Some general principles in computer security

Tomasz Bilski

email: bilski@sk-kari.put.poznan.pl

Chair of Control, Robotics and Computer Science

Poznań University of Technology

Poznań, Poland

 

Parts of presentation

1.     Introduction

2.     Minimum necessary functionality

3.     Integration and cooperation

4.     Internal versus external threats

5.     Other important principles

1. Introduction

     Diversity of security tools

anti-virus software, firewalls, intrusion detection systems, port scanners, dial-up connection scanners, system log analysers, access control list analysers, password analysers, secure file deletion software, source code vulnerabilities scanners, deception toolkits, packet generators for security testing and so on

The security tools should be recognised as only one part of the complex security system.

        Some foundations of computer security        security models (such as Bell-LaPadula model, access matrix model, take-grant model, Biba model, Dion model, Sea View model, Jajodia-Sandhu model)         security standards (such as Trusted Computer System Evaluation Criteria, Information Technology Security Evaluation Criteria, Common Criteria for Information Technology Security Evaluation)

Are the models and standards well known to security practitioners?

2. Minimum necessary functionality

Increase of the computer system functionality decreases its security.

      Higher functionality means:

        greater complexity of the system         more access points to resources        possibility of new threats        higher probability of software errors

        Inconsistency between different security aspectsThe availability protection methods are potential threats to

confidentiality and integrity.

Some relations between new functions and new threats

Added functionality feature New threat

remote access and control remote unauthorised access and control

script language and macro command in application

macro virus

Internet connection attack from Internet

Java in WWW hostile applet

3. Integration and co-operation

     Security features (such as confidentiality, integrity and availability) should be integrated with system from a starting point. They shouldn’t be the features that are added at some final step. First of all the concept of the system should be based on a proper security model and then one must keep in mind security during all other phases (design, testing, implementation, configuration, employment, maintaining) of computer system life.       The lack of security features in foundations of modern computer networks.  

The unsecured protocols on every layer of the protocol stack should be replaced as quickly as possible by secure versions.

 

The security mechanisms should be integrated with other modules of information systems and should maintain and tighten co-operation. There is a need of tools, data formats, exchange procedures and other standards for such co-operation.

         Many levels of co-operation:

        tool level         system level         corporation and international level 

New security applications should be compatible with the existing and the emerging standards in the area of mutual co-operation. In testing the different aspects of security information systems it is very important to check if the many protection tools implemented in the system are able to communicate and to co-operate with each other.

4. Internal versus external threats

     The majority of computer security incidents originate within organisation itself. Some sources indicate that up to 85% of all threats to security come from the inside of the company.        Some steps may and must be taken in order to change current, intolerable situation. These steps comprise: definition and incorporation of security policy, greater awareness of threats among users, automation of security procedures, improved systems for user identification and authentication, wider use of cryptography, audit and intrusion detection systems, internal firewalls.

5. Other important principles

it should be memorised that there aren’t 100% secure systems, achieving full security is not possible

   security mechanisms and methods of their usage must be accepted by users

  the mechanisms should be effective but simple, standardised, user-friendly and should not be time consuming

   as much as possible, security mechanisms should be automated and made invisible to users

  the security tools should be periodically and automatically updated

  high security should be a default system attribute, not the one that is manually chosen

 the system protection should be complete, redundant, periodically tested

 strong encryption is necessary but not sufficient to secure information confidentiality

  redundancy should be incorporated on many levels: from chip level to complete system level

 each organisation should have defined and implemented security policy with essential rules of procedure