Computer security attempts to ensure the confidentiality, integrity, and availability of computing systems and their components. Three principal parts of a computing system are subject to attacks: hardware, software, and data. These three, and the communications among them, are susceptible to computer security vulnerabilities. In turn, those people and systems interested in compromising a system can devise attacks that exploit the vulnerabilities.
In each chapter of this book we include a list of the important points you should have learned in this chapter. For example, in this chapter we have explained the following concepts:
- Security situations arise in many everyday activities, although sometimes it can be difficult to distinguish between a security attack and an ordinary human or technological breakdown. Alas, clever attackers realize this confusion, so they may make their attack seem like a simple, random failure.
- A threat is an incident that could cause harm. A vulnerability is a weakness through which harm could occur. These two problems combine: Either without the other causes no harm, but a threat exercising a vulnerability means damage. To control such a situation, we can either block or diminish the threat, or close the vulnerability (or both).
- Seldom can we achieve perfect security: no viable threats and no exercisable vulnerabilities. Sometimes we fail to recognize a threat, or other times we may be unable or unwilling to close a vulnerability. Incomplete security is not a bad situation; rather, it demonstrates a balancing act: Control certain threats and vulnerabilities, apply countermeasures that are reasonable, and accept the risk of harm from uncountered cases.
- An attacker needs three things: method—the skill and knowledge to perform a successful attack; opportunity—time and access by which to attack; and motive—a reason to want to attack. Alas, none of these three is in short supply, which means attacks are inevitable.
In this chapter we introduced the notions of threats and harm, vulnerabilities, attacks and attackers, and countermeasures. Attackers leverage threats that exploit vulnerabilities against valuable assets to cause harm, and we hope to devise countermeasures to eliminate means, opportunity, and motive. These concepts are the basis we need to study, understand, and master computer security.
Countermeasures and controls can be applied to the data, the programs, the system, the physical devices, the communications links, the environment, and the personnel. Sometimes several controls are needed to cover a single vulnerability, but sometimes one control addresses many problems at once.
Throughout this book we use a scenario-based format to explore examples of attacks and countermeasures that can control them: First the attack that could or did occur; then the weakness that allowed the attack to succeed, with perhaps some attention to tools, techniques, or knowledge the attacker needed; and finally the countermeasures that can or could offer protection. When possible we present a range of countermeasures so you have a palette of options to apply to future scenarios or situations outside this book. As you look at countermeasures, keep in mind the balance between risk and control: Does this situation warrant that level (degree, severity, cost) of countermeasure and are there simpler countermeasures that would provide adequate security?
Because the book is organized around types of attacks, we describe vulnerabilities and countermeasures relevant to the specific attacks. Some countermeasures, such as authentication and access control, are effective against many attacks; consequently, we sometimes (as with access control) introduce the topic in one chapter and expand upon it in later chapters. In other cases, as with program development controls, we explore the topic once and simply refer to it when it is relevant in a later scenario.
We think the threat–vulnerability–countermeasure structure gives you the opportunity to analyze these cases on your own. You may think of vulnerabilities we have not listed, and you will almost certainly be able to think of additional countermeasures that could be effective. Computer security is always changing to address new attacks and new technological advances; you do not learn one set of tools or one approach and say you know all there is to know. The breadth and nature of attacks continues to change and grow, as do the means of defense. Our goal is to help you to think critically and creatively in order to be able to address ever-changing threats.
Several themes recur throughout the book: privacy, legal matters, economics, ethics, usability, and forensics. These areas are tangential to security: Each is an important area of study by itself, but at points throughout this book, one or another will be relevant to a particular topic. Rather than have a chapter on each that might get lost or overlooked, we treat these topics when they are relevant, as part of the flow of the main chapters. This arrangement emphasizes that these themes relate to the core content of computer and information security.
To give you additional practice analyzing security, we include three chapters, which we call interludes, in which we present just a bare scenario and invite you to derive the threats, potential vulnerabilities, and countermeasures. The three topics are cloud computing, electronic voting, and cyberwarfare; these interludes are placed among the other chapters.
We also conclude each chapter with exercises to help reinforce what you have learned and let you apply that knowledge in different settings.