In the previous article we began talking about information assurance and defined some common terms that will be used. In this article we will be defining some types of applications that are used to help secure a computer.

The first applications we will talk about are firewalls, anti-virus, intrusion detection systems and malware scanners.

Firewalls

When talking about how firewalls work, I like to use a Traffic Officer as an example. Traffic Officers are there to enforce certain rules, they do not get to make up the rules but do have some flexibility with the how rules are enforced and interpreted. Some Traffic Officers watch from one direction, while others watch from multiple directions; if you violate the rules they will stop you and either write a ticket or provide a warning. It is possible to get a ticket and still continue on, but breaking some rules will get you arrested.

(more…)

When someone talks about computer security, what do you think of?

For many people computer security is all about programs that are running on your computer to prevent bad things from happening. What many people do not realize is that security is about processes not programs. A computer application is only as good as the person who wrote the program, the person who maintains the program or the person who implemented the program. The term information assurance is the same as computer security, it is a matter of preference.

If you consider a home alarm system it is important to have a trusted brand, someone install the alarms properly and turn on the alarm when you are not home. You may also want a periodic review of your alarm and procedures to follow in the event of a break-in, malfunction or suspicious activity. Why not take the same approach to computer security?

Before we can effectively talk about securing parts of the computer we need to establish some terminology, discuss how certain types of programs are supposed to work and why they are supposed to work that way. The terms we are going to talk about initially are risk, threat, risk assessment, CIA+2, firewall, anti-virus, malware and intrusion detection system. There are many more we will eventually talk about, but this will serve as a good starting point.

(more…)

Since I am not in a position to do software development right now (long story), I thought it would be interesting to write some basic security articles for non-technical people. In the past I have had to teach similar courses for sales, marketing and end-users; sometimes to people that are terrified of their computer.

Initially I was thinking to cover some basic terminology, best practices and then freely available applications like Firefox with security-related plug-ins. A big part of what I want to do is not to only talk about what should be done, but why it should be done.

I plan to start working on the first article tonight, if you have any suggestions on topics, Firefox extensions or other applications to cover please let me know either in the comments or via email. I have already decided that the first extension I cover for Firefox will be No Script and then probably Dr. Web.

-Wayne

Permalink

Technocrati Links: Information Assurance, Training, Firefox, Security