Security Systems Theory Module Introduction

Security and Systems Administration

Until you start to explore security practice you won't understand very much of the theory. So we are going to start by learning some Unix/Linux administration.

Why not Windows ?

Windows performs many of the same functions as Unix but Windows source code is not available. So Windows internals are not so easy for us to explore. Windows user interfaces change between major releases. Windows isn't designed for those who want to know how it works. The basic Unix security model is quite simple and most other security systems are based on its strengths and weaknesses. So once we have understood these, many other things become understandable, including Windows security or lack of it, and how vulnerabilities affecting all networked applications or other operation systems work.

Other Important Themes

• Password security - standalone and networked
• Backup procedures and disaster recovery
• Firewalls and Virtual Private Networks
• Formal security models used by secret intelligence and banking communities
• Cryptography - hash functions, block ciphers and public-key cryptography
• Laws influencing network and computing security
• Various technical attacks: viruses, trojans, buffer overflows, XSS etc.
• Issues affecting specific applications e.g. copyright protection, email, nuclear weapons, financial transactions.

Assignments

• 1.1 Unix Security and Commands Knowledge Test
• 1.2 Individual Security Investigation and Report
• 2 Written Examination

Security Theory and Practice Bullet Points

• Security can never be absolute, but risk can be managed.
• Security is a costly overhead so people will resist it - up to a point.
• Fear uncertainty and doubt (FUD) drives the security market - also up to a point.
• Users who need it often don't really know what they want and will pay for the appearance of security if not the reality of it.
• Security is only as strong as the weakest link. Are you installing a bank-vault lock in a cardboard door ?
• Security requires accountability - making the person who fails to do it right become the one who pays the cost.
• Complexity is the enemy of security and simplicity its friend.