Skip to main content

Security

Security

Computer security has been a consideration of computer designers, software developers, and users for virtually as long as the computer has existed. As any Internet user knows, computer security is a critical factor in the web-connected e-world. It is also important in business, industry, and government, where internally networked computers create an environment in which confidential or proprietary data must be protected from unauthorized access.

Computer security measures can be broken into three basic components and functions:

  • Identification: "Who are you?"
  • Authentication: "OK, I know who you are, but prove it."
  • Authorization: "Now that I know you are you, here's what you can do in my system."

Computer security attempts to ensure that "the good guys" (authorized users) are able to access the systems and data they desire, and that "the bad guys" (unauthorized users) do not gain access. Although this is a simple idea, the implementation and maintenance of strong computer security is not easy. Multiple vendor equipment, different operating system environments, ease-of-access requirements, and (not the least) difficult users all make for hurdles in the continued operation of effective security measures.

History

The history of computer security starts, of course, with the earliest computers. The UNIVAC (Universal Automatic Computer) and ENIAC (Electronic Numerical Integrator and Computer) were each relatively secure due largely to the fact that the machines were housed in locked buildings or complexes and had few, if any, additional computers connected to them. However, it was not long before the power and capabilities of the computer expanded the number of connected users. As a result, computer designers and programmers had to consider computer security.

The development of computer security has mirrored the evolution of the computer itself and its expanding capabilities. As more and more computer devicesprimarily personal computers (PCs)have been linked together, the need for computer security has grown. Possibly the most significant impact on computer security has been the Internet. With the advent of worldwide connectivity and around-the-clock access to computer systems and data, computer security experts have struggled to keep pace.

Timeline

Here is a brief timeline of significant computer security events. Notice that as computer network capabilities have grown, so have the security concerns.

Memory Protection Hardware; Partitioning, Virtual Memory (1960).

Since the late 1950s most computers contain special registers to define partitions of memory for use by separate programs and ensure that a running program cannot access the partition of another program. Virtual memory extended this by allowing each object to be separately protected as if it were in its own partition. Partitioning and virtual memory capabilities provided one of the first security protection measures in early multi-user environments.

File Access Controls (1962).

Beginning in the early 1960s, time sharing systems provided files for individual users to store personal or private information. The systems were secured using file access controls to allow the owners to specify who else, if anyone, could access their files and under what circumstances. The Massachusetts Institute of Technology (MIT) Compatible Time Sharing System and the University of Cambridge's Multiple Access System were the first examples of this kind of security.

One-way Functions to Protect Passwords (1967).

Password protection was the first user-centered security feature. The authentication system used during login stores enciphered images of user passwords but not the actual passwords. This protects passwords from being divulged if an attacker happens to read the file.

Multics Security Kernel (1968).

The Multics system at MIT made security and privacy one of its central design principles. The designers paid very careful attention to identifying a small kernel of system operations which, if correct, would guarantee that all security policies of the system would be followed. This design signified the importance of security to the computer's basic programming.

ARPANET (1969) and Internet (1977).

The ARPANET (Advanced Research Projects Agency Network) was the first wide-area computer network. It started in 1969 with four nodes and became the model for today's Internet. This inter-connectedness increased the risk of unauthorized user access from outsiders and raised awareness of security issues to network administrators and owners.

Unix-Unix System Mail (UUCP); Mail Trap Doors (1975).

UUCP allowed users on one UNIX machine to execute commands on a second UNIX system. This enabled electronic mail and files to be transferred automatically between systems. It also enabled attackers to erase or overwrite configuration files if the software programs were not correctly configured. Since there was no central administration of UUCP networks, the ARPANET command-and-control approach to controlling security problems did not apply here. By 2000, the Internet had many of the same characteristics.

Public Key Cryptography and Digital Signatures (1976).

Cryptography is the ability to scramble messages based on a "secret," prearranged code. Public-key cryptography enables two people to communicate confidentially, or to authenticate each other, without a prearranged exchange of shared cryptographic keys. Although cryptography had been around for many years, this was the point at which it was integrated into the development of computer security.

First Vulnerability Study of Passwords (Morris and Thompson, 1978).

This study demonstrated that password guessing is far more effective than deciphering password images. It found that a very high percentage of passwords could be guessed from user names, addresses, social security numbers, phones, and other information stored in the user identification files. Password guessing remains a major threat today.

RSA Public-key Cryptosystem (1978).

The RSA public-key cryptosystem is the oldest unbroken one of its kind that provides both confidentiality and authentication. It is based on the difficulty of determining the prime factors of a very large number as used in the secret code. RSA provided a quasi-standard in the emerging field of computer cryptography.

Electronic Cash (1978).

As businesses moved onto the Internet, the means to pay for services or goods did as well. Electronic cash is one way to accomplish this. It cannot be easily created, it is anonymous, and it cannot be duplicated without detection. The protection and security of "e-cash" became yet another concern of security professionals; it continues to be a major issue.

Domain Naming System of the Internet (1983).

As the ARPANET grew, the number of computer devices became large enough to make maintaining and distributing a file of their addresses unwieldy, and the network maintainers developed a system to enable quick, simple name lookups. The Directory Name Server (DNS) dynamically updated its database of name and address associations, and became yet another target for hackers and "spoofers."

Computer Viruses Acknowledged as a Problem (1984).

Computer viruses are deceptive software programs that can cause damage to a computer device, most notably an individual PC. The challenges of such malicious code were first formally recognized in a study published in 1984. Coupled with growing network capabilities, viruses became a serious threat to computer security practitioners and individual users.

Novel Password Schemes (1985).

By the mid-1980s, many alternatives to reusable user passwords were being explored in order to circumvent the weakness of easily guessed configurations. Callback modems relied on the authentic user being at a fixed location. Challenge-response systems allowed the authentic user to generate personalized responses to challenges issued by the system. Password tokens are smart cards that generate a new password with each use. Each of these alternatives attempted to strengthen the basic password scheme.

Distributed Authentication (1988).

Authentication servers are computer devices that allow users and system processes to authenticate themselves on any system using one set of data. The data can be updated globally, and the server can pass proof of identity back to the user or process. This proof can be passed to other servers and clients and used as a basis for access control or authorization. Given the advance in distributing computing power both geographically and across platforms (servers), this advancement allowed security to keep pace with these new configurations.

Internet Worm (1988).

The Internet worm was the first large-scale attack against computers connected to the Internet. Unlike a virus, it transmitted itself actively through Internet connections. Within hours, it invaded between 3,000 and 6,000 hosts, between five percent and ten percent of the Internet at the time, taking them out of service for several days. It caused much consternation and anger, and highlighted a vulnerability of large networks.

PGP (1989); PEM (1989).

Electronic mail lacks protection against forgery, alteration, and interception. Privacy-enhanced Electronic Mail (PEM) and Pretty Good Privacy (PGP) provide all these services. As the Internet grew, so did the demand for these security services to help ensure user authentication and protection.

Anonymous Reposting Servers (1990).

These computer servers obscure the identity of the poster or sender by substituting a random string for the sender's name. Some retain the association between sender and random string internally to facilitate reply messages. These services make tracing the original user nearly impossible.

Wily Hacker Attack (1986) and Book (1992).

An attacker (hacker) intruded into computers at Lawrence Berkeley Laboratory, apparently looking for secret information. Cliff Stoll, an astronomer turned system administrator, detected the attacker from a seventy-five cent accounting discrepancy. Using a variety of techniques, Stoll helped authorities arrest the attacker, who was being paid by a foreign government. This event helped highlight the vulnerability of all systems and the need for widespread computer security.

Network Sniffing; Packet Spoofing; Firewalls (1993).

Internet protocols were designed on the assumption that no one could access the actual wires and listen to the packets of data. In recent years, attackers have hooked up computers to do just that. These methods of "sniffing" have been used to detect passwords. The attackers also engage in "spoofing," or using the same computers to transmit their own packets, with false identification fields, as a way of gaining access to systems. Firewalls are routers that attempt to filter out these "spoofed" packets. Sniffing and spoofing became key security concerns as the Internet grew.

Java Security Problems (1996).

Java is a language for writing small applications, called applets, that can be downloaded from an Internet server and executed locally by a Java interpreter attached to the browser. The design goal is that the interpreter be highly confined so that Trojan horses and viruses cannot be transmitted; that goal has yet to be met. Java has had several security problems related to malicious applet designers reading, altering, and deleting information supposedly outside the constrained environment.

Conclusion

Concerns about computer security will grow as computer system capabilities increase. Hackers eager to beat a new security challenge, as well as unauthorized users intent on accessing data for criminal or malicious purposes, will continue trying to circumvent security protocols designed to protect data, equipment, and users from their efforts.

see also Association for Computing Machinery; Ethics; Privacy.

Richard Archer

Bibliography

Hutt, Arthur E., Seymour Bosworth, and Douglas B. Hoyt, eds. Computer Security Handbook, 3rd ed. New York: Wiley, 1995.

Parker, Donn B. Fighting Computer Crime: A New Framework for Protecting Information. New York: Wiley, 1998.

Russell, Deborah, and G. T. Gangemi Sr. Computer Security Basics, rev. ed. Sebastopol, CA: O'Reilly & Associates, 1992.

Cite this article
Pick a style below, and copy the text for your bibliography.

  • MLA
  • Chicago
  • APA

"Security." Computer Sciences. . Encyclopedia.com. 27 Apr. 2017 <http://www.encyclopedia.com>.

"Security." Computer Sciences. . Encyclopedia.com. (April 27, 2017). http://www.encyclopedia.com/computing/news-wires-white-papers-and-books/security

"Security." Computer Sciences. . Retrieved April 27, 2017 from Encyclopedia.com: http://www.encyclopedia.com/computing/news-wires-white-papers-and-books/security

security

se·cu·ri·ty / siˈkyoŏritē/ • n. (pl. -ties) 1. the state of being free from danger or threat: the system is designed to provide maximum security against toxic spills job security. ∎  the safety of a state or organization against criminal activity such as terrorism, theft, or espionage: a matter of national security. ∎  procedures followed or measures taken to ensure such safety: amid tight security the presidents met in the Colombian resort. ∎  the state of feeling safe, stable, and free from fear or anxiety: this man could give the emotional security she needed. 2. a private police force that guards a building, campus, park, etc. 3. a thing deposited or pledged as a guarantee of the fulfillment of an undertaking or the repayment of a loan, to be forfeited in case of default. 4. (often securities) a certificate attesting credit, the ownership of stocks or bonds, or the right to ownership connected with tradable derivatives. PHRASES: on security of something using something as a guarantee.

Cite this article
Pick a style below, and copy the text for your bibliography.

  • MLA
  • Chicago
  • APA

"security." The Oxford Pocket Dictionary of Current English. . Encyclopedia.com. 27 Apr. 2017 <http://www.encyclopedia.com>.

"security." The Oxford Pocket Dictionary of Current English. . Encyclopedia.com. (April 27, 2017). http://www.encyclopedia.com/humanities/dictionaries-thesauruses-pictures-and-press-releases/security-1

"security." The Oxford Pocket Dictionary of Current English. . Retrieved April 27, 2017 from Encyclopedia.com: http://www.encyclopedia.com/humanities/dictionaries-thesauruses-pictures-and-press-releases/security-1

Security

SECURITY

Protection; assurance; indemnification.

The term security is usually applied to a deposit, lien, or mortgage voluntarily given by a debtor to a creditor to guarantee payment of a debt. Security furnishes the creditor with a resource to be sold or possessed in case of the debtor's failure to meet his or her financial obligation. In addition, a person who becomes a surety for another is sometimes referred to as a "security."

Cite this article
Pick a style below, and copy the text for your bibliography.

  • MLA
  • Chicago
  • APA

"Security." West's Encyclopedia of American Law. . Encyclopedia.com. 27 Apr. 2017 <http://www.encyclopedia.com>.

"Security." West's Encyclopedia of American Law. . Encyclopedia.com. (April 27, 2017). http://www.encyclopedia.com/law/encyclopedias-almanacs-transcripts-and-maps/security

"Security." West's Encyclopedia of American Law. . Retrieved April 27, 2017 from Encyclopedia.com: http://www.encyclopedia.com/law/encyclopedias-almanacs-transcripts-and-maps/security

security

security Prevention of or protection against (a) access to information by unauthorized recipients or (b) intentional but unauthorized destruction or alteration of that information. Security may guard against both unintentional as well as deliberate attempts to access sensitive information, in various combinations according to circumstances. The concepts of security, integrity, and privacy are interlinked. See integrity.

Cite this article
Pick a style below, and copy the text for your bibliography.

  • MLA
  • Chicago
  • APA

"security." A Dictionary of Computing. . Encyclopedia.com. 27 Apr. 2017 <http://www.encyclopedia.com>.

"security." A Dictionary of Computing. . Encyclopedia.com. (April 27, 2017). http://www.encyclopedia.com/computing/dictionaries-thesauruses-pictures-and-press-releases/security

"security." A Dictionary of Computing. . Retrieved April 27, 2017 from Encyclopedia.com: http://www.encyclopedia.com/computing/dictionaries-thesauruses-pictures-and-press-releases/security

security

security Security Council a permanent body of the United Nations seeking to maintain peace and security. It consists of fifteen members, of which five (China, France, the UK, the US, and Russia) are permanent and have the power of veto. The other members are elected for two-year terms.
Security Service official name for MI5.

Cite this article
Pick a style below, and copy the text for your bibliography.

  • MLA
  • Chicago
  • APA

"security." The Oxford Dictionary of Phrase and Fable. . Encyclopedia.com. 27 Apr. 2017 <http://www.encyclopedia.com>.

"security." The Oxford Dictionary of Phrase and Fable. . Encyclopedia.com. (April 27, 2017). http://www.encyclopedia.com/humanities/dictionaries-thesauruses-pictures-and-press-releases/security

"security." The Oxford Dictionary of Phrase and Fable. . Retrieved April 27, 2017 from Encyclopedia.com: http://www.encyclopedia.com/humanities/dictionaries-thesauruses-pictures-and-press-releases/security

security

securitybanditti, bitty, chitty, city, committee, ditty, gritty, intercity, kitty, nitty-gritty, Pitti, pity, pretty, shitty, slitty, smriti, spitty, titty, vittae, witty •fifty, fifty-fifty, nifty, shifty, swiftie, thrifty •guilty, kiltie, silty •flinty, linty, minty, shinty •ballistae, Christie, Corpus Christi, misty, twisty, wristy •sixty •deity, gaiety (US gayety), laity, simultaneity, spontaneity •contemporaneity, corporeity, femineity, heterogeneity, homogeneity •anxiety, contrariety, dubiety, impiety, impropriety, inebriety, notoriety, piety, satiety, sobriety, ubiety, variety •moiety •acuity, ambiguity, annuity, assiduity, congruity, contiguity, continuity, exiguity, fatuity, fortuity, gratuity, ingenuity, perpetuity, perspicuity, promiscuity, suety, superfluity, tenuity, vacuity •rabbity •improbity, probity •acerbity • witchetty • crotchety •heredity •acidity, acridity, aridity, avidity, cupidity, flaccidity, fluidity, frigidity, humidity, hybridity, insipidity, intrepidity, limpidity, liquidity, lividity, lucidity, morbidity, placidity, putridity, quiddity, rabidity, rancidity, rapidity, rigidity, solidity, stolidity, stupidity, tepidity, timidity, torpidity, torridity, turgidity, validity, vapidity •commodity, oddity •immodesty, modesty •crudity, nudity •fecundity, jocundity, moribundity, profundity, rotundity, rubicundity •absurdity • difficulty • gadgety •majesty • fidgety • rackety •pernickety, rickety •biscuity •banality, duality, fatality, finality, ideality, legality, locality, modality, morality, natality, orality, reality, regality, rurality, tonality, totality, venality, vitality, vocality •fidelity •ability, agility, civility, debility, docility, edibility, facility, fertility, flexility, fragility, futility, gentility, hostility, humility, imbecility, infantility, juvenility, liability, mobility, nihility, nobility, nubility, puerility, senility, servility, stability, sterility, tactility, tranquillity (US tranquility), usability, utility, versatility, viability, virility, volatility •ringlety •equality, frivolity, jollity, polity, quality •credulity, garrulity, sedulity •nullity •amity, calamity •extremity • enmity •anonymity, dimity, equanimity, magnanimity, proximity, pseudonymity, pusillanimity, unanimity •comity •conformity, deformity, enormity, multiformity, uniformity •subcommittee • pepperminty •infirmity •Christianity, humanity, inanity, profanity, sanity, urbanity, vanity •amnesty •lenity, obscenity, serenity •indemnity, solemnity •mundanity • amenity •affinity, asininity, clandestinity, divinity, femininity, infinity, masculinity, salinity, trinity, vicinity, virginity •benignity, dignity, malignity •honesty •community, immunity, importunity, impunity, opportunity, unity •confraternity, eternity, fraternity, maternity, modernity, paternity, taciturnity •serendipity, snippety •uppity •angularity, barbarity, bipolarity, charity, circularity, clarity, complementarity, familiarity, granularity, hilarity, insularity, irregularity, jocularity, linearity, parity, particularity, peculiarity, polarity, popularity, regularity, secularity, similarity, singularity, solidarity, subsidiarity, unitarity, vernacularity, vulgarity •alacrity • sacristy •ambidexterity, asperity, austerity, celerity, dexterity, ferrety, posterity, prosperity, severity, sincerity, temerity, verity •celebrity • integrity • rarity •authority, inferiority, juniority, majority, minority, priority, seniority, sonority, sorority, superiority •mediocrity • sovereignty • salubrity •entirety •futurity, immaturity, impurity, maturity, obscurity, purity, security, surety •touristy •audacity, capacity, fugacity, loquacity, mendacity, opacity, perspicacity, pertinacity, pugnacity, rapacity, sagacity, sequacity, tenacity, veracity, vivacity, voracity •laxity •sparsity, varsity •necessity •complexity, perplexity •density, immensity, propensity, tensity •scarcity • obesity •felicity, toxicity •fixity, prolixity •benedicite, nicety •anfractuosity, animosity, atrocity, bellicosity, curiosity, fabulosity, ferocity, generosity, grandiosity, impecuniosity, impetuosity, jocosity, luminosity, monstrosity, nebulosity, pomposity, ponderosity, porosity, preciosity, precocity, reciprocity, religiosity, scrupulosity, sinuosity, sumptuosity, velocity, verbosity, virtuosity, viscosity •paucity • falsity • caducity • russety •adversity, biodiversity, diversity, perversity, university •sacrosanctity, sanctity •chastity •entity, identity •quantity • certainty •cavity, concavity, depravity, gravity •travesty • suavity •brevity, levity, longevity •velvety • naivety •activity, nativity •equity •antiquity, iniquity, obliquity, ubiquity •propinquity

Cite this article
Pick a style below, and copy the text for your bibliography.

  • MLA
  • Chicago
  • APA

"security." Oxford Dictionary of Rhymes. . Encyclopedia.com. 27 Apr. 2017 <http://www.encyclopedia.com>.

"security." Oxford Dictionary of Rhymes. . Encyclopedia.com. (April 27, 2017). http://www.encyclopedia.com/humanities/dictionaries-thesauruses-pictures-and-press-releases/security-0

"security." Oxford Dictionary of Rhymes. . Retrieved April 27, 2017 from Encyclopedia.com: http://www.encyclopedia.com/humanities/dictionaries-thesauruses-pictures-and-press-releases/security-0