What Is Computer Security - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Chapter 42.
Security Overview
Because of the increased reliance on powerful, networked computers to help run businesses and keep
track of our personal information, industries have been formed around the practice of network and
computer security. Enterprises have solicited the knowledge and skills of security experts to properly
audit systems and tailor solutions to fit the operating requirements of the organization. Because
most organizations are dynamic in nature, with workers accessing company IT resources locally and
remotely, the need for secure computing environments has become more pronounced.
Unfortunately, most organizations (as well as individual users) regard security as an afterthought,
a process that is overlooked in favor of increased power, productivity, and budgetary concerns.
Proper security implementation is often enacted postmortem — after an unauthorized intrusion has
already occurred. Security experts agree that the right measures taken prior to connecting a site to an
untrusted network, such as the Internet, is an effective means of thwarting most attempts at intrusion.
42.1. Introduction to Security

42.1.1. What is Computer Security?

Computer security is a general term that covers a wide area of computing and information processing.
Industries that depend on computer systems and networks to conduct daily business transactions
and access crucial information regard their data as an important part of their overall assets. Several
terms and metrics have entered our daily business vocabulary, such as total cost of ownership (TCO)
and quality of service (QoS). In these metrics, industries calculate aspects such as data integrity and
high-availability as part of their planning and process management costs. In some industries, such
as electronic commerce, the availability and trustworthiness of data can be the difference between
success and failure.
42.1.1.1. How did Computer Security Come about?
Information security has evolved over the years due to the increasing reliance on public networks not
to disclose personal, financial, and other restricted information. There are numerous instances such
as the Mitnick and the Vladimir Levin cases that prompted organizations across all industries to rethink
the way they handle information transmission and disclosure. The popularity of the Internet was one of
the most important developments that prompted an intensified effort in data security.
An ever-growing number of people are using their personal computers to gain access to the resources
that the Internet has to offer. From research and information retrieval to electronic mail and commerce
transaction, the Internet has been regarded as one of the most important developments of the 20th
century.
The Internet and its earlier protocols, however, were developed as a trust-based system. That
is, the Internet Protocol was not designed to be secure in itself. There are no approved security
standards built into the TCP/IP communications stack, leaving it open to potentially malicious users
and processes across the network. Modern developments have made Internet communication more
secure, but there are still several incidents that gain national attention and alert us to the fact that
nothing is completely safe.
583