Introduction to Computer Security
Computer Security is defined as the prevention and detection of unauthorized actions by users of a computer system. It encompasses all measures designed to protect computer systems, networks, and data from unauthorized access, modification, destruction, or disclosure.
Security has three main aspects: Prevention (stopping attacks before they happen), Detection (identifying when an attack occurs), and Reaction (responding to security incidents). Effective security requires all three components working together.
Security is not just a technical issue—it requires a combination of technology, policies, procedures, and most importantly, security-conscious personnel. Even the most sophisticated technical controls can be circumvented by careless users.
The CIA Triad
The CIA Triad forms the foundation of computer security and consists of three core principles that must be protected:
1. Confidentiality
Confidentiality prevents unauthorized disclosure of information, keeping data secret or private. This applies to military secrets, business documents, personal information, and any data that should not be shared with unauthorized parties.
- Data Classification: Information is categorized by sensitivity level (public, internal, confidential, secret)
- Access Controls: Only authorized individuals can access specific information
- Encryption: Data is transformed to prevent understanding by unauthorized parties
- Examples: Personal health records, financial statements, trade secrets, passwords
2. Integrity
Integrity prevents unauthorized writing or modification of information, ensuring data accuracy and consistency. It means that information remains complete and unaltered throughout its lifecycle.
- Data Accuracy: Information is correct and has not been tampered with
- Consistency: Data across systems matches and is coherent
- Non-repudiation: Entities cannot deny their actions
- Examples: Financial transactions, medical records, legal documents
3. Availability
Availability ensures that information is accessible and usable upon appropriate demand by authorized users. Systems must be operational when needed to support business operations.
- Uptime: Systems are operational when needed
- Performance: Systems respond quickly to legitimate requests
- Redundancy: Backup systems are available in case of failure
- Examples: E-commerce websites, banking systems, emergency services
The CIA Triad
Confidentiality
Integrity
Availability
Security Services
Beyond the CIA Triad, security services provide additional protections for information systems:
Non-repudiation
Prevents sender or receiver from denying a transmitted message. This is crucial for legal and business transactions where proof of sending and receiving is required. Implemented using digital signatures and audit trails.
Authentication
Proves identity of users, systems, or entities. Authentication verifies that someone or something is who or what they claim to be. Methods include passwords, biometrics, tokens, and certificates.
Access Controls
Limits and controls access to resources through identification and authentication. Determines what authorized users can do with resources (read, write, execute, delete).
Accountability
Ensures system managers are accountable to external scrutiny. Requires audit trails to be kept and protected, allowing reconstruction of events and identification of responsible parties.
| Service | Purpose | Example Mechanisms |
|---|---|---|
| Non-repudiation | Prove message sent/received | Digital signatures, timestamps |
| Authentication | Verify identity | Passwords, biometrics, tokens |
| Access Control | Control resource access | ACLs, permissions, roles |
| Accountability | Track actions | Audit logs, monitoring |
Threats and Attacks
Types of Security Threats
- Denial of Service (DoS): Attacks that make systems unavailable to legitimate users
- Information Theft: Unauthorized access to sensitive data (may go undetected)
- Malware: Viruses, worms, trojans designed to damage or spy
- Social Engineering: Manipulating people into revealing confidential information
- Insider Threats: Attacks from within the organization
- Advanced Persistent Threats (APTs): Long-term, targeted attacks by sophisticated attackers
Categories of Attacks
Passive Attacks
Passive attacks involve eavesdropping on information without modifying it. They are difficult to detect because the attacker does not alter data or systems.
- Eavesdropping: Intercepting communications
- Traffic Analysis: Studying communication patterns
- Release of Message Contents: Reading sensitive data in transit
Active Attacks
Active attacks involve modification or creation of information. They are easier to detect but can cause significant damage.
- Masquerade: Pretending to be someone else
- Replay: Capturing and retransmitting valid data
- Modification: Alter ing messages or data files
- Denial of Service: Disrupting normal system operation
Exam Tip: Remember the difference between passive and active attacks: passive attacks observe without modifying, while active attacks involve some form of modification or creation of false data.
Security Mechanisms
Security mechanisms are technical controls that implement security services:
Common Security Mechanisms
| Mechanism | Implements | Description |
|---|---|---|
| Digital Signatures | Non-repudiation | Mathematical schemes for authenticating digital messages |
| Passwords/Biometrics | Authentication | Verifying identity through knowledge or physical characteristics |
| Audit Trails | Accountability | Recording system events for review and investigation |
| Encryption | Confidentiality | Transforming data to prevent unauthorized access |
| Access Control Lists | Access Control | Specifying who can access what resources |
| Firewalls | Availability | Filtering network traffic to prevent attacks |
The Security Triad: People, Process, Technology
Effective security requires all three components:
- People: Security-conscious personnel who follow policies
- Process: Procedures and policies that govern security practices
- Technology: Technical controls that enforce security
Key Insight: The weakest link in security is often the human element. Even the most sophisticated technical controls can be bypassed by careless or uninformed users. Security awareness training is essential.
Chapter Summary
- Computer Security involves prevention, detection, and reaction to unauthorized actions
- The CIA Triad forms the foundation: Confidentiality, Integrity, and Availability
- Security Services include non-repudiation, authentication, access control, and accountability
- Attacks are categorized as passive (eavesdropping) or active (modification)
- Effective security requires people, process, and technology working together