Now we need to broaden our definition of security from the one I used in my March ‘00 Comm Corner article. In that definition, it was stated that "Security is defined as the means used to protect information". In that article, I covered many of the vulnerabilities at the local machine such as HDD crashes, dust in drive components, virus protection, power failures, unauthorized local entry, and the alluded OS crash problems. Anti-virus programs and data backup were the major methods of combating these problems. 
 
Internet and Network security defined  
Computer security is a means to protect information no matter where it resides or travels on the network. There are two parts to this broad definition. First, it covers information in storage, hard drive or memory. Second, it means information in transit, which includes over a network, dial-up method, or another network, i.e., the Internet. The elements that make up what and how information is protected include integrity, reliability, availability, and security. Meeting these elements assures that the data is where it is wanted, when it is wanted, in a form usable, and accurately presented. Notice that I have not stated anything about the types of information to be protected. The answer is simple, all of it. 

There are six explicit security functions that are vulnerable to attack. 

• Identification and authentication functions identify users or groups to the system. 
• Access control functions control and define an object’s rights to another object. 
• Accountability functions keep track of security-relevant actions. 
• Object reuse functions prevent an object from reusing or scavenging resources such as memory, storage, or communications without explicit authority. 
• Accuracy functions ensure that information assets remain secure from tampering. 
• Reliability of service functions ensure that information is available on demand. 

Countermeasures are defined as the actions taken to keep information assets safe. The elements of countermeasures include those actions taken to safeguard that information. 

• Avoidance is the measure that attempts to avoid the threat altogether, such as firewalls. 
• Transfer is the measure that transfers the threat away from an asset, such as fake files to tempt intruders away from the real asset. 
• Reduction of threat is the measure that applies security measures to reduce the threat itself, such as uninterruptible power supplies (UPS) to allow graceful shutdown of computers during power failures. 
• Reduction of vulnerability is the measure that reduces the asset’s vulnerability to the threat, such as server redundancy that allows another server to take over one server goes down. 
• Real-time detection is the measure that detects the threat as it is happening, such as anti-virus software that interdicts a virus as it attempts infection. 
• Non-real-time detection is the measure that detect that the threat has been realized on the asset, such as virus-scanning software that detects when a file has been infected. 
• Reduction of impact measures reduce the impact of the threat on the asset, even if the threat is successful, such as periodic automatic save on a word processor. 
• Real-time recovery measures are those that recover the asset as the threat is being realized, such as mirrored or duplexed drives on a file server. 
• Non-real-time recovery measures are those security measures that recover the asset at a later time such as backups. 

At this point, a business would have to make a "risk assessment" to determine what actions must be taken to meet the measure of protection desired for the business assets being served. Risk assessment is a method that can be used to measure the impact of a threat on an asset. Defining threats and actions determines the appropriate countermeasures. 

One of the most important countermeasures that can be taken is not hardware and software, but simply user awareness. This is especially true of the home user. User awareness serves many of the function measures listed above. Understanding how the threat can affect one’s computer assets can result in really effective avoidance, reduction of vulnerability, and reduction of impact of the threat. Being proactive in these areas causes the protection measures taken to be easier and less expensive to implement or sustain. 

An axiom in security circles states that if users share passwords, then all the technology in the world cannot protect that system from attack. How do we implement security? 

Implementing security  
The first step in implementing computer communication security is to use common sense. Protect the data by controlling your password to assure that your identification and authentication procedures are not compromised. Use good backup techniques to ensure the data is always available. Regulate the electrical power to keep the machines working when you want them to. Keep the anti-virus program signatures up to date. These common sense measures need to be part of our personal approach to computer security whether we have one computer at home or fifteen computers in a network. Keeping these measures current and implemented is the first step in computer communication security. 

Security is best applied in layers. Layering security is more effective in that if one layer is breached, then there are more layers to assist in the countermeasures. A complex one layer security, when breached does not offer any further protection, leaving the system or network completely vulnerable. An example of layering may be that the files require users to authenticate using an ID and password as the first layer of security. Then the application running the file may have a separate ID and password authentication to be able to use the file, the second layer. Finally, users must have access to the directory containing the files and must be authorized to use them, a third layer. 

This type of security on the personal computer is possible with some operating systems such as Novell NetWare and Windows NT or Windows 2000. Windows 95/98 do not have local machine security features and only at the network share level, i.e., a Windows 95/98 machine can restrict it’s HDD share by either turning it on or off. Any user can gain access to the local machine if it can be turned on. 

One of the first applied layers of security one can do on the home or SOHO machines connected to any broadband service is to turn the Windows 95/98 file and print share off. This is accomplished by right clicking <Network Neighborhood> and selecting the <File and Print Sharing...> button on the <Configuration> Tab in the Network Properties Window.  Clear any check boxes in the File and Print Sharing window. Click <OK> in this window and in the Network window and reboot. 

The next step in this phase of security is to implement measures which will assist in the proactive areas. Obtain and install some form of hardware or software interdiction program, i.e., a firewall. A firewall is generally defined as a device or program that prevents access to information. Think of a firewall as a brick wall built between buildings and the outside world. Firewalls are usually placed between the local machine or network and external openings such as the Internet. The basic components of firewalls operate at all levels of the OSI model. Firewalls act as choke-points for monitoring and rejecting application-layer traffic. They also operate at the network and transport layers to examine IP and TCP headers of incoming Internet packets. These functions accept or reject the incoming packets based on the program packet filter rules of the firewall application. 

Firewalls can be hardware based, i.e., a special computer and application program dedicated to being between a network and the outside world of the Internet. Hardware based firewall solutions are usually dedicated to corporate networks. There is a Linux hardware based solution which works well for individual and SOHO users. It is based on a high-end Intel 486 or early Intel Pentium processor, 16 MB RAM, Linux utilities, two NICs, and a FDD, with no HDD. The entire firewall program is maintained on the Floppy disk in the machine. 

Other hardware firewalls are located within routers. The programs in these screening routers screen packets on a criteria such as the type of protocol, the source address, and destination address fields of the protocol. My ISDN dial-up router contains such screening filtering capability. 

Firewalls can be software based as well. Software firewalls reside on the local machine and do the same functions as the hardware variety. When activitated, these programs filter incoming and outgoing data in accordance with predetermined filters that limit incoming and outgoing traffic. BlackICE Defender and ZoneAlarm are two such programs. Both set up filters which allow screening of incoming and outgoing IP and network traffic. Since most networks are now IP protocol based, this two-way filtering is necessary. These programs also control the I/O ports in the local machine to either filter or close them. One of these two programs should be a part of any broadband connection. 

Conclusion 
Computer security is indeed a broad subject and needs to be covered by all individuals and network administrators with care. It takes place at the local machine and at the connectivity levels. It comes in many forms. It is a self-discipline routine at the most basic level and includes very complicated at the network level.