Page 78 - DCAP516_COMPUTER_SECURITY
P. 78
Computer Security
Notes 7.1 Security Concerns
The fact that an operating system is computer software makes it prone to error just as any human
creation. Programmers make mistakes, and inefficient code is often implemented into programs
even after testing. Some developers perform more thorough testing and generally produce
more efficient software. Therefore, some operating systems and more error prone while others
are more secure.
Here are some common security issues that pose a threat to all operating systems:
Instabilities and Crashes: Both of these instances may be the result of software bugs in the
operating system. Bugs in software applications on the computer may also cause problems, such
as preventing the system from communicating with hardware devices. They can even cause the
system to become unstable or crash. A system crash consists of freezing and becoming
unresponsive to point where the machine needs to be rebooted. These issues vary depending on
the type of operating system.
Flaws: Software bugs will not only make a system unstable, but also leave it wide open to
unauthorized users. Once these vulnerabilities are discovered, attackers can exploit them and
gain access to your system. From there, they can install malware, launch attacks on other machines
or even take complete control of your system.
Notes Software developers usually distribute security patches rather quickly to update
the operating system and fix the vulnerabilities.
7.2 What is a Trusted System?
In the security engineering subspecialty of computer science, a trusted system is a system that is
relied upon to a specified extent to enforce a specified security policy. As such, a trusted system
is one whose failure may break a specified security policy.
A trusted system connotes one that meets the intended security requirements, is of high enough
quality, and justifies the user’s confidence in that quality. That is trust is perceived by the
system’s receiver or user, not by its developer, designer, or manufacturer. It is important to
realize that there can be degrees of trust; unlike security, trust is not a dichotomy.
7.3 Security Policies
There are a number of topics that should be addressed. Identification and authentication are two
major topics – how are the users of the system identified and authenticated. User ID’s and
passwords are the most common mechanisms, but others are possible.
The audit policy should specify what events are to be logged for later analysis. One of the more
commonly logged classes of events covers failed logins, which can identify attempts to penetrate
the system. One should remember, however, that event logs can be useful only if there is a
method for scanning them systematically for significant events.
!
Caution Manual log reading is feasible only when an event has been identified by other
means – people are not good at reading long lists of events.
72 LOVELY PROFESSIONAL UNIVERSITY
