Introduction to Security
Article by Steven Furnell
IT security is one of the most significant issues facing the owners and users of computer systems in the Internet age. Although security has been on the agenda for years, recent studies and surveys have convincingly illustrated that the problem is increasing, in both scale and cost. As well as being susceptible to accidental threats, systems may face deliberate attacks from external hackers, malicious software, and even insiders from the same organisation – all of which demand appropriate measures to minimise the associated risk.
Recent years have witnessed substantial advancements in the applications of computing and network technologies. For example, most organisations now have Internet access, and many also have an online presence through their own web site. From a security perspective, however, these aspects have simply served to increase the opportunities for attack and exploitation. For example, web defacements, which were a minor blip on the security radar until 1999, have increased by over 500% in the last year, with over 22,300 incidents recorded in 2001. The safety of Internet-based communication is now marred by the frequent use of email as a means of distributing worms, viruses and other forms of malware. In recent years, the estimated impact of worms, such as the Love Bug, Nimda, and Code Red, has been in the order of billions of dollars – and the malware problems still remain. The opportunities for hackers may never have been so rich, with the regular discovery of vulnerabilities in operating systems and applications, and a whole range of automated tools and scripts that can readily exploit them. In parallel with all this, none of the more traditional security requirements have gone away, and measures are still needed to maintain the general properties of confidentiality, integrity and availability. Problems such as fraud, theft, and unauthorised access continue to loom large, while newer network threats now demand that technologies such as firewalls and intrusion detection systems must be considered alongside more the long-standing safeguards of authentication, access control, anti-virus, and encryption.
In short, security is an ever-present and essential requirement. Unfortunately, simply recognising this fact does not mean that everyone has addressed it, or even that they know what to do. Many organisations fail to appreciate that they have assets requiring protection, and individuals remain unaware of the issues involved and the part that they should play in maintaining protection. The books presented here enable an understanding of the key security issues that affect modern IT users and systems, and provide valuable information and guidance that can be used to both establish and maintain suitable safeguards.