Computer Security: Threats, Standards, and Protection

Posted on Dec 4, 2024 in Computers

What is Security?

Achieving a completely secure computer system is challenging. Reliability is key, focusing on building reliable rather than simply secure systems. A secure system hinges on three core aspects:

  • Confidentiality: Preventing unauthorized access to system objects and ensuring authorized entities do not leak information.
  • Integrity: Allowing only authorized modifications to objects in a controlled manner.
  • Availability: Maintaining accessibility of system objects for authorized users.

Logical Threats

Logical threats include programs designed to harm systems (malware) or unintentional errors (bugs).

  • Faulty Software: Programming errors (bugs) are common. Exploits are programs designed to leverage these vulnerabilities.
  • Security Tools: These tools can be used to identify and fix bugs, but can also be exploited by attackers.
  • Backdoors: Shortcuts inserted by programmers during development to expedite debugging. These can be exploited by attackers.
  • Logic Bombs: Dormant code activated to perform malicious actions.
  • Viruses: Code inserted into executable files (hosts) that replicates itself by infecting other programs. Examples include worms, Trojan horses, and rabbit programs (bacteria).

Cobit Standards

Cobit standards offer key objectives:

  • Guidance for management in risk and control decisions.
  • Support for technology users in ensuring security and control over purchased products and services.
  • A tool for evaluating internal controls, management controls, and minimum control requirements for cost-benefit balance.
  • Ensuring secure and proper information use through standardized application.

Physical Security

Physical security measures include:

  • Secure server location, air conditioning, electrical systems, and trained IT staff.
  • Restricted access through gates or magnetic badge entry systems.
  • Portable CO2 extinguishers for electrical equipment, readily accessible to staff.
  • Battery-powered emergency lights for evacuation.
  • Independent air conditioning for server rooms.
  • Proper magnetic media storage (10-32°C, 10-80% relative humidity, dust-free).
  • Uninterruptible Power Supply (UPS) to prevent power fluctuations.
  • Modern building design with designated computer zones, offices, and common areas.
  • Dust-free flooring materials (terrazzo, marble, PVC).
  • Outward-opening doors (1.40-1.60m wide, minimum 2.15m high).
  • Optimal temperature between 20-24°C.

Protection Systems

Uninterruptible Power Supply (UPS) systems maintain power during outages, filter signals, stabilize voltage, and eliminate interference. A UPS consists of:

  • Converter/Inverter (AC to DC and back)
  • Battery (stores energy)
  • Status Indicators (LEDs)
  • Control and Monitoring Software

Common UPS types include offline, line-interactive, and online.

Data Security: Hard Drives

RAID (Redundant Array of Independent Disks) interconnects multiple hard drives for data recovery.

Hardware RAID using a RAID controller and SCSI adapter is the fastest implementation.

RAID Levels

  • RAID 0: Large partitions, high I/O, data loss if one drive fails.
  • RAID 1: Two disks mirroring data (simultaneous storage).
  • RAID 2: Similar to RAID 0 with redundant bits and byte-level segmentation.
  • RAID 3: Minimum three drives (two data, one parity).
  • RAID 4: Similar to RAID 3 with error correction, suitable for data servers.
  • RAID 5: Rotating parity, best for multi-user systems.

Additional RAID Levels

  • RAID 10: Combination of RAID 0 and 1.
  • RAID 30: Two RAID 3 arrays.
  • RAID 50: High data transfer and reliability.