Tuesday, 21 October 2014

The Five Most Important Concepts of Computer Security

It seems like every day that there is some new security threat to that the computer systems that we rely upon. Those of us that are responsible for maintaining and ensuring security of systems need to be aware of how to approach these advanced threats. This article describes five important concepts to assist with keeping your computer systems secure.

#1Understand Your System

When you start the engine of your car you know how it _should sound. If there is a noise you do not recognize it sets of alarms that you mentally proceed with to decide on the next course of action. In the same way we can approach all our systems in the same manner. For example if you run the top command on any server what is the expected memory and CPU usage.

For any system unless you _know what is expected on your system its difficult to recognize when there is an issue.

#2 Principle of least privilege

This is a principle that has been around a long time but is vital to ensuring systems do not get compromised. In essence this principle means that a user is _only given the rights required to perform a job and no more. For example a backup use should only be allowed to have rights to backups and not for example to install software.

Other options can exist for users like using sudo or even providing a VM that a user can use for performing certain operations. For some situations using chroot or a jail environment may mitigate some effects for privilages.

#3 Defence in protection rings

For security having multiple layers of protection is vital. Often called protection rings these are methods to protect data by having many layers of security. Looking back to medieval times castles had many levels of defences e.g. moats, high locations, portcullis etc. Its important to have more than one defence e.g. not just a firewall or anti virus.

An example of 4 rings of defence are :

A). Block network based attacks
B). Block host based attacks
C). Eliminate security vulnerabilities : this will include removing any unrequited services which in turn reduces the attack surface
D). Safely support authorized users

#4 Detection is vital

In the end having all the defences in the world is one thing but detection is a must. The difference between one hour and one moth for a detection of a breach in your system is massive. Having an Intrusion Detection System (IDS) is like having a burglar alarm for your computer network. It monitors the flow of traffic and enables information systems to deal with the attacks. This system protects your environment by identifying, logging, reporting and sending alarm whenever there is a probe.

#5 Know your enemy

We can try to guess what hackers are attempting to get up to in our systems but knowledge is power. To stand any chance of protecting your system you need to

- First understand know who your enemies are
- How they might they attack
- When they might attack
- Potentially most important of all, why they attack.