Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. The terms computer system security, means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.
Security by design
Main article: Security by designThe technologies of computer security are based on logic. As security is not necessarily the primary goal of most computer applications, designing a program with security in mind often imposes restrictions on that program's behavior.
There are several approaches to security in computing, sometimes a combination of approaches is valid:
- Trust all the software to abide by a security policy but the software is not trustworthy (this is computer insecurity).
- Trust all the software to abide by a security policy and the software is validated as trustworthy (by tedious branch and path analysis for example).
- Trust no software but enforce a security policy with mechanisms that are not trustworthy (again this is computer insecurity).
- Trust no software but enforce a security policy with trustworthy mechanisms.
Many systems have unintentionally resulted in the first possibility. Since approach two is expensive and non-deterministic, its use is very limited. Approaches one and three lead to failure. Because approach number four is often based on hardware mechanisms and avoids abstractions and a multiplicity of degrees of freedom, it is more practical. Combinations of approaches two and four are often used in a layered architecture with thin layers of two and thick layers of four.
There are various strategies and techniques used to design security systems. However there are few, if any, effective strategies to enhance security after design. One technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function. That way even if an attacker gains access to one part of the system, fine-grained security ensures that it is just as difficult for them to access the rest.
Furthermore, by breaking the system up into smaller components, the complexity of individual components is reduced, opening up the possibility of using techniques such as automated theorem proving to prove the correctness of crucial software subsystems. This enables a closed form solution to security that works well when only a single well-characterized property can be isolated as critical, and that property is also assessible to math. Not surprisingly, it is impractical for generalized correctness, which probably cannot even be defined, much less proven. Where formal correctness proofs are not possible, rigorous use of code review and unit testing represent a best-effort approach to make modules secure.
The design should use "defense in depth", where more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds. Defense in depth works when the breaching of one security measure does not provide a platform to facilitate subverting another. Also, the cascading principle acknowledges that several low hurdles does not make a high hurdle. So cascading several weak mechanisms does not provide the safety of a single stronger mechanism.
Subsystems should default to secure settings, and wherever possible should be designed to "fail secure" rather than "fail insecure" (see fail safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
In addition, security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks. Finally, full disclosure helps to ensure that when bugs are found the "window of vulnerability" is kept as short as possible.
Early history of security by design
The early Multics operating system was notable for its early emphasis on computer security by design, and Multics was possibly the very first operating system to be designed as a secure system from the ground up. In spite of this, Multics' security was broken, not once, but repeatedly. The strategy was known as 'penetrate and test' and has become widely known as a non-terminating process that fails to produce computer security. This led to further work on computer security that prefigured modern security engineering techniques producing closed form processes that terminate.
Security architecture
Main article: Security architectureSecurity Architecture can be defined as the design artifacts that describe how the security controls (security countermeasures) are positioned, and how they relate to the overall information technology architecture. These controls serve the purpose to maintain the system's quality attributes, among them confidentiality, integrity, availability, accountability and assurance.". A security architecture is the plan that shows where security measures need to be placed. If the plan describes a specific solution then, prior to building such a plan, one would make a risk analysis. If the plan describes a generic high level design (reference architecture) then the plan should be based on a threat analysis.
Hardware mechanisms that protect computers and data
Hardware based or assisted computer security offers an alternative to software-only computer security. Devices such as dongles may be considered more secure due to the physical access required in order to be compromised.
While many software based security solutions encrypt the data to prevent data from being stolen, a malicious program or a hacker may corrupt the data in order to make it unrecoverable or unusable. Similarly, encrypted operating systems can be corrupted by a malicious program or a hacker, making the system unusable. Hardware-based security solutions can prevent read and write access to data and hence offers very strong protection against tampering and unauthorized access.
Working of hardware based security: A hardware device allows a user to login, logout and to set different privilege levels by doing manual actions. The device uses biometric technology to prevent malicious users from logging in, logging out, and changing privilege levels. The current state of a user of the device is read both by a computer and controllers in peripheral devices such as harddisks. Illegal access by a malicious user or a malicious program is interrupted based on the current state of a user by harddisk and DVD controllers making illegal access to data impossible. Hardware based access control is more secure than logging in and logging out using operating systems as operating systems are vulnerable to malicious attacks. Since software cannot manipulate the user privilege levels, it is impossible for a hacker or a malicious program to gain access to secure data protected by hardware or perform unauthorized privileged operations. The hardware protects the operating system image and file system privileges from being tampered. Therefore, a completely secure system can be created using a combination of hardware based security and secure system administration policies.
Secure operating systems
Main article: Secure operating systemsOne use of the term computer security refers to technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bell-La Padula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.
Systems designed with such methodology represent the state of the art of computer security although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty compara
BCT Alarm Systems: Commercial and Home Security in Elyria, Ohio
BCT Alarm Systems provides Commercial and Home Security Systems and Monitoring in Elyria, Ohio.
Commercial Security Systems Australia - Business Security - ADT ...
We offer commercial security systems and business security products including video surveillance, electronic access control, alarm monitoring and intercommunication systems.
Commercial Industrial Security Systems
Commercial Industrial Security Systems - Altec Systems provides Closed Circuit Television, Access Control, Process Alarms and Monitoring, Integrated Physical / Logical Security, On ...
Corporate Security Systems & Services | ADT Security Services
Browse through the commercial security systems and solutions ADT offers to see how easy and affordable it is to protect your most valuable assets and investments.
Commercial Security Systems - Locks, Safes, CCTV | Commercial ...
Stores and businesses of New York too often fall victim of crimes. Paragon locksmith & security takes on the task of commercial security in New York so that business owners can ...
Get a Home Alarm System, Commercial Security System, Fire Alarm System ...
Buy home security alarm systems for alarm monitoring of your home. Security CCTV, security surveillance systems, fire alarm systems, carbon monoxide monitoring, access control ...
Georgia Security Systems, Inc. - Commercial Security
Georgia Security Systems, Inc. offers a number of solutions for their commercial clients. We use quality DMP system and products. Ask us about our digital and internet monitoring ...
Commercial Security Systems, Home Security Alarm Systems, Cleveland ...
FM SYSTEMS is a commercial security system company serving Cleveland, Akron, Lorain, & Medina, Ohio Cleveland Ohio. We offer central station monitoring services as well as cutting ...
ADT New Zealand-Commercial Security Systems New Zealand - Business ...
Business security is more than just burglar and fire alarms. ADT knows that no two business' security needs are identical, and neither are the overall commercial security needs of ...
Commercial Security from Guardian Protection Services
Commercial Security System; Business Security; Business Protection; Commercial Loss Prevention; Commercial Burglar Alarm; Industry Theft Prevention; Industry Protection