generated almost on a daily basis for commercial, strategic or other reasons, it is very pertinent to upgrade the anti-virus software on one’s computer from time to time, so that your computing system will be immune from any attack. Apart from virus attack, hackers may try to break into your system to steal, modify or delete some of the files in your system or the whole information contained therein. Before the advent of the internet, computer viruses were usually spread through floppy disks (diskettes) but now computing systems get infected with viruses and other forms of malware through the internet. Before now, it was rare for computer to be infected with viruses through the use of recordable or rewritable discs but now the story is different. That is why it is advisable to restrict access of people into your computer and avoid the use of storage facilities like MP3, Flash disk, diskette etc, that have used somewhere else especially at commercial cyber centers without being scanned properly. It is also important to note that it is most appropriate to delete any virus infected files that cannot be repaired by the anti-virus package on your computer system. Authentication
....the process of identifying an individual, usually based on a : This involves a technique in which we create password to restrict access to one’s computer. In this case, it is only those who can provide the correct password that can be allowed by the computer to gain entry into it. Authentication can also be defined as:
username and password. In security systems, authentication is distinct from authorization , which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual (Error! Hyperlink reference not valid.). Sometimes, within the same system, there may be several users, each of whom will create his/her username and password before he/she can access his/her information on the system but the computer will prevent every user from gaining access to another user’s information, if he/she fails to provide the correct username and password. There are several ways compute authentication is initiated by the system, and these may identify the users through username or/and password, identification cards, smart cards, as well as biometric systems.
Automated Theorem Proving: This is a verification tool in secure computing system that allows vital algorithms as well as code to be proven mathematically through which the specification of the computer can be met. Backups: These are simple techniques that help us to secure information in our computing systems by copying and keeping our important files in another storage locations like a more secure section in the computer hard drive (less reliable because it goes with the computer in case of theft), MP3 storage device, i-pods, recordable and/or rewritable discs, tapes, flash disk, external hard drive and file hosting on the web. It is noteworthy to know that there are inherent dangers in keeping files on the web, if adequate security cannot be guaranteed. Highly secure backups are supposed to be very safe and secure storage locations that are not easily susceptible to theft, loss, or destruction resulting from fire, heat, water, or even natural disasters. A good example is a university that has been existing for more than forty years, and experiences fire outbreak that destroys all its academic records. Without any backups, how do you think it will be able to supply the academic records of those who have graduated from the school? You answer may be the same as mine. Capability and Access Control List: These techniques are usually used to guarantee privilege separation and compulsory access control. Chain of Trust: This enables us to verify the authenticity of any software loaded on the system, through which we can identify the software certified authentic by the system’s designer. Cryptographic Techniques: These techniques are applied basically to reduce the risk of interception or modification of data whenever data are being exchanged between two or more systems. These techniques involve changing information in such a way that it will remain unreadable to any intruder when data is transmitted from one system to another. In this case, it is only the genuine recipient of the information that can unravel the content of the message while anybody who gains access to such message will not understand the content of the message unless it he/she can break the code to unscramble it, which may be very difficult if the encryption is done very securely. Encryption: This tool is used to prevent any strange or unintended person from comprehending the content of a message. It involves scrambling of the information in a way that it will be unreadable by anybody other than the real recipient(s) whom the information is meant for. It is the recipient who has the code to unlock the information that can decipher a message. This approach can be used to send secret or very confidential information to several people irrespective of their number in as much they have the cryptographic key, which will enable them to decrypt it.
Decryption: Decryption can be defined as the tool used with the aim of “…reversing an encryption, i.e. the process which converts encrypted data into its original form” (://en.wikipedia.org/wiki/decryption). Firewall: This technique helps to protect your system against any malicious attack or illegal access by hackers and intruders whenever you are online. It alerts you whenever it senses any intrusion, so that your computer will not be vulnerable to bugs. Honey pots: These are computing systems made vulnerable to intrusion and attacks by hackers most times deliberately, to identify areas of defect or vulnerability to effect fixing it.
Mandatory Access Control (MAC): MAC is used to “protect the network and file systems, block users from accessing certain ports and sockets, and more” (://www.freebsd.org/doc/en/books/handbook/mac-understandlabel.html). It is however advisable for optimum use of policy modules, to load many security policy modules at the same time with the aim of providing a multi-layered security setting, and thus “….a multi-layered security environment, multiple policy modules are in effect to keep security in check” (ibid). The MAC application does not allow the users to change their access codes indiscriminately because all security features are usually controlled by the access rules presented by the selected security policy modules. Here, it is the system administrator that (absolutely) controls the MAC access rules.
Secure Cryptoprocessorcomputer: A secure cryptoprocessor can be said to be “a dedicated for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance” (://neohumanism.org/s/se/secure_cryptoprocessor.html). The essence of a secure cryptoprocessor is to serve as the foundation of securing the system. It is a security sub-system that ensures protection of the system against any intrusion or malware. Some of the examples of secure cryptoprocessor include smart cards and ATM cards. The ways through which secure cryptoprocessor works include:
• tamper-detecting and tamper-evident containment;
• automatic zeroization of secrets in the event of tampering;
• internal battery backup;
• chain of trust boot-loader which authenticates the operating system before loading it;
• chain of trust operating system which authenticates application software before loading it; and
• hardware-based capability registers, implementing a one-way privilege separation model (://neohumanism.org/s/se/secure_cryptoprocessor.html).
Microkernelsaddress space: Microkernel can be described as a computer kernel that enables relevant mechanisms, which help to initiate an operating system like low-level management, thread management, and inter-process communication. In a situation whereby multiple priviledge levels are offered by the hardware, “the
microkernel is the only software executing at the most privileged level (generally referred to as supervisor or kernel mode). Actual operating system services, such as device drivers, protocol stacks, file systems and user interface code are contained in user space” (Joe, 1996 cited on ://en.wikipedia.org/wiki/Microkernel). In securing the computing system, microkernels are often used for systems designed for use in high security applications like KeyKOS, EROS and strategic security systems.
Comments
Post a Comment