Computer security, also called cybersecurity, information security, or IT security, is the discipline of protecting information systems—including servers, endpoint computers, mobile devices, and networks—from attacks, theft, destruction of data or process integrity, improper use (whether intentional or not), and the hijacking or misdirection of normal, desired system functions.
An early approach to thinking about the domains in which computer security should be applied was the CIA Triad, the origins of which seem to have been lost over the years. The “triad” refers to three key concepts, namely:
Confidentiality was construed to mean controlling access to data resources, Integrity to the idea that the data should not be corrupted or deleted, and Availability to having systems online and accessible when needed.
Various extensions to these three core concepts have been suggested over the years. The one that has received the most traction is the concept of Authentication. Authentication addresses the issue of being confident that actors in a system are reliably who they claim to be.
History of Computer Security
Early mainframe computers were protected primarily by isolating them in protected physical locations. As the computers began to interconnect, an ARPA (Advanced Research Projects Agency) study in 1967, along with a related Rand Report, determined that a more rigorous approach that built safeguards into the computer systems themselves was needed.
Mainframe operating systems such as MULTICS (Multiplexed Information and Computing Service) built in the notion of multiple levels of access and accounts protected by passwords. This was about as far as the discipline advanced until there were sufficient attacks reported that engineers began to develop what we now call the firewall.
In the mid-1980s, a systems administrator named Clifford Stoll was working at the Lawrence Berkeley National Laboratory and discovered a hacker had invaded the lab’s systems. He recounted the process of tracking this hacker down in his 1989 book The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. For many in the emerging security field, the book was an introduction to the concepts of monitoring for abnormalities, forensically investigating malicious activity on a network, and creating “honeypots,” which are intentionally set lures within a system’s assets.
At about the same time (1988 saw the first paper on the subject), the firewall emerged.
What is a firewall?
A firewall is much akin to a network router, except that it examines packets not to determine where they should be redirected to arrive at their intended destinations, but instead to determine whether the packets are part of a malicious attack.
There is more than one kind of firewall. The simplest kind inspects each packet that passes through it according to a list of rules configured by the network’s administrator. Included in the rules are strings of characters, or signatures, that have been previously discovered in examining known attacks. Packets that the rules determine are malign are discarded. Packets that don’t get flagged by the rules are allowed to pass and presumed safe.
Stateful Packet Inspection
A more advanced firewall design is designed to catch attacks that are divided up across multiple packets and where looking at only one of the packets may not give evidence of attack. Rules are applied as with the simple packet-filter firewall, but it also remembers relevant characteristics from recently seen packets and can detect sequences of packets that indicate an attack.
Deep-inspection / Next-gen
A more recent arrival is the “next-gen firewall,” which features the ability to examine the data payload of packets in a structured way to look for indications of attack or exfiltration of compromised data. Because the nature of this kind of inspection is far more complex, next-gen firewalls process at considerably slower speeds than conventional firewalls.
Beyond the Firewall
Computer Security Threats
There are a variety of different ways in which computers may be attacked or inadvertently compromised, but basic threats include:
Malware is a broad umbrella term for software that carries out malicious actions on “infected” (compromised) systems. Viruses, worms, and Trojan horse programs are all forms of malware.
Worms are malicious software programs that can automatically propagate from one system to another, and usually the term is reserved for those programs that can carry out this move from system to system without user intervention.
Like worms, viruses propagate from system to system, generally without direct user action. Unlike worms, viruses are not standalone programs, but are instead fragments of executable code that attach themselves to otherwise benign executables or operating system components.
When the malware that has compromised a computer has managed to obtain administrative rights for the computer (a level of privilege that is referred to as “root” privilege), then the malware can be used to perform any function that the computer is capable of performing and the malware is called a rootkit.
Some kinds of malware can be used by attackers to perform arbitrary tasks on compromised systems. When a number of such systems are controlled by a single attacker or group of attackers, the systems that perform the arbitrary (and usually malign) tasks are called “bots” (short for robots) and the entire group is called a botnet.
Denial of Service
One typical use for botnets is to cause all the component “bots” to send a high volume of messages or requests to a single target system, which may be overwhelmed by the excess traffic and therefore unable to perform its intended role. Legitimate users of the overwhelmed service will thus be denied service.
In the case of ransomware, malicious software encrypts data on a target system using strong encryption and a key that the victim doesn’t know. The attacker then demands ransom in return for the key. There are instances, of course, where the money changes hands but the key isn’t provided to the victim.
When an attacker poses as a benign email or instant message sender and dupes the message recipient into giving away login, personal, or financial data, this is known as “phishing”, the term being a play on words for “fishing.” In other words, the victim is hooked and then reeled in. In addition to tricking victims into revealing secrets, phishing can be used to lure users to browse malicious websites, which then can download malware to the victim’s computer.
These are sophisticated attacks where privileged information is gained not by directly attacking a system, but by noticing and correlating unintended side effects of some aspect of system processing. For example, an attacker might monitor electromagnetic radiation leaking from a system as data is transferred within the system, noting that the transmission of zero and one binary digits radiate differently and converting these differences back to the originating data, which might include data such as passwords in plaintext.
The Computer Security Profession
Beginning in the mid-seventies, computer security increasingly was viewed as a separate role from that of software programmers or system administrators. By the nineties, corporations began to have security teams and, in the early 2000’s, the role of Chief Security Officer emerged as part of the executive leadership of many organizations.
Along with the rise of careers in computer security, there arose certifications that sought to serve as proof points of the knowledge and experience of the industry’s practitioners. The most widely granted certification globally is (ISC)2’s CISSP, but a number of others have significance in the field.
At present, there is an international shortage of qualified security professionals, as shortfall estimated by the CSIS to be over 300,000 positions in the U.S. in 2019 (that means there are almost half as many job positions unfilled as filled).