Introduction to Security

Introduction
Before understanding the various concepts of security, we should know what we are trying to
protect. What are the various dangers when we use computers, networks and internet? What
are the likely pitfalls? What can happen if we do not setup the right security policies?
The need for security
In early days of computers, computer data was considered to be useful, but not something to be
protected. Most initial computers had no or very little security. When computer applications were
developed to handle financial and personal data, the real need for security was felt. Therefore some
types of security mechanisms were needed.
Consider the following examples of security violations:

User A transmits a file to user B. The file contains sensitive information that is to be protected
from disclosure. User C, who is not authorized to read the file, is able to monitor the
transmission and capture a copy of the file during its transmission.

A network manager, D, transmits a message to a computer, E, under its management. The

message instructs computer E to update an authorization file to include the identities of a
number of new users who are to be given access to that computer. User F intercepts the
message, alters its contents to add or delete entries, and then forwards the message to
computer E, which accepts the message as coming from manager D and updates its
authorization file accordingly.
Types of security

Data security
Data security is the means of ensuring that data is kept safe from corruption and that access
to it is suitably controlled.
Computer Security
Computer Security is the protection of computing systems and the data that they store or
access, while allowing the information and property to remain accessible and productive to its
intended users.
Network Security or Information Security
It ensures the protection of the network and the network-accessible resources from
unauthorized access, consistent and continuous monitoring and measurement of its
effectiveness.
Principles of Security
Confidentiality
It ensures that no unauthorized people or systems ever get a hold of information that is not
meant for them.

Integrity: Ensures that only authorized parties are able to modify computer system assets and transmitted
information.