DEV Community

Cover image for Computer Systems Security An Introduction (Part 1)
Jegan
Jegan

Posted on

Computer Systems Security An Introduction (Part 1)

#cybersecurity #security #beginners #tutorial

What is Security

Security is the ability of systems to achieve their intended goals even in the presence of an adversary.

The Castle Analogy

A castle is secure if the treasure remains protected even when enemies are actively trying to attack it.

  • Goal: Keep the treasure safe
  • Adversary: Bad guys (hackers) trying to steal it
  • Security: Making sure the treasure stays safe even though attackers are trying to break in

So, in computer systems:

Goal:

  • Keep data confidential
  • Ensure data is not changed
  • Keep systems available for users

Adversary:

  • Hackers, malware, unauthorized users

Security:

  • Using logins, guards, walls, and alarms to still achieve the goal despite attacks

The Three Building Blocks of Security

Goal

Before you can protect something, you need to know WHAT you're protecting and WHY.

The three types of goals:

1. Confidentiality

  • Keep secrets SECRET
  • Like keeping your diary locked
  • Only you should read your file
  • Your bank password should stay secret

2. Integrity

  • Keep things CORRECT
  • Like making sure nobody changes your homework
  • Your grade file shouldn't be changed by students
  • Your bank balance shouldn't be changed by hackers

3. Availability

  • Keep it WORKING
  • Like making sure the library is open when you need it
  • Netflix should work when you want to watch
  • Your email should always be accessible

Threat Model

You can't protect against EVERYTHING! You need to decide who you're protecting against.

Think of it like this:

  • Against a thief? You need locks and maybe an alarm
  • Against a fire? You need smoke detectors and sprinklers
  • Against rain? A good roof is enough
  • Against a tank? Well, your house won't help much

In computers:

  • Are you protecting against random hackers on the internet?
  • Or against a government with unlimited money?
  • These need VERY different protections

Mechanism

How do you actually protect it?

  • This is like the actual locks and walls you use

Policy

  • The rules

    • Only teachers can change grades
    • Only you can read your email

Mechanism

  • The tools

    • Username and password
    • Encryption
    • Firewalls

Why Security Is So Hard?

The big problem:

Security is negative — you have to defend against EVERYTHING

Imagine you own a toy store.

Making the door work is easy:

  • Put a lock on it
  • Give keys to employees
  • Open it during business hours

But keeping thieves out is HARD because they might:

  • Break a window
  • Dig under the floor
  • Come through the roof
  • Pretend to be an employee
  • Steal an employee's key
  • Break the lock
  • Come in during business hours disguised as a customer
  • Bribe an employee

You have to think of ALL possible ways in.

The Asymmetry Problem

Top comments (0)