Introduction
The goal of computer security is to ensure that online systems can be accessed easily - but only by those who should be using them!
The online systems could range from banks to social network sites, school networks to home computers, and online shopping to corporate intranets.
This provides the interesting challenge of putting barriers in place for access to computer systems, at the same time trying to avoid getting in the way of legitimate users.
What sort of things does a computer security expert need to be good at?
For one thing, they’re always on the lookout for weaknesses in a system.
Some weaknesses are well known (such as people choosing easily guessed passwords), and others might be a result of a way their company has set up their computer.
But a security person can’t only be concerned with keeping people out, because their real job is to let the right people in!
And this isn’t simple, since computer systems are usually online all the time, can be accessed from anywhere in the world, and are expected to be easy for legitimate customers and staff to access.
Is security really a big deal?
The internet is a hostile environment.
For example, 2% of internet traffic is immediately recognisable as an attack and gets blocked right away.
What about the other 98%?
Well, about 50,000,000 requests a day could be attacks trying to find a weakness that they can use to break in (some current statistics are available here, here, and here).
With millions of attacks happening every day, a good defence is crucial.
There are a lot of reasons that people want to break into computers - it might be to extract valuable information such as user names, bank accounts and passwords; or it might be to stop a site working either as industrial espionage, or to claim a ransom; or to make money by either selling information, access, or using resources to mine cryptocurrency; or to test their knowledge and capabilities by seeing what they can find; or simply out of curiosity, to find out some personal information about someone.
There are many motivations why these attacks might happen.
Computer security is referred to using several names; it’s also known as cybersecurity or information technology security (IT security), and many people also say “infosec” or “cyber” for short.
It is about protecting the information files and computer systems from harm, theft, and unauthorised access.
Computer security has become increasingly more important as devices have become mobile and through the ability to connect with other devices via the internet, intra-networkers, bluetooth, wifi, and shared drives - in security terms, the attack surface is increasing as more devices are connected - even a fish tank thermometer has been used to gain unauthorised access to sensitive data!
In this chapter we’ll look at the layers of security that can be applied for your privacy and for the protection of your files from attack.
Security thinking
Exercise
Think of a room that is lit by just a single light bulb at night.
What are 10 ways someone could plunge the room into darkness, without them turning off the switch for the light?
Be creative!
If your job was to keep that light on at all costs, you’d need to block as many as possible of these “attacks” on the light in the room - for each attack you come up with, what could be done to prevent that attack?
Background reading
Additional Information
The following books provide colourful stories from the history of computer security; they won’t be so useful for understanding current techniques, but they do uncover real issues that underlie computer security:
- Cult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time.
Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers.”
- The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
by Clifford Stoll. “Before the Internet became widely known as a global tool for terrorists, one perceptive U.S. citizen recognized its ominous potential. Armed with clear evidence of computer espionage, he began a highly personal quest to expose a hidden network of spies that threatened national security. But would the authorities back him up?”