FACTOID # 30: If Alaska were its own country, it would be the 26th largest in total area, slightly larger than Iran.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Computer security
This article describes how security can be achieved through design and engineering. See the computer insecurity article for an alternative approach that describes computer security exploits and defenses.

Computer security is a branch of technology known as information security as applied to computers. The objective of computer security varies and can include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy. Image File history File links Broom_icon. ... Image File history File links Emblem-important. ... Many current computer systems have only limited security precautions in place. ... Security is everyone’s responsibility. ... This article is about the machine. ...


Computer security imposes requirements on computers that are different from most system requirements because they often take the form of constraints on what computers are not supposed to do. This makes computer security particularly challenging because we find it hard enough just to make computer programs just do everything they are designed to do correctly. Furthermore, negative requirements are deceptively complicated to satisfy and require exhaustive testing to verify, which is impractical for most computer programs. Computer security provides a technical strategy to convert negative requirements to positive enforceable rules. For this reason, computer security is often more technical and mathematical than some computer science fields.[citation needed] Computer science, or computing science, is the study of the theoretical foundations of information and computation and their implementation and application in computer systems. ...


Typical approaches to computer security (in approximate order of strength) can include the following:

  • Physically limit access to computers to only those who will not compromise security.
  • Hardware mechanisms that impose rules on computer programs, thus avoiding depending the computer programs for computer security.
  • Operating system mechanisms that impose rules on programs to avoid trusting computer programs.
  • Programming strategies to make computer programs dependable and resist subversion.

Contents

Secure operating systems

One use of the term computer security refers to technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is almost inactive today, perhaps because it is complex or not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bell-LaPadula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical. An operating system (OS) is the software that manages the sharing of the resources of a computer and provides programmers with an interface used to access those resources. ... In computer science, the kernel is the fundamental part of an operating system. ... A security policy in terms of computer systems defines what is secure and what is unsecure. ... The Bell-LaPadula Model was developed by David Elliott Bell and Len LaPadula in 1973[1][2][3] to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. ... A microprocessor is a programmable digital electronic component that incorporates the functions of a central processing unit (CPU) on a single semiconducting integrated circuit (IC). ... This 68451 MMU could be used with the Motorola 68010 MMU, short for memory management unit or sometimes called paged memory management unit as PMMU, is a class of computer hardware components responsible for handling memory accesses requested by the CPU. Among the functions of such devices are the translation...


Systems designed with such methodology represent the state of the art of computer security and the capability to produce them is not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information and military secrets. These are very powerful security tools and very few secure operating systems have been certified at the highest level (Orange Book A-1) to operate over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security capability (as Protection Profile) and assurance levels (as EAL levels.) None of these ultra-high assurance secure general purpose operating systems have been produced for decades or certified under the Common Criteria. The Orange Book Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. ... The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security. ... A Protection Profile (PP) is a document used as part of the evaluation process for the Common Criteria (CC). ...


Security architecture

Security Architecture can be defined as "The design artifacts that describe how the security controls (= security countermeasures) are positioned, and how they relate to the overall IT Architecture. These controls serve the purpose to maintain the system’s quality attributes, among them confidentiality, integrity, availability, accountability and assurance."[1]. In simpler words, a security architecture is the plan that shows where security measures need to be placed. If the plan describes a specific solution then, prior to building such a plan, one would make a risk analysis. If the plan describes a generic high level design then (reference architecture) then the plan should be based on a threat analysis.


Security by design

The technologies of computer security are based on logic. There is no universal standard notion of what secure behavior is. "Security" is a concept that is unique to each situation. Security is extraneous to the function of a computer application, rather than ancillary to it, thus security necessarily imposes restrictions on the application's behavior. Logic (from Classical Greek λόγος logos; meaning word, thought, idea, argument, account, reason, or principle) is the study of the principles and criteria of valid inference and demonstration. ...


There are several approaches to security in computing, sometimes a combination of approaches is valid: For other uses, see Security (disambiguation). ... For the formal concept of computation, see computation. ...

  1. Trust all the software to abide by a security policy but the software is not trustworthy (this is computer insecurity).
  2. Trust all the software to abide by a security policy and the software is validated as trustworthy (by tedious branch and path analysis for example).
  3. Trust no software but enforce a security policy with mechanisms that are not trustworthy (again this is computer insecurity).
  4. Trust no software but enforce a security policy with trustworthy mechanisms.

Many systems have unintentionally resulted in the first possibility. Approaches one and three lead to failure. Since approach two is expensive and non-deterministic, its use is very limited. Because approach number four is often based on hardware mechanisms and avoid abstractions and a multiplicity of degrees of freedom, it is more practical. Combinations of approaches two and four are often used in a layered architecture with thin layers of two and thick layers of four. Many current computer systems have only limited security precautions in place. ... In Computer science, protection mechanisms are built into a computer architecture to support the enforcement of security policies. ... Many current computer systems have only limited security precautions in place. ...


There are myriad strategies and techniques used to design security systems. There are few, if any, effective strategies to enhance security after design.


One technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function. That way even if an attacker gains access to one part of the system, fine-grained security ensures that it is just as difficult for them to access the rest. In computer science and other fields the principle of minimal privilege, also known as the principle of least privilege or just least privilege, requires that in a particular abstraction layer of a computing environment every module (such as a process, a user or a program on the basis of the... In some sports, an attacker is a specific type of player, usually one whose role involves aggressive play. ...


Furthermore, by breaking the system up into smaller components, the complexity of individual components is reduced, opening up the possibility of using techniques such as automated theorem proving to prove the correctness of crucial software subsystems. This enables a closed form solution to security that works well when only a single well-characterized property can be isolated as critical, and that property is also assessable to math. Not surprisingly, it is impractical for generalized correctness, which probably cannot even be defined, much less proven. Where formal correctness proofs are not possible, rigorous use of code review and unit testing represent a best-effort approach to make modules secure. Automated theorem proving (ATP) or automated deduction, currently the most well-developed subfield of automated reasoning (AR), is the proving of mathematical theorems by a computer program. ... In mathematics, an equation or system of equations is said to have a closed-form solution if, and only if, at least one solution can be expressed analytically in terms of a bounded number of well-known operations. ... Code review is peer review of computer source code intended to find and fix mistakes overlooked in the initial development phase, improving overall code quality. ... In computer programming, a unit test is a method of testing the correctness of a particular module of source code. ...


The design should use "defense in depth", where more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds. Defense in depth works when the breaching of one security measure does not provide a platform to facilitate subverting another. Also, the cascading principle acknowledges that several low hurdles does not make a high hurdle. So cascading several weak mechanisms does not provide the safety of a single stronger mechanism. Defense in Depth is an Information Assurance (IA) strategy where multiple layers of defense are placed through out an Information Technology (IT) system and addresses personnel, technology and operations for the duration of the systems lifecycle. ...


Subsystems should default to secure settings, and wherever possible should be designed to "fail secure" rather than "fail insecure" (see fail safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure. The term fail-safe is used to describe: A device which, if (or when) it fails, fails in a way that will cause no harm or at least a minimum of harm to other devices or danger to personnel. ...


In addition, security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks. Finally, full disclosure helps to ensure that when bugs are found the "window of vulnerability" is kept as short as possible. An audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. ... Full Disclosure is an Thriller with the Megastar Fred Ward. ... This page is a candidate for speedy deletion. ...


Early history of security by design

The early Multics operating system was notable for its early emphasis on computer security by design, and Multics was possibly the very first operating system to be designed as a secure system from the ground up. In spite of this, Multics' security was broken, not once, but repeatedly. The strategy was known as 'penetrate and test' and has become widely known as a non-terminating process that fails to produce computer security. This led to further work on computer security that prefigured modern security engineering techniques producing closed form processes that terminate. Multics (Multiplexed Information and Computing Service) was an extraordinarily influential early time-sharing operating system. ... Security engineering is the field of engineering dealing with the security and integrity of real-world systems. ... In mathematics, closed form can mean: a finitary expression, rather than one involving (for example) an infinite series, or use of recursion - this meaning usually occurs in a phrase like solution in closed form and one also says closed formula; a closed differential form: see Closed and exact differential forms. ...


Secure coding

If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a 'low security' category because they rely on features not supported by secure operating systems (like portability, et al.). In low security operating environments, applications must be relied on to participate in their own protection. There are 'best effort' secure coding practices that can be followed to make an application more resistant to malicious subversion.


In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. In computer security, the word vulnerability refers to a weakness or other opening in a system. ... In computer programming, a buffer overflow is an anomalous condition where a program somehow writes data beyond the allocated end of a buffer in memory. ... Format string attacks are a new class of vulnerabilities discovered around 1999, previously thought harmless. ... In computer programming, an integer overflow is an anomalous condition which may cause a buffer overflow, resulting in a computer security risk where adjacent, valid program control data may be overwritten, permitting the execution of arbitrary, and potentially harmful code. ... To meet Wikipedias quality standards, this article or section may require cleanup. ...


Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.


Recently another bad coding practise has come under scrutiny; dangling pointers. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable. [2] Dangling pointers in programming are pointers whose objects have since been deleted or deallocated, without modifying the value of the pointer. ...


In summary, 'secure coding' can provide significant payback in low security operating environments, and therefore worth the effort. Still there is no known way to provide a reliable degree of subversion resistance with any degree or combination of 'secure coding.'


Terms

The following terms used in engineering secure systems are explained below.

  • Firewalls can either be hardware devices or software programs. They provide some protection from online intrusion, but since they allow some applications (e.g. web browsers) to connect to the Internet, they don't protect against some unpatched vulnerabilities in these applications (e.g. lists of known unpatched holes from Secunia and SecurityFocus).
  • Automated theorem proving and other verification tools can enable critical algorithms and code used in secure systems to be mathematically proven to meet their specifications.
  • Thus simple microkernels can be written so that we can be sure they don't contain any bugs: eg EROS and Coyotos.

A bigger OS, capable of providing a standard API like POSIX, can be built on a secure microkernel using small API servers running as normal programs. If one of these API servers has a bug, the kernel and the other servers are not affected: e.g. Hurd or Minix 3. Firewall may refer to: Firewall (construction), a physical barrier inside a building or vehicle, designed to limit the spread of fire, heat and structural collapse Firewall (networking), a logical barrier designed to prevent unauthorized or unwanted communications between sections of a computer network Firewall (film), a 2006 action film written... Secunia is a Danish computer security service provider best known for tracking vulnerabilities in more than 12,000 pieces of software and operating systems. ... SecurityFocus. ... Automated theorem proving (ATP) or automated deduction, currently the most well-developed subfield of automated reasoning (AR), is the proving of mathematical theorems by a computer program. ... Graphical overview of a microkernel A microkernel is a minimal computer operating system kernel providing only basic operating system services (system calls), while other services (commonly provided by kernels) are provided by user-space programs called servers. ... EROS (The Extremely Reliable Operating System) is an operating system developed by the University of Pennsylvania and the Johns Hopkins University. ... Coyotos is a secure operating system currently being developed by researchers[1] at the Johns Hopkins Universitys Systems Research Laboratory[2]. Objectives Though it has many objectives, one of the most interesting is to become the first formally verified operating system. ... API and Api redirect here. ... POSIX or Portable Operating System Interface[1] is the collective name of a family of related standards specified by the IEEE to define the application programming interface (API) for software compatible with variants of the Unix operating system. ... Hurd redirects here. ... MINIX 3 is a project with the aim to create a small, highly reliable and functional Unix-like operating system. ...

  • Cryptographic techniques can be used to defend data in transit between systems, reducing the probability that data exchanged between systems can be intercepted or modified.
  • Strong authentication techniques can be used to ensure that communication end-points are who they say they are.

Secure cryptoprocessors can be used to leverage physical security techniques into protecting the security of the computer system. The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... For other uses of the terms authentication, authentic and authenticity, see authenticity. ... A secure cryptoprocessor is a dedicated computer for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. ... Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. ...

  • Chain of trust techniques can be used to attempt to ensure that all software loaded has been certified as authentic by the system's designers.
  • Mandatory access control can be used to ensure that privileged access is withdrawn when privileges are revoked. For example, deleting a user account should also stop any processes that are running with that user's privileges.
  • Capability and access control list techniques can be used to ensure privilege separation and mandatory access control. The next sections discuss their use.

Some of the following items may belong to the computer insecurity article: In computer security, a chain of trust is established by validating each component of hardware and software from the bottom up. ... In computing, a mandatory access control (MAC) technique protects and contains computer processes, data, and system devices from misuse. ... A capability (also known as a key) is a concept in secure computing. ... In computer security, an access control list (ACL) is a list of permissions attached to an object. ... Many current computer systems have only limited security precautions in place. ...

  • Do not run an application with known security flaws. Either leave it turned off until it can be patched or otherwise fixed, or delete it and replace it with some other application. Publicly known flaws are the main entry used by worms to automatically break into a system and then spread to other systems connected to it. The security website Secunia provides a search tool for unpatched known flaws in popular products.
Cryptographic techniques involve transforming information, scrambling it so it becomes unreadable during transmission. The intended recipient can unscramble the message, but eavesdroppers cannot.
Cryptographic techniques involve transforming information, scrambling it so it becomes unreadable during transmission. The intended recipient can unscramble the message, but eavesdroppers cannot.
  • Backups are a way of securing information; they are another copy of all the important computer files kept in another location. These files are kept on hard disks, CD-Rs, CD-RWs, and tapes. Suggested locations for backups are a fireproof, waterproof, and heat proof safe, or in a separate, offsite location than that in which the original files are contained. Some individuals and companies also keep their backups in safe deposit boxes inside bank vaults. There is also a fourth option, which involves using one of the file hosting services that backs up files over the Internet for both business and individuals.
    • Backups are also important for reasons other than security. Natural disasters, such as earthquakes, hurricanes, or tornadoes, may strike the building where the computer is located. The building can be on fire, or an explosion may occur. There needs to be a recent backup at an alternate secure location, in case of such kind of disaster. The backup needs to be moved between the geographic sites in a secure manner, so as to prevent it from being stolen.
  • Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).
  • Firewalls are systems which help protect computers and computer networks from attack and subsequent intrusion by restricting the network traffic which can pass through them, based on a set of system administrator defined rules.
  • Access authorization restricts access to a computer to group of users through the use of authentication systems. These systems can protect either the whole computer - such as through an interactive logon screen - or individual services, such as an FTP server. There are many methods for identifying and authenticating users, such as passwords, identification cards, and, more recently, smart cards and biometric systems.
  • Encryption is used to protect the message from the eyes of others. It can be done in several ways by switching the characters around, replacing characters with others, and even removing characters from the message. These have to be used in combination to make the encryption secure enough, that is to say, sufficiently difficult to crack. Public key encryption is a refined and practical way of doing encryption. It allows for example anyone to write a message for a list of recipients, and only those recipients will be able to read that message.
  • Intrusion-detection systems can scan a network for people that are on the network but who should not be there or are doing things that they should not be doing, for example trying a lot of passwords to gain access to the network.
  • Pinging The ping application can be used by potential hackers to find if an IP address is reachable. If a hacker finds a computer they can try a port scan to detect and attack services on that computer.
  • Social engineering awareness - Keeping employees aware of the dangers of social engineering and/or having a policy in place to prevent social engineering can reduce successful breaches of the network and servers.
  • Honey pots are computers that are either intentionally or unintentionally left vulnerable to attack by hackers. They can be used to catch hackers or fix vulnerabilities.

Application software is a subclass of computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform. ... A computer worm is a self-replicating computer program. ... Secunia is a Danish computer security service provider best known for tracking vulnerabilities in more than 12,000 pieces of software and operating systems. ... Image File history File links No higher resolution available. ... Image File history File links No higher resolution available. ... The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... For other uses of Backup, see Backup (disambiguation). ... This article does not cite any references or sources. ... Compact Disc ReWritable (CD-RW) is a rewritable optical disc format. ... Look up Tape in Wiktionary, the free dictionary. ... Safe deposit boxes inside a Swiss bank. ... This article or section does not adequately cite its references or sources. ... A file hosting service, online file storage service, or online media center is an Internet hosting service specifically designed to host static content, typically large files that are not web pages. ... Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). ... In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see below). ... A screenshot of a malicious website attempting to install spyware via an ActiveX Control in Internet Explorer 6 Malware is software designed to infiltrate or damage a computer system without the owners informed consent. ... This article is about the network security device. ... In security engineering and computer security, authorization, is a part of the operating system that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. ... For other uses of the terms authentication, authentic and authenticity, see authenticity. ... Note: to sign yourself into Wikipedia, go to the login page. ... This article is about the File Transfer Protocol standardised by the IETF. For other file transfer protocols, see File transfer protocol (disambiguation). ... A password is a form of secret authentication data that is used to control access to a resource. ... German identity document sample An identity document is a piece of documentation designed to prove the identity of the person carrying it. ... Smart card used for health insurance in France. ... At Disney World, biometric measurements are taken of the fingers of multi-day pass users to ensure that the pass is used by the same person from day to day. ... Encrypt redirects here. ... Close-up of the rotors in a Fialka cipher machine Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ... PKC, see PKC (disambiguation) Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ... An Intrusion Detection System (or IDS) generally detects unwanted manipulations to systems. ... For other uses, see Ping (disambiguation). ... Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. ... It has been suggested that Honeynet be merged into this article or section. ...

/dmirror/http/en.wikipedia.org/w/= Capabilities vs. ACLs =

Within computer systems, the two fundamental means of enforcing privilege separation are access control lists (ACLs) and capabilities. The semantics of ACLs have been proven to be insecure in many situations (e.g., Confused deputy problem). It has also been shown that ACL's promise of giving access to an object to only one person can never be guaranteed in practice. Both of these problems are resolved by capabilities. This does not mean practical flaws exist in all ACL-based systems — only that the designers of certain utilities must take responsibility to ensure that they do not introduce flaws. In computer security, an access control list (ACL) is a list of permissions attached to an object. ... A capability (also known as a key) is a concept in secure computing. ... In information security, the Confused Deputy Problem is a canonical example of why capability-based security is important. ...


Unfortunately, for various historical reasons, capabilities have been mostly restricted to research operating systems and commercial OSs still use ACLs. Capabilities can, however, also be implemented at the language level, leading to a style of programming that is essentially a refinement of standard object-oriented design. An open source project in the area is the E language. An operating system (OS) is the software that manages the sharing of the resources of a computer and provides programmers with an interface used to access those resources. ... E is an object-oriented programming language for secure distributed computing, created by Mark S. Miller and others at Electric Communities in 1997. ...


First the Plessey System 250 and then Cambridge CAP computer demonstrated the use of capabilities, both in hardware and software, in the 1970s, so this technology is hardly new. A reason for the lack of adoption of capabilities may be that ACLs appeared to offer a 'quick fix' for security without pervasive redesign of the operating system and hardware. The Plessey 250 was a computer system manufactured by the Plessey company. ... The Cambridge CAP computer was an experimental computer which demonstrated the use of capabilities, both in hardware and software, developed at the University of Cambridge Computer Laboratory in the 1970s. ...


The most secure computers are those not connected to the Internet and shielded from any interference. In the real world, the most security comes from operating systems where security is not an add-on, such as OS/400 from IBM. This almost never shows up in lists of vulnerabilities for good reason. Years may elapse between one problem needing remediation and the next. An operating system (OS) is the software that manages the sharing of the resources of a computer and provides programmers with an interface used to access those resources. ... For other uses, see Security (disambiguation). ... OS/400 is an operating system used on IBMs line of AS/400 (now called iSeries) minicomputers. ... For other uses, see IBM (disambiguation) and Big Blue. ...


A good example of a secure system is EROS. But see also the article on secure operating systems. TrustedBSD is an example of an open source project with a goal, among other things, of building capability functionality into the FreeBSD operating system. Much of the work is already done. EROS (The Extremely Reliable Operating System) is an operating system developed by the University of Pennsylvania and the Johns Hopkins University. ... The term secure operating system is a misnomer. ... FreeBSD is a Unix-like free operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD) branch through the 386BSD and 4. ... Open source refers to projects that are open to the public and which draw on other projects that are freely available to the general public. ... FreeBSD is a Unix-like free operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD) branch through the 386BSD and 4. ...


Notes

  1. ^ Definitions: IT Security Architecture. SecurityArchitecture.org, Jan, 2008
  2. ^ New hacking technique exploits common programming error. SearchSecurity.com, July 2007

References

Ross J. Anderson is a researcher, writer, and industry consultant in security engineering. ... Bruce Schneier Bruce Schneier (born January 15, 1963) is an American cryptographer, computer security specialist, and writer. ... Robert C. Seacord Robert C. Seacord (born June 5, 1963) is an American computer security specialist and writer. ... Dr. Roger R. Schell is President of ÆSec, a company focused on appliances built on hardened platforms for secure, reliable e-business on the Internet. ... Clifford Stoll (or Cliff Stoll) is a U.S. astronomer, computer systems administrator, and author. ... Wikipedia does not have an article with this exact name. ... Peter G. Neumann is a researcher who has worked on the Multics operating system. ...

Further reading

Wikibooks
Wikibooks has a book on the topic of
  • The Information Age - An e-primer providing a comprehensive review of the digital and information and communications technology revolutions and how they are changing the economy and society. The primer also addresses the challenges arising from the widening digital divide.
  • pwn2own - a $25,000 computer security competition in which competitors are challenged to create a previously unknown security exploit and fully penetrate security on a correctly patched Windows, Mac or Linux computer. The 2007 winner took 12 hours to crack Mac OS X security via a vulnerability later classified as "highly critical" by Secunia [1].

Image File history File links Wikibooks-logo-en. ... Wikibooks logo Wikibooks, previously called Wikimedia Free Textbook Project and Wikimedia-Textbooks, is a wiki for the creation of books. ... ... A Patch can refer to several different things: A piece of fabric. ... Look up Cracker in Wiktionary, the free dictionary. ... Mac OS X (pronounced ) is a line of graphical operating systems developed, marketed, and sold by Apple Inc. ... Secunia is a Danish computer security service provider best known for tracking vulnerabilities in more than 12,000 pieces of software and operating systems. ...

See also

Computer security Portal

Image File history File links Portal. ... Attack trees are conceptual diagrams of threats on systems and possible attacks to reach those threats. ... For other uses of the terms authentication, authentic and authenticity, see authenticity. ... In security engineering and computer security, authorization, is a part of the operating system that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. ... For other meanings of CERT, see CERT (disambiguation) The CERT/CC (Computer Emergency Response Team Coordination Center) was created by DARPA in November 1988 after the Morris Worm struck. ... The Chaos Computer Club (CCC) is one of the biggest and most influential hacker organisations. ... Computer security model refer to the underlying computer architectures, protection mechanisms, distributed computing environment security issues, and formal models that provide the framework for information systems security policy. ... The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... Cyber security standards are security standards which enable organizations to practice safe security techniques in order to minimize the number of successful cyber security attacks. ... Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. ... Differentiated security is a form of computer security that deploys a range of different security policies and mechanisms according to the identity and context of a user or transaction. ... In computer science, Fault-tolerance is the property of a computer system to continue operation at an acceptable quality, despite the unexpected occurrence of hardware or software failures. ... This article is about the network security device. ... In computer science and software engineering, formal methods are mathematically-based techniques for the specification, development and verification of software and hardware systems. ... In computer science, identity management is the management of the identity life cycle of entities (subjects or objects) during which: (1a) the identity is established: a name (or number) is connected to the subject or object; (1b) the identity is re-established: a new or addtional name (or number) is... Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. ... Information Leakage Detection and Prevention (ILD&P or ILDP) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. ... Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and the effectiveness (or lack) of these measures combined together. ... A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious user, known as a cracker (though often incorrectly referred to as a hacker). ... Physical information security is concerned with physically protecting data and means to access that data (apart from protecting it electronically). ... Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. ... The Open Web Application Security Project (OWASP) is is an open-source project dedicated to finding and fighting the causes of insecure software. ... In Computer sciences the Separation of protection and security is a design choice. ... This is a timeline of hacker history. ... It has been suggested that this article or section be merged with Wireless security. ...


  Results from FactBites:
 
Computer security - Wikipedia, the free encyclopedia (2204 words)
Computer security is a field of computer science concerned with the control of risks related to computer use.
Computer security can be seen as a subfield of security engineering, which looks at broader security issues in addition to computer security.
Computer security is a highly complex field, and it is relatively immature, except on certain very secure systems that never make it into the news media because nothing ever goes wrong that can be publicized, and for which there is not much literature because the security details are proprietary.
Next-Generation Secure Computing Base - Wikipedia, the free encyclopedia (1657 words)
The Next-Generation Secure Computing Base (NGSCB), formerly known as Palladium, is a software architecture designed by Microsoft which is expected to implement controversial parts of their "Trustworthy Computing" concept on future versions of the Microsoft Windows operating system.
Microsoft's stated aim for NGSCB is to increase the security and privacy of computer users[1], but critics assert that the technology will not only fail to solve the majority of contemporary IT security problems, but also result in an increase in vendor lock-in and a resulting reduction in competition in the IT marketplace.
However, a secure method for the owner to identify themselves would be provided, and through this method the owner would be able to force the TPM to make a false attestation or decrypt data for an application that would not otherwise be allowed access to that data.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m