1. Some general principles in computer security Tomasz Bilski email: bilski@sk-kari.put.poznan.pl Chair of Control, Robotics and Computer Science Poznań University of Technology Poznań, Poland Parts of presentation 1. Introduction 2. Minimum necessary functionality 3. Integration and cooperation 4. Internal versus external threats 5. Other important principles

2. 1. Introduction  Diversity of security tools anti-virus software, firewalls, intrusion detection systems, port scanners, dial-up connection scanners, system log analysers, access control list analysers, password analysers, secure file deletion software, source code vulnerabilities scanners, deception toolkits, packet generators for security testing and so on The security tools should be recognised as only one part of the complex security system.  Some foundations of computer security  security models (such as Bell-LaPadula model, access matrix model, take-grant model, Biba model, Dion model, Sea View model, Jajodia- Sandhu model)  security standards (such as Trusted Computer System Evaluation Criteria, Information Technology Security Evaluation Criteria, Common Criteria for Information Technology Security Evaluation) Are the models and standards well known to security practitioners?

3. 2. Minimum necessary functionality Increase of the computer system functionality decreases its security.  Higher functionality means:  greater complexity of the system  more access points to resources  possibility of new threats  higher probability of software errors  Inconsistency between different security aspects The availability protection methods are potential threats to confidentiality and integrity. Some relations between new functions and new threats Added functionality featureNew threat remote access and controlremote unauthorised access and control script language and macro command in application macro virus Internet connectionattack from Internet Java in WWWhostile applet

4. 3. Integration and co-operation  Security features (such as confidentiality, integrity and availability) should be integrated with system from a starting point. They shouldn’t be the features that are added at some final step. First of all the concept of the system should be based on a proper security model and then one must keep in mind security during all other phases (design, testing, implementation, configuration, employment, maintaining) of computer system life.  The lack of security features in foundations of modern computer networks. The unsecured protocols on every layer of the protocol stack should be replaced as quickly as possible by secure versions. The security mechanisms should be integrated with other modules of information systems and should maintain and tighten co- operation. There is a need of tools, data formats, exchange procedures and other standards for such co-operation.  Many levels of co-operation:  tool level  system level  corporation and international level New security applications should be compatible with the existing and the emerging standards in the area of mutual co-operation. In testing the different aspects of security information systems it is very important to check if the many protection tools implemented in the system are able to communicate and to co-operate with each other.

5. 4. Internal versus external threats  The majority of computer security incidents originate within organisation itself. Some sources indicate that up to 85% of all threats to security come from the inside of the company.  Some steps may and must be taken in order to change current, intolerable situation. These steps comprise: definition and incorporation of security policy, greater awareness of threats among users, automation of security procedures, improved systems for user identification and authentication, wider use of cryptography, audit and intrusion detection systems, internal firewalls.

6. 5. Other important principles  it should be memorised that there aren’t 100% secure systems, achieving full security is not possible  security mechanisms and methods of their usage must be accepted by users  the mechanisms should be effective but simple, standardised, user- friendly and should not be time consuming  as much as possible, security mechanisms should be automated and made invisible to users  the security tools should be periodically and automatically updated  high security should be a default system attribute, not the one that is manually chosen  the system protection should be complete, redundant, periodically tested  strong encryption is necessary but not sufficient to secure information confidentiality  redundancy should be incorporated on many levels: from chip level to complete system level  each organisation should have defined and implemented security policy with essential rules of procedure