THE ONLY SAFE COMPUTER IS A DEAD COMPUTER
--------------------------------------------------------------------------------
The three tradeoffs
Life is full of tradeoffs and computer security is no different.
The only safe computer is a dead computer. Or at least a disconnected one. If no one can get to it, no one can harm it. The only problem is, it's not exactly useful in that state. So the extent of computer safety or security is always a tradeoff between putting the computer to use and restricting its misuse and abuse.
The time and money you spend on securing your computer has to be weighed against the likely loss if it is broken into or damaged; e.g., you're not likely to keep your garbage under lock and key.
The cracker likewise has a cost-benefit tradeoff. It's unlikely that someone will break into Fort Knox for a box of wheaties. So a modicum of good housekeeping can serve as an effective deterrent against the doorknob rattlers and window breakers.
As you design or modify your computer and network security, think about how you want to use your systems and what you stand to lose if security is compromised. This will help guide your choice of solutions and their relative complexity and costs.
GOOD HOUSEKEEPING
--------------------------------------------------------------------------------
Or, more things come in threes
All systems consist of three components, the software and hardware parts, the people, and the procedures. The same is true of computer and network systems. Securing your computer system means security of the software and hardware, trustworthiness of the people who use and manage it, and reliability of the procedures for using and managing the system. In this issue, we will mainly focus on secure software and system management practices. But when you are evaluating the security of your system, don't forget to consider the other components.
And while we are talking about threesomes, remember that there are three kinds of threats to your system: malice, ignorance, and acts of god or nature. A malfunctioning sprinkler system in the computer room, a magnitude 6.0 earthquake, a disgruntled employee, or a misguided big cheese can do equal amounts of damage. Think through each of the components, the what-if scenarios, the technical and non-technical solutions, and the cost-benefit tradeoffs. Also, don't count on your computer to come out of the box with its security mechanisms set up correctly for you. They aren't always that way.
The bottom line: It really is housekeeping, and it really is up to you what kind of a computer house you keep.
OPEN SESAME
--------------------------------------------------------------------------------
Ali Baba is my real name
The whole idea of security is tied to who can have access to what. You prove who you are by providing a secret password. The cave doors magically open and you get to the jewels: you can read and write file, run programs, allow other users access to your files and computers, and so on. Multiuser computer systems, like Unix, usually have a hierarchy of personages, each with different access privileges. If you prove you are the Grand Vizier (a.k.a. root), you can basically do whatever you want - wipe out entire disks of files, change how the system is set up, and maybe even launch a frog battalion against Upper Timbuktu. However, even the lowliest courtier can let intruders in, setting off a chain of intrigue and skullduggery of who does what to whom.
So the first line of defense is secure passwords. The second is to make sure that only selected people have access to the powerful files and tools.
INTO THE LABYRINTH
--------------------------------------------------------------------------------
Twisty passages all connected to each other
Now, connect your single computer to other computers, through phone lines, a local network, or the Internet. The plot thickens. An intruder doesn't even have to be physically near your computer. Through the magic of telecommunications, they are only a handshake or two away. At this point, to make things worse, not only can people try to pretend they are you, computers can also pretend they are your computers (known in the vernacular as spoofing). And oh, by the way, about the telecommunications - it's a party line. On the way from your computer to some other computer, anyone can use a sniffer program to tap in and listen to what you are saying.
Before you hide your computer under the bed, remember our friends, the tradeoffs. Think through the system components and the risks methodically and logically. You've done the basic good housekeeping on each computer. Minimize your risk by making only one of them publically available and hiding the rest behind a secure barrier or firewall. Then focus on the exposed gateway computer and make it as secure as you can from potential intruders. Monitor it for intruders. And make sure you don't transmit secret information - like your password - over the Internet without protection.
|
