Computer Security Basics

The cost of maintaining secure communications links can be great. In a time when remote access to the corporate IT infrastructure is critical, imagine the expense of securing the link to every traveling salesperson or home-based telecommuter. Encryption is an obvious answer, but as we saw in the previous chapter, to provide encryption and do it right is burdensome. Further, the Internet is a hostile environment for the security conscious. Crackers and other attackers seek to co-opt communications both to eavesdrop and to steal.

And the problem is coming home. In the "always on" mode that tends to follow broadband communications such as DSL and cable modems, attackers can attempt to acquire sensitive data, steal identities, and take over hardware by planting malicious code, all while the computer owner is sleeping.

Still, the Internet is such an effective way to put the people of an organization near where the action is and where the customers are, that rolling back to an earlier era seems unlikely. If we are to effectively leverage the Internet, there must be a way to use it without becoming a victim to those who seek to misuse it. Bad guys will attempt to intercept our communications, or worse.

The modern approach to network security, particularly for remote access, but also for point-to-point links, is called the Virtual Private Network. It is "private" because while it appears to travel over the same wide area network as other traffic, its internal encryption mechanisms serve to keep the transmitted data safe from prying eyes. It is "virtual" because there is no need to invest in the infrastructure of buildings, wires, cable plant, and technical services, other than the nominal (by comparison) fee charged by the service provider. More VPN information is available in the section "Through the Tunnel."

Whether you work on a lone laptop or a clustered supercomputer, you undoubtedly need access to a network and to the Internet. Networks let you share information (such as messages and files), as well as resources (such as printers and other remote computers). This type of communication is vital to most organizations. Information that can't be shared in a timely fashion among usersin different parts of an office, a country, or the worldmay rapidly lose its value. But sharing information over communications lines creates increased dangers of interception. From a computer security point of view, networks are the most vulnerable component of a system configuration. The number of possible users, the ease of access from remote, and sometimes anonymous, locations, and the opportunity for error introduced by the global complexity of the Internet, all contribute to this vulnerability. For this reason, computer and network security have increased steadily in their importance to individuals, commercial users, and to government and military organizations.