The technology

OVERVIEW

Many people believe that computer security is the domain of only computer experts, and to some extent this is true when we talk about technologies like cryptography, but on the whole, everyone exercises the underlining principles of computer security everyday. These principles are authentication and authorisation.

Authentication asks the question — are you who you say you are?
Authorisation asks the question — are you allowed to do what you are trying to do?

So let's take a simple everyday example. You want to draw money from your own bank account. For those who can remember the days before ATMs (Automated Teller Machines), you had go into the bank and present your bankbook to the teller. The fact that you had the bankbook inherently says that you are authorised to withdraw money from that account. Your signature on the withdrawal form would say that you are who you say you are, which is one of the authorised account holders. The reason why the signature is accepted is because when you opened the account and signed the signature form, you presented some form of picture identification, like a passport, that the bank accepted as proof that you are who you say you are. The signature becomes a proxy statement of this fact.

Coming to today, the majority of people use bank ATM cards to draw money from their account. In fact, my daughters don't know anything else. The bank card is your authentication; it says you are who you say you are. The Pin that you enter in the ATM is you authorisation - I am allowed to withdraw money from this account.

So we all use the principles of computer security during our everyday activities. Inherent in these models is secrecy. It is important that you keep your Pin a "secret". Your signature is a form of a "secret", in that only you can sign your name in that way.

For computers, cryptography is one of the technologies used to keep a secret between computers, as they try to determine if the requestor, which can be a person, a program or another computer, is who they say they are, and if they are authorised to make the request they are making.

CRYPTOGRAPHIC KEYS

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
(Source: http://en.wikipedia.org/wiki/Cryptography - 07 Dec 2012)

In The Fixer, cryptographic keys were used in an unconventional way, to secure a physical safe. However, this further illustrates that the security models and technologies used for computers and Information Technology (IT) are very often generally applicable in normal life.

BASIC PC PROTECTION

Basic PC Protection

There is a scene in The Fixer where Sean breaks into a computer system at a hotel. I am not going to explain how this is done, because I don't want to make this webpage a hacker's guide, but it is worth asking the question - What is a hacker?

Putting the answer in the context of the prior explanation of computer security, in simple terms hacking is a means of circumventing the authentication of a computer system, and gaining access or using an account that you are not authorised to use.

While this is a constant menace for large companies, we all need to be aware of the security threats that we are exposed to in our personal use of computers and the Internet. There are a few simple things that you should practise doing, with no particular order of priority;

  1. Change your password periodically
  2. Keep your password a secret
  3. Apply patches periodically, as these very often fix and close security holes that make it easier for hackers to access your computer. This is especially true if you use Windows, but still applies to other operating systems that access the Internet
  4. Applications that access the Internet also need to patched. For example, Firefox Mozilla, Safari or any other Internet browser should be kept up to date so that they do not expose your computer to security breaches
  5. Don't execute email attachments from email accounts that you do not recognise. These attachment can inject/install security holes on your computer and expose you to a security threat

I could go on, but I think I'll update this list periodically, based on feedback and observation.