Security Attack
A security attack is any action that compromises the security of information owned by an individual or organization.  Attacks on the security of a computer or network are defined by looking at how the flow of information can be compromised during processing or transmission.  The normal flow of information is from the information source to the information destination.  There are four general categories of attack that may be used by unauthorized entry to the information.  

• The first disruption attack may be an interruption of the data flow.  An example might be by causing the destruction or malfunction of a piece of the network or computer.  
• The second disruption attack may be interception of the information.  An example of interception may be wiretapping to capture the data or unauthorized copying of files.  
• The third disruption may be modification of the information. An example in this case might be changing values in a data file or altering a program.  
• The fourth disruption may be fabrication of data to be inserted into the data files.  Examples might include addition of bogus messages in a network or addition of records to a file.

Attacks can be either passive or active.  Passive attacks are intercepts of data flow.  They could be in the nature of eavesdropping or monitoring data in the network or over the Internet.  These attacks could also be in the nature of spyware transmissions from your home or office computer.  Active attacks involve changes in the data transmission stream or the creation of false information.

There are two types of passive attacks.  Remember that the goal of these attacks is to gain information knowledge as the private data is being transmitted.  The two types of passive attacks are release of message contents and traffic analysis.  Private e-mail and telephone traffic can be released by unauthorized persons who have listened by some method to the original traffic flow to effect release of message contents.  Unauthorized traffic analysis is harder to detect or to understand.  Data can be encrypted to prevent unauthorized analysis, but the fact that traffic is being sent in volume or to a particular place may give other users an idea of what is happening.  Passive attacks are hard to detect.  The primary defense is in prevention rather than detection.  VPN (Virtual Private Network) Internet traffic transmission, encryption of all transmitted data, and limited access about the data are ways to prevent that data from unauthorized use.

Security Services
Security Services is usually defined by these classification terms: confidentiality, authentication, integrity, non-repudiation, access control, and availability.  Security services are the act of validating information or other data as it is transmitted from location to location.  Business or personal interaction with information and data depends on the confidence each party has in the integrity of that information or data.  Traditional methods of validation include notarization, witnessed and/or recorded documents. In the electronic world where the documents or information is transmitted digitally, these functions of validation must take on other methods of protection from unauthorized disclosure, tampering, or destruction.

Confidentiality service rests in the protection of transmitted information or data from passive attacks.  In the broadest sense, this service protects the information or data over time between two authorized users.  Virtual circuits between authorized users such as VPN using PPPoE (Point-to-Point Protocol Encrypted) is one way to maintain this confidentiality.  Other encryption methods such as PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extension)  can be used to further narrow access to the information or data.  Another aspect of confidentiality is to keep unauthorized users from observing sources and destinations of the information or data transmission.

Authentication service is concerned with assuring that any transmission of information or data is authentic.  In general, the function of authentication is to assure the recipient that the message or information is from the source that it claims to be from.  There are two aspects involved, one, at the time of connection, the service assures that the two users are who each claims to be; and, two, the authentication service assures that the connection will not be interfered with by a third party who could act as one of the two legitimate parties.

Integrity service is concerned with the stream of data flow.  Prevention of information interception and destruction of the data is the objective.  Connection-oriented integrity service, that deals with streams of data assures that the data is being received as transmitted.  It assures that no duplication, insertion, modification, reordering, replay, or destruction of the information is done during the transmission.  This service is concerned with active attacks and is successful when detection of intrusion is made.

Non-repudiation service prevents either sender or receiver from denying that a message was transmitted.  When the message is sent, the receiver can prove that the message was in fact sent by the alleged sender, and, when the message is received, the sender can prove that the message was in fact received by the alleged receiver.

Access control service is concerned with network security, i.e., the ability to limit and control access to host systems and applications via communications links.  To maintain access control, each entity trying to gain access must be both identified and authenticated to gain access rights.

Availability service is concerned with the results of attacks.  Many attacks can result in the loss of or reduction of availability of assets in the network.  Some attacks are amenable to automated countermeasures such as authentication and encryption, while others require an action to prevent or recover from loss of availability of elements of the network.  Prevention can be in the form of physical or software firewalls.  AntiVirus programs are part of this service.  Data recovery applications or services are part of this service.

Security Mechanisms
Security Mechanisms is defined as the mechanism that will provide the security services or functions needed to secure the network from unauthorized access.  There is no one security mechanism that provides all these services.  AntiVirus programs, firewalls, data recovery programs, secure operating systems, and encryption, as well as good personal use habits are all included in this definition of security mechanisms.

How Does This Affect My Network?
This is where I get to do my recap of my Computers and Security column series.  I started this series in March 2000 by covering the basic safety and maintenance actions that should be done for basic data security.  Like, remembering to keep the computer free from dust and lint, or keeping coffee from spilling on it.  Electrical power issues such as power spikes and failures of electrical service, or protection from lightning storms were touched on.  Remembering to backup the data files to protect against hardware failure on the hard disk drive was covered.  In fact, I did not get around to “security” in that first article, but tended to cover all the related subjects such as the security holes in the prevalent Windows operating systems.  It was recommended that all the OS and Internet browser security patches be installed to keep the hackers at bay.  I recommended adding uniterruptible power supplies to the electrical power system to keep the current steady and to guard against local power fluctuations. I recommended using some method of data backup.  And, I recommended actually doing backups regularity.  And, finally, I recommended using an AntiVirus program to protect against viruses that could be received from the Internet or that floppy disk from down the street.

In the April 2000 column, I covered some basic definitions of computer security.  This column touched on what to protect.  Computer security is a means to protect information no matter where it resides or travels on a network.  Remember, that at home, if there are two or more computers connected in a network, this is equivalent to a small office network.  AntiVirus and hacker protection was introduced as antivirus or firewall programs or hardware.

In August and September 2000, the Comm Corner featured a two part Small Office Home Office Security article about Computers and Security methods.  Part One covered system and information (data) integrity.  The first line of defense is to insure that the computer is physically secure from harm or unauthorized use.  Second, is the computer reasonably protected from electrical power outages and surges.

This two part article also covered the fact that in the beginning, with dial-up Internet, most individuals did not have to worry about hackers.  With the advent of direct connections via DSL or Direct Cable broadband to the Internet, coupled with high performance computers within reach of most users, hackers can use a home or small office computer just as well as corporate network servers.  And, these computers are not nearly as well protected as their corporate counterparts.  It talked about keeping the OS up to date.

The second part of this article covered virus protection and firewalls.  Any of the commercial antivirus applications work if their virus signatures are kept up to date.  I tend to use Norton AntiVirus for my personal computers.  Firewalls come in hardware and software versions.  A firewall is a device or program that keeps hackers from your computer or network.

The February and March 2001 columns were devoted to firewalls.  It was also noted that the broadband routers being used for home or small office also contain built-in TCP/IP protocols to combat intruders.  These include Packet Filtering and NAT (Network Address Translation).  Also the not-Internet- transmittable IP addresses are used as a further security measure in these routers.  The protocol that handles this feature is using the router as a DHCP (Dynamic Host Control Protocol), in which each host (computer) on the network is assigned its IP address by the DHCP server.  When this IP addressing scheme is set to a non-routable IP address scheme, outside and/or unauthorized users can not enter the network.  Routers also control the protocol ports and allow or disallow users via these ports.

The October 2001 column covered OS and browser security and what to do about breaches within these applications.  The July 2001 column discussed hackers and how to protect against them.  The September 2001 column discussed how to install Anti-Virus programs. 

My August 2001 column covered computer privacy.  It covered different techniques and applications that could be used to counter identity theft and other methods of illegally obtaining information like credit card numbers.  The February 2002 column tied computer to privacy.

Conclusion
Security continues to be a major theme in my columns as I learn more about the subject.  The Computers and Security series of articles are a good basic outline on what to do about security.