Security is a concern of organizations with assets that are controlled by computer systems. By accessing or altering data, an attacker can steal tangible assets or lead an organization to take actions it would not otherwise take. By merely examining data, an attacker can gain a competitive advantage, without the owner of the data being any the wiser.
Computers at Risk: Safe Computing in the Information Age, National Research Council, 1991
The developers of secure software cannot adopt the various probabilistic measures of quality that developers of other software often can. For many applications, it is quite reasonable to tolerate a flaw that is rarely exposed and to assume that its having occurred once does not increase the likelihood that it will occur again. It is also reasonable to assume that logically independent failures will be statistically independent and not happen in concert. In contrast, a security vulnerability, once discovered, will be rapidly disseminated among a community of attackers and can be expected to be exploited on a regular basis until it is fixed.
Computers at Risk: Safe Computing in the Information Age, National Research Council, GAO/OSI-94-2, November 1993
Part Four looks at system-level security issues, including the threat of and countermeasures for intruders and viruses and the use of firewalls and trusted systems.
[Page 564]
Road Map for Part Four
Chapter 18: Intruders
Chapter 18 examines a variety of information access and service threats presented by hackers that exploit vulnerabilities in network-based computing systems. The chapter begins with a discussion of the types of attacks that can be made by unauthorized users, or intruders, and analyzes various approaches to prevention and detection. This chapter also covers the related issue of password management.
Chapter 19: Malicious Software
Chapter 19 examines software threats to systems, with a special emphasis on viruses and worms. The chapter begins with a survey of various types of malicious software, with a more detailed look at the nature of viruses and worms. The chapter then looks at countermeasures. Finally, this chapter deals with distributed denial of service attacks.
Chapter 20: Firewalls
A standard approach to the protection of local computer assets from external threats is the use of a firewall. Chapter 20 discusses the principles of firewall design and looks at specific techniques. This chapter also covers the related issue of trusted systems.
