Chapter 2: General Security Concepts

This chapter begins our study of security concepts. It is an introduction into the broad spectrum of information technology in which security plays a role. In order for you to have a general understanding of how security systems and principles are implemented and function, it is important for you to understand a few basic security related terms. Consider it basic training for the security foot soldier. It might seem odd that this book begins with a sort of mini-glossary of terms. However, in order for you to have a better understanding of the material that will be covered, you need to have a few concepts behind you.

Basic Terminology

Please take a few moments to acquaint yourself with the following basic security related terms that will be used throughout this book. In the long run, you’ll be glad you did and your exam scores might be the better for it.

• Access: To give the right or privilege to use an object or subject.

• Access control: Methods put into place that limit the access to system resources or physical locations.

• Access Control List (ACL): A list of user permissions and access rights, for example, Read, Write, and Execute, which are provided to the operating system. The OS uses the ACL to allow or disallow users or groups of users access to system resources, such as files or shares.

• Access right: Typically used to limit a subject’s access to objects.

• AES (Advanced Encryption Standard): A 128-bit data encryption method adopted by the US government as a replacement for DES (Data Encryption Standard).

• Attack: The deliberate act of attempting to disable or paralyze a system or system resource.

• Algorithm: A set of instructions that typically make up a computer program or formula that is used to solve a problem or fix a reoccurring event.

• Authentication: A method used to verify the identity of a user or subject to a system. Authentication is typically a prerequisite for access to a system resource.

• Authorization: Permission that is granted to a subject to access or utilize a particular object, such as a file or folder.

• Buffer overflow: When an area of storage such as memory is overburdened and cannot function properly. This can lead to vulnerabilities in a system leaving it open to virus attacks, such as a backdoor virus.

• Back door: A weakness, penetrated area, or hole in an operating system’s defenses. A back door in a system is opened so that an intruder or “back door” virus can enter.

• Breach: When the controls of a security system are penetrated and access to a system or resource is available to an outside influence or intruder, a breach has occurred. Typically known as a security breach.

• Biometrics: A computerized analysis of physical characteristics used to provide authentication or access; for example, fingerprint or retina scanning. Both are characteristic-based authentication methods.

• Certificate: A digital piece of information or a message that is used to verify that the requester of information is who they say they are. One who intends to send an encrypted piece of information applies for a certificate. The recipient of the encrypted message uses key to gain access to the information. A digital certificate is like an electronic credit card used to verify credentials for e-business transactions.

• Certificate Authority: The trusted provider or issuing organization that provides and guarantees digital certificates.

• Cipher text: Data or information that is encrypted.

• Crack: A program used to unscramble, decode, or decipher a password. Simply put, to break into a computer system.

• Cracker: One who breaks into a secured system with malicious intent. Crackers most commonly use brute force and dictionary attack methods as tools to figure out passwords.

• Cryptography: Method used to transform or encrypt plain text into an unreadable or unidentifiable format known as cipher text. In order for the encrypted text to be understandable, it must be decrypted.

• Countermeasures: Actions taken to reduce the threat or impact of a possible loss of data or property. Countermeasures such as passwords, antivirus programs, firewalls, or system policies can be implemented to reduce threat. They can also come in the form of physical security controls, such as padlocks or gates.

• Decryption: The process of taking information or data that has been encrypted and transforming or deciphering it into plain-text format. Cryptography methods are used for this conversion process.

• Denial of Service attack: An attack on a system or process that disallows or incapacitates the ability of a normal user or process to use the system or its resources. This is usually done by overtaxing the system with an amount of information, such as data packets, programs, or e-mail messages that the system cannot handle.

• DES (Data Encryption Standard): A widely used 56-bit symmetric private key encryption standard developed by IBM.

• Digital signature: An electronic version of a signature used to authenticate and identify the sender of information. Primarily used for identification purposes and the prevention of forgery.

• Encryption: A conversion process where plain text is converted to cipher text through cryptography algorithms in order to make information secret or unreadable.

• Firewall: Software, hardware, or a combination of both designed to prevent access to internal networks and resources from outside sources. A firewall is usually installed on a server that acts as a gateway or router. A firewall looks at data packets and screens them for validity.

• Hacker: An expert computer programming enthusiast who has the knowledge and capabilities to gain unauthorized access to secured computer systems and programs.

• Hashing: The changing or transforming of a set of characters into a shorter set or value of numbers. A hashing algorithm known as a hash function is used to disorganize values to make them more difficult to figure out. Hashing is often used with the encryption and decryption of digital signatures.

• Intrusion detection: Refers to a computer-related security management system that keeps track of authorized users and processes as well as identifies breach to networks and computer systems.

• Nonrepudiation: Proof that a transaction or contract occurred so that it is not denied at a later time. Digital signatures are a form or example of this proof.

• OSI (Open Systems Interconnection) model: A widely accepted seven layered reference model that identifies how data should flow from one location to another in a computer network.

• Password: A sequence of characters entered, typically without spaces, used to allow a user access to a system or resource. The entered password, which is a knowledge-based authentication method, is typically compared to a security database on a host. If all requirements are met, the user is allowed access.

• Plain text: Data or information that is unencrypted.

• Privilege: An assigned user right. Privileges are assigned to users. Users can carry out tasks and certain systems functions based on their assigned privileges.

• Private key: The secret part of a key pair that is used to decrypt or unlock a previously encrypted or locked message.

• Public key: The not-so-secret part of a key pair that is used to encrypt or lock a message.

• SATAN (Security Administration Tool for Analyzing Networks): A program used to diagnose networks for security holes or weaknesses. SATAN is available as a freeware program.

• Security policy: A constantly updated set of rules and instructions that states how an organization will manage and protect itself.

• Sniffer: A network capturing and monitoring program used to troubleshoot network related issues, such as bottlenecks. A sniffer program analyzes network packets.

• Smart card: A card (typically plastic), which contains a processing chip and storage capabilities. A smart card is a token-based authentication device that allows its owner to gain access to a particular service, such as banking, parking, or gasoline services.

• Spamming: The proliferation or sending of unwanted junk mail.

• Spoofing: Falsifying one’s identity in order to gain access. Pretending to be a valid user ID in order to penetrate a system protected by authentication methods.

• SSL (Secure Sockets Layer): A protocol that uses public and private keys to secure data transmitted over the Internet. A secured connection is established between a client and a server using SSL.

• Token: A small credit-card sized security device that contains an ever-changing identification code that allows its holder access to network resources.

• Threat: An action or behavior that could compromise security causing possible damage to resources.

• Vulnerability: A weakness in the design or structure of an operating system.

• Virus: A destructive program typically designed to spread to many computing systems and cause undesirable circumstances to occur. Most computer viruses come in the form of e-mail attachments or are disguised in programs that are downloaded from the Internet.

• Worm: A computer program (virus) designed to duplicate itself again and again until it exhausts system resources.

Two of the best sites on the Internet for referencing security-related terms and their explanations are http://www.sans.org/newlook/resources/glossary.htm/ and http://www.securitypanel.org/glossary.html/.

Now that you have a basic understanding of a few of the important security-related terms that will be covered and referenced throughout this book, we will begin our study of security basics with a conceptual overview of access control systems fundamentals. Finally, we will explore the most commonly used methods and techniques implemented to attack a network or computer system.