Chapter 1: Basic Security Concepts

Overview

It seems that every other day there is a story in the newspapers about a computer network
being compromised by hackers. In fact, not too long ago the Department of Defense (DOD)
was the victim of a successful hacker raid; hackers were able to penetrate DOD computers
during a two-week period before they were detected. Fortunately, the computers contained
only non-classified personnel and payroll information, so national security was not threatened.

More recently, Yahoo, Amazon.com, eBay, and some other popular World Wide Web
(WWW) sites were targets of what appears to have been a coordinated "denial-of-service"
attack. During a three- or four-day period, the sites were overwhelmed with massive
bombardments of false traffic from multiple sites. As a result, the sites were shut down for
hours at a time. These attacks illustrate how pervasive the threat from outside hackers has
become.

At the same time, every organization that uses computers faces the threat of hacking from
individuals within the organization. Employees or former employees with malicious intent or
who want to obtain information such as employee salaries or view other employee's files are
also a threat to an organization's computers and networks.

Computerworld recently ran a story about a programmer employee of a company who
allegedly launched a denial-of-service attack against his own company, a provider of on-line
stock trading services. Apparently, this programmer was in negotiations with the company for
more compensation.

Every organization should monitor its systems for possible unauthorized intrusion and other
attacks. This needs to be part of the daily routine of every organization's IT unit, as it is
essential to safeguarding a company's information assets.
The most reliable way to ensure the safety of a company's

Why Is Computer and Network Security Important?

It may seem absurd to ask the question. "Why is computer and network security important?"
but it is crucial for organizations to define why they want to achieve computer security to
determine how they will achieve it. It is also a useful tool to employ when seeking senior
management's authorization for security-related expenditures. Computer and network security
is important for the following reasons.

To protect company assets: One of the primary goals of computer and network
security is the protection of company assets. By "assets," I do not mean the hardware
and software that constitute the company's computers and networks. The assets are
comprised of the "information" that is housed on a company's computers and
networks. Information is a vital organizational asset. Network and computer security is
concerned, above all else, with the protection, integrity, and availability of
information. Information can be defined as data that is organized and accessible in a
coherent and meaningful manner.

To gain a competitive advantage: Developing and maintaining effective security
measures can provide an organization with a competitive advantage over its
competition. Network security is particularly important in the arena of Internet
financial services and e-commerce. It can mean the difference between wide
acceptance of a service and a mediocre customer response. For example, how many
people do you know who would use a bank's Internet banking system if they knew that
the system had been successfully hacked in the past? Not many. They would go to the
competition for their Internet banking services.