Why Security?

What is “computer security”? Broadly speaking, security is keeping anyone from doing things
you do not want them to do to, with, on, or from your computers or any peripheral devices. This
definition is, of course, much too broad. Nevertheless, it does lead us to some very important
questions that must be answered by anyone who wishes to deploy an effective security mechanism.
The first such question is “What resources are we trying to protect?” The answers are not
always obvious. Is it the CPU cycles? At one time, that made a great deal of sense; computer
time was very expensive. That is no longer true in most situations, supercomputers being a
notable exception. More seriously, a CPU—or rather, a CPU running certain software with certain
configuration files—has a name, an identity, that lets it access other, more critical resources. These
are often more sensitive than CPU time. A hacker who compromises or impersonates a host will
usually have access to all of its resources: files, storage devices, phone lines, etc. From a practical
perspective, some hackers are most interested in abusing the identity of the host, not so much to
reach its dedicated resources, but to launder further outgoing connections to other, possibly more
interesting, targets. Others might actually be interested in the data on your machine, whether it is
sensitive company material or government secrets.
The answer to this first question will, in general, dictate the host-specific measures that are
needed. Machines with sensitive files may require extra levels of passwords or even (in rare
cases) file encryption. Similarly, if the target of interest is the outgoing connectivity available,
the administrator may choose to require certain privileges for access to the network. Possibly, all
such access should be done through a daemon that will perform extra logging.
Often, of course, one wants to protect all such resources, in which case the obvious answer is
to stop the attackers at the front door, i.e., not let them into the computer system in the first place.
Such an approach is always a useful start, although it tacitly assumes that one’s security problems
originate from the outside.
This leads us to our second major question: “Against whom must the computer systems be
defended?” Techniques that suffice against a teenager with a modem are quite useless against
3
4 Introduction
a major intelligence agency. For the former, enhanced password security might do the trick,
whereas the latter can and will resort to wiretapping and cryptanalysis, monitoring spurious
electronic emissions from your computers and wires, and even “black-bag jobs” aimed at your
machine room. Computer security is not a goal, it is a means toward a goal: information security.
When necessary and appropriate, other means should be used as well. The strength of one’s
computer security defenses should be proportional to the threat from that arena; other defenses,
though beyond the scope of this book, are generally needed as well.
Figure 1.1 shows two measures of the growth of the Internet. The top shows a count of hosts
detected by automated sweeps of the Internet. The counts for recent years are certainly on the
low side of the actual number: there is no reliable technology available to count all the computers
connected to a large internet. The lower plot shows the number of networks registered on NSFnet
over the past few years. Please note: the vertical scale on both charts is logarithmic. These
growths are exponential. If there are two million hosts registered, how many people have access
to those computers? How many would like to try their hand at hacking, perhaps even as a career?
The third question one must answer before deploying a security mechanism represents the
opposite side of the coin: how much security can you afford? Part of the cost of security is direct
financial expenditures, such as the extra routers and computers to build a firewall gateway. Often
the administrative costs of setting up and running the gateway are overlooked. But there is a more
subtle cost, a cost in convenience and productivity, and even morale. Too much security can hurt
as surely as too little can. Finding the proper balance is tricky, but utterly necessary—and it can
only be done if you have properly assessed the risk to your organization from either extreme.
One more point is worth mentioning. Even if you do not believe you have valuable assets, it is
still worth keeping hackers out of your machines. You may have a relaxed attitude, but that may
not be evident to the attackers. There are far too many cases on record of systems being trashed
by hackers who thought they had been detected.