ACCC Home Page ACADEMIC COMPUTING and COMMUNICATIONS CENTER
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 

Security -- Introduction

   
 
     
What is Computer Security?
 

Broadly speaking, it means that your computer behaves as you want it to, and that your information is used as you intend. There are always risks, and always costs associated with reducing those risks. Although technology is initimately involved, in the end it is a business decision as to how much money, time, and convenience you will spend to reduce the risk. The risk is never zero, but if you ignore it, neither will it be small.

Security is a process, not an end-point. Risks change, data changes and the costs of securing processes change. There is no point in either over-protecting or under-protecting, so the first step is to assess the risks.

 
     
What are the Risks?
 
  • Physical loss
    • Theft of machines
    • Broken machines, crashed disks.
    • Disaster -- fire, flood, the usual bad things
  • Reveal sensitive data
    • Some data leagally protected; e.g. medical data, student data, SSNs
    • Some data is financial, some simply sensitive
  • Data damaged or altered
    • Hacker can change grades or financial records
    • Hacker can erase data
  • Theft of service
    • Cracker can steal an account, use UI resources (e.g. modem/internet connection, mail, computation, storage - warez)
    • Stolen service can be illegal, such as an attack on a third party
  • Denial of Service (DOS) attack. The cracker can make it impossible to use your computer. Or he can use your computer to attack others.
  • Identity theft
    • Steal an account, can authenticate as the real owner
    • Alter a web page, make it look like UI endorses something
  • Theft of time or attention
    • spam
    • harassing email
    • virus
  
     
What are the Attacks?
 
  • Social Engineering. Low tech, but can be very effective. Would you give your password to someone who seemed to know what he's doing?
  • Network. People worry most about attacks over the network, even if they aren't the most prevalent or dangerous.
    • DOS -- Simply flood the network to deny use to legitimite parties.
    • Intrusion (attempt to get root, password guessing) The cracker attempts to exploit some bug or vulnerability.
    • Sniffing. Unencrypted network traffic, wired as well as wireless, is suspectible to others listening in.
  • Abuse - spam.
  • Host based -- existing user tries to crack root, or enlarge authority, or abuse bandwith, or act illegally (e.g. copyright violation)
  • Viruses
  
     
What are some Defenses?
 
  • Education. I can't stress this enough. You don't have to be an expert, but you need some basic level of understanding.
  • Patches, Host configuration. ALL software has bugs. Yes, the software you are using right now has bugs. And even without the bugs, it can be misconfigured. You MUST keep up to date with security patches, and be care about configurations. This is not fun, but it is essential.
  • Backups. There are two kinds of users -- those that have lost data, and those that will. Make your backups early and often.
  • Encryption. Think you're not enough of a target to worry about? Think again. Every time you send a cleartext password across the network, you're exposed. (SSL passwords for email, SSH for logging into Unix servers.)
  • Virus protection. Get it. Use it. Keep it up to date. 'Nuff said.
  • Account management. If you have multiple users on your machine, make sure they only get the privleges they need.
  • Firewalls. A firewall is a device for restricting some network attacks. They come in many varieties, from personal firewalls that run on your pc to specialized hardware that sit on the network. They do NOT make things secure, but they can help.
  • Logs. Logs are a sysadmins best friend.
  • Intrusion detection, host or network based. These can be sophisticated network systems, or simply keeping a list of files so you can know what's been changed. But very useful if you want to know if you've been cracked.
 
     
Who are You?
 

A large part of security is making sure that the right people have the right privleges. So please keep the following terms clear:

  • Name or ID. This is simply a unique way of identifying a person. At UIC we usually use the netid, although the icard number would suffice. Actually SSN would be ok, except for the fact it's illegal. The point is that the ID is a public identifier, and is not secret at all.
  • Authentication. This simply means proving who you are. That is, proving that you belong to a given ID. It may involve something you know (e.g. password), something you have (e.g. smart card) or something you are (e.g. fingerprint) or some combination. Authentication does not give you any privlege, it only provides a basis for deciding privlege.
  • Authorization. Here is where the privlege is given out. Given that the system has authenticated you, now it can decide what you are allowed to do.
  • Audit. Well, even if everything else works perfected, people make mistakes. (Not to mention computers.) So we keep track of what happened.
 

2004-11-20  www@uic.edu
UIC Home Page Search UIC Pages Contact UIC