3.1 Planning Your Security Needs
There are many different kinds of computer security, and many
different definitions. Rather than present a formal definition, this
book takes a practical approach and discusses the categories of
protection you should consider. Basically, we a computer is secure if
it behaves the way you expect it to. We believe that secure computers
are usable computers and, likewise, that computers that cannot be
used, for whatever the reason, are not very secure.
3.1.1 Types of Security
Within our broad definition of computer
security, there are many different types of security that both users
and administrators of computer systems need to be concerned about:
- Confidentiality
-
Protecting
information from being read or copied by anyone who has not been
explicitly authorized by the owner of that information. This type of
security includes not only protecting the information in
toto, but also protecting individual pieces of information
that may seem harmless by themselves but can be used to infer other
confidential information.
- Data integrity
-
Protecting information
(including programs) from being deleted or altered in any way without
the permission of the owner of that information. Information to be
protected also includes items such as accounting records, backup
tapes, file creation times, and documentation.
- Availability
-
Protecting your services so
they're not degraded or made unavailable (crashed)
without authorization. If the systems or data are unavailable when an
authorized user needs them, the result can be as bad as having the
information that resides on the system deleted.
- Consistency
-
Making sure that the system behaves as
expected by the authorized users. If software or hardware suddenly
starts behaving radically different from the way it used to behave,
especially after an upgrade or a bug fix, a disaster could occur.
Imagine if your ls command occasionally deleted
files instead of listing them! This type of security can also be
considered as ensuring the correctness of the
data and software you use.
- Control
-
Regulating access to your system. If
unknown and unauthorized individuals (or software) are found on your
system, they can create a big problem. You must worry about how they
got in, what they might have done, and who or what else has also
accessed your system. Recovering from such episodes can require
considerable time and expense in rebuilding and reinstalling your
system, and verifying that nothing important has been changed or
disclosed—even if nothing actually happened.
- Audit
-
As well as worrying about
unauthorized users, you need to realize that authorized users
sometimes make mistakes, or even commit malicious acts. In such
cases, you need to determine what was done, by whom, and what was
affected. The only sure way to achieve these results is by having
some incorruptible record of activity on your system that positively
identifies the actors and actions involved. In some critical
applications, the audit trail may be extensive enough to allow
"undo" operations to help restore
the system to a correct state.
Although all of these aspects of security are important, different
organizations will view each with a different amount of importance.
This variance is because different organizations have different
security concerns, and must set their priorities and policies
accordingly. For example:
- A banking environment
-
In such an environment, integrity, control, and auditability are
usually the most critical concerns, while confidentiality and
availability are less important.
- A national defense-related system that processes classified information
-
In such an environment, confidentiality may come first, and
availability last. In some highly classified environments, officials
may prefer to blow up a building rather than allow an attacker to
access the information contained within that
building's walls.
- A university
-
In such an environment, integrity and availability may be the most
important requirements. It is more important to ensure that students
can work on their papers, than that administrators can track the
precise times their students accessed their accounts.
If you are a security administrator, you need to thoroughly
understand the needs of your operational environment and users. You
then need to define your procedures accordingly. Not everything we
describe in this book will be appropriate in every
environment.
3.1.2 Trust
Security professionals generally
don't refer to a computer system as being
"secure" or
"unsecure." Instead, we use the word trust to
describe our level of confidence that a computer system will behave
as expected. This acknowledges that absolute security can never be
present. We can only try to approach it by developing enough trust in
the overall configuration to warrant using it for the applications we
have in mind.
Developing adequate trust in your computer systems requires careful
thought and planning. Operational decisions should be based on sound
policy and risk analysis. In the remainder of this chapter,
we'll discuss the general procedures for creating
workable security plans and policies. The topic is too big, however,
for us to provide an in-depth treatment:
If you are at a company, university, or government agency, we suggest
that you contact your internal audit and/or risk management
department for additional help (they may already have some plans and
policies in place that you should know about). You can also learn
more about this topic by consulting some of the works referenced in
Appendix C. You may also wish to enlist a
consulting firm. For example, many large accounting and audit firms
now have teams of professionals that can evaluate the security of
computer installations. If you are with a smaller institution or are dealing with a personal
machine, you may decide that we cover these issues in greater detail
than you actually need. Nevertheless, the information contained in
this chapter should help guide you in setting your priorities.
|
