This chapter is from the book
This chapter is from the book
This chapter is from the book
1.7 What’s Next?
The rest of this book is organized around the major aspects or topics of computer security. As you have certainly seen in almost daily news reports, computer security incidents abound. The nature of news is that failures are often reported but seldom are successes. You almost never read a story about hackers who tried to break into the computing system of a bank but were foiled because the bank had installed strong, layered defenses. In fact, attacks repelled far outnumber those that succeed, but such good situations do not make interesting news items.
Still, we do not want to begin with examples in which security controls failed. Instead, in Chapter 2 we begin by giving you descriptions of three powerful and widely used security protection methods: identification and authentication, access control, and encryption. We call these three our security toolkit, in part because they are effective but also because they are widely applicable. We refer to these tactics in every other chapter of this book, so we give them a prominent position up front to help lodge them in your brain.
After presenting these three basic tools, we explore domains in which computer security applies. We begin with the simplest computer situations—individual programs—and investigate the problems and protections of computer code in Chapter 3. We also consider malicious code, such as viruses and Trojan horses (defining those terms along with other types of harmful programs). As you will see in other ways, there is no magic that can make bad programs secure or turn programmers into protection gurus. We do, however, point out some vulnerabilities that show up in computer code and describe ways to counter those weaknesses, both during program development and as a program executes.
Modern computing involves networking, especially using the internet. We focus first on how networked computing affects individuals, primarily through browsers and other basic network interactions such as email. In Chapter 4, we look at how users can be tricked by skillful writers of malicious code. These attacks tend to affect the protection of confidentiality of users’ data and integrity of their programs.
Chapter 5 covers operating systems, continuing our path of moving away from things the user can see and affect directly. We see what protections operating systems can provide to users’ programs and data, most often against attacks on confidentiality or integrity. We also see how the strength of operating systems can be undermined by attacks, called rootkits, that directly target operating systems and render them unable to protect themselves or their users.
In Chapter 6, we return to networks, this time looking at the whole network and its impact on users’ abilities to communicate data securely across the network. We also study a type of attack called denial of service, just what its name implies, that is the first major example of a failure of availability.
We consider data, databases, and data mining in Chapter 7. The interesting cases involve large databases in which confidentiality of individuals’ private data is an objective. Integrity of the data in the databases is also a significant concern.
In Chapter 8, we move even further from the individual user and study cloud computing and the Internet of Things. Companies are finding the cloud a convenient and cost-effective place to store data, and individuals are doing the same to ensure shared access to things such as music and photos. Security risks are involved in this movement, however. The Internet of Things—a network of connected devices—is made easier to implement by leveraging cloud storage.
You may have noticed our structure: We organize our presentation from the user outward through programs, browsers, operating systems, networks, and the cloud, a progression from close to distant. In Chapter 9, we return to the user for a different reason: We consider privacy, a property closely related to confidentiality. Our treatment here is independent of where the data are: on an individual computer, a network, or a database. Privacy is a property we as humans deserve, and computer security can help establish and preserve it, as we present in that chapter.
In Chapter 10, we look at several topics of management of computing as related to security. Security incidents occur, and computing installations need to be ready to respond, whether the cause is a hacker attack, software catastrophe, or fire. Managers also have to decide what controls to employ because countermeasures cost money that must be spent wisely. Computer security protection is hard to evaluate: When it works, you do not know it does. Performing risk analysis and building a case for security are important management tasks.
Some security protections are beyond the scope of what an individual can address. Organized crime instigated from foreign countries is something governments must deal with through a legal system. In Chapter 11, we consider laws affecting computer security. We also look at ethical standards, what is “right” in computing.
In Chapter 12, we return to cryptography, which we introduced in Chapter 2. Cryptography merits courses and textbooks of its own, and the topic is detailed enough that most of the real work in the field is done at the graduate level and beyond. We use Chapter 2 to introduce the concepts enough to be able to apply them in subsequent chapters. In Chapter 12, we expand on that and peek at some of the formal and mathematical underpinnings of cryptography.
Finally, in Chapter 13, we raise four topic areas. These are subjects with an important need for computer security, although the areas are evolving so rapidly that computer security may not be addressed as fully as it should. These areas are AI and adaptive cybersecurity, blockchains and cryptocurrencies, computer-assisted offensive warfare, and quantum computing and especially its impact on cryptography.
We trust this organization will help you to appreciate the richness of an important field that touches many of the things we depend on.