General Computer Security

Only available on StudyMode
  • Download(s) : 5
  • Published : April 8, 2013
Open Document
Text Preview
General computer security
Presented by developerWorks, your source for great tutorials ibm.com/developerWorks

Table of Contents
If you're viewing this document online, you can click any of the topics below to link directly to that section.

1. Tutorial tips 2. Security concepts 3. Physical security 4. Logistical security 5. Data security 6. Technical security 7. Overview and summary 8. Feedback

2 3 5 6 7 9 11 12

General computer security

Page 1

Presented by developerWorks, your source for great tutorials

ibm.com/developerWorks

Section 1. Tutorial tips Should I take this tutorial?
The objective of this tutorial is to give an overview of the security process surrounding computer systems. It is aimed at the computer professional who may or may not already have some security background. This tutorial is general in scope. Many of the issues covered here will be examined in more depth in future tutorials.

Tutorial navigation
Navigating through the tutorial is easy: * Use the Next and Previous buttons to move forward and backward through the tutorial. * Use the Main menu button to return to the tutorial menu. * If you'd like to tell us what you think, use the Feedback button. * If you must stop and want to resume on a specific panel, use the Section menu to find your place again.

About the author
Larry Loeb has been writing and consulting since the 20th century about computer topics. He has published a book on SET, the protocol developed by Visa and MasterCard for secure electronic transactions. He can usually be contacted at larryloeb@prodigy.net .

General computer security

Page 2

Presented by developerWorks, your source for great tutorials

ibm.com/developerWorks

Section 2. Security concepts Security is spherical
Computer systems can never have absolute security in real life. They exist to be used; not to be admired in a locked room sealed away from the outside world. Systems can, however, be made more secure than they would be otherwise. Let's see how we can conceptualize this.

Security is spherical, but has markers
Threats to a system can originate from any source, not just the ones that you have considered or defended against. Think of the threat universe as a sphere around the target, each incoming threat made up of the results of many different vector components. Like a color wheel, it gradiates as the radius increases. Think of the system at the center of a sphere made up of hostile intentions. Let's cut a circular plane out of the sphere in the middle of it.

Let's then mark four orthagonal vectors like the main points on a compass, except that they point to four security concepts. These concepts are physical security, logistical security, data security, and technical security.

General computer security

Page 3

Presented by developerWorks, your source for great tutorials

ibm.com/developerWorks

Security is spherical and made up of components
Each concept by itself is only a part of the overall solution to the risk management problem. Combined in the porportions necessary for the job at hand, they can have a powerfully deflective effect. We will look at each "point of the compass" individually, so that we can learn to combine them.

General computer security

Page 4

Presented by developerWorks, your source for great tutorials

ibm.com/developerWorks

Section 3. Physical security Physical security overview
Physical security includes all that pertains to the physical siting and environment. In many situations, this area is ignored or downplayed. Bad move. What good is encryption of data if someone can waltz into the computer room and read data in plain text?

Physical security elements
The computer itself (and any hardware attached to it) should be covered in this phase. Relevant factors include the physical plant and the siting of the machine, any hardware "dongles" that are needed to run the program (perhaps for copy protection), and...
tracking img