Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

The Evolution of the Computer and Information Security

If you glance through the history of computer security, you will find that the initial need was to physically protect the mainframe computers, which were used to crack the encrypted messages used during the world wars. Physical security was provided through security guards, identification cards, badges, keys, and other means. These regulated

the access to sites and locations where the mainframe computers were hosted and were essential for protecting them from theft and destruction. This was the main scenario during the 1950s and 1960s.

ARPAnet, the precursor to the Internet, was started with the intent of sharing data between remote locations.

With the primary intention of ARPAnet being a provision of connectivity across various locations and systems, information security does not seem to have been given much importance. However, as the days progressed and more data and more people came on to ARPAnet, linking many computers, the need for information security increased.5

The MULTICS, multi-users, and timesharing operating systems increased the need for information security. MULTICS (Multiplexed Information and Computing Services) operating system, true to its name, facilitated many different users to access the system simultaneously. The MULTICS was a research project started at MIT in 1964 and sponsored by Honeywell, GE, and MIT that allowed multi-user capability serving thousands in academic and research communities. This operating system provided much-needed focus on computer security and was built into the requirements for computer security. Honeywell then dropped out of the consortium to develop its own product. MULTICS systems were eventually sold for commercial use by Honeywell, with both the security and services.

Multi-user systems allow hardware and software applications to be accessed by multiple users. Multiple users can access the single system from the same location or a remote location using different computer terminals with different operating systems. These terminals are connected through wires and telephone networks. Since systems were shared by users who might not trust each other, security was of major concern and services were developed to support security features for file sharing via access control. MULTICS machines were developed to protect data from other users. Information co-existed on the same machine and the data was marked as 'Confidential', 'Classified', etc. Operating systems were designed to ensure that the right data is accessed by the right user.6

Ken Thomson from Bell Labs liked the MULTICS system but felt it was too complex and the same idea could be implemented in a simpler way. In 1969, he wrote the first version of Unix, called UNICS (Uniplexed Operating and Computing Systems). In 1973, Ken Thomson and Denise Ritchie wrote the first C compiler and rewrote Unix in C. The following year, Unix was licensed to various universities. University of California Berkley modified UNIX and called their version “BSD” Unix, and Bell Labs continued to use Unix under the name “System V-+” Unix. Eventually, there were two types of Unix operating systems: BSD and System V. The biggest advantage Unix had was its networking capabilities.

Unix became an ideal operating system for connecting different systems and providing e-mail services. It supported the TCP/IP protocol for computer communication. It also provided security features like user authentication mechanisms through user ID and password, different levels of access, and restrictions at the file level.6

In the mid 1970s, the invention of microprocessors led to a new age of computing with the introduction of Personal Computers (PCs). The 1980s gave rise to wider computer communication through the interconnection of personal computers, mainframe computers, and mini computers. This enabled resources to be available to all users within a networking community and led to the need for complex information security. As the popularity of PCs grew, networks of computers became more common as did the need to connect these computer systems together. This gave rise to the birth of the Internet. In the 1990s, the Internet was made available to the general public. The Internet

virtually connected all computers over a pre-existing telephone infrastructure. After the Internet was commercialized, the technology became pervasive, connecting every corner of the globe. However, initial days of internetworking experienced many issues because of factors like incompatibility of the proprietary protocols not allowing proper communications between two systems/networks, different vendors using different technologies to ensure their stronghold on the technology, and difficulties in ensuring that the message intended reaches only the destination device. Routing technologies, standardization efforts on the protocols, and standardization of computer systems and logical addressing systems like IP changed the scenario over time and enabled easy communication between various devices on the internet.

Tim Berners Lee wrote the first web page and the first web server.7 He designed the World Wide Web (WWW) to link and share news, documents, and data anywhere in the network. By 1991, people outside CERN joined the web community and in April 1993, World Wide Web technology was made available to the public. Since that time, the web

has changed the world. It has become the most powerful communication medium today. More than 30% of people in the world today are connected to the web. The WWW has changed the way we communicate with people, the way we learn new things, the way we do business, the way we share information, and also the way we solve problems. It has allowed everyone to not only be connected to one another, but also enables the sharing of information widely across the globe.8

The growth of the web has been phenomenal. There are more people communicating online today than any other medium. More shoppers buy and sell online today than in any other retail store. The rapid growth of the web and web usage has brought about many innovative developments. The web has several layers of technologies that all work together to deliver communication to the user. Today, the Internet has connected millions of “unsecured” computers together. This has been enabled through the growth of networking technologies and equipment like switches, multi-layered switches, and routers coupled with standardization of various protocols used. The switches

enable connecting many machines within an organization and ensuring the frames are passed on appropriately to the intended destination computer whereas routers play a large role in routing the

messages/communications from one network to the other and also connect to the internet. Routers are intelligent equipment and route the messages/communications efficiently from the source to the destination and connect to the internet. Also, many of the routers are now built with firewall capabilities. Advanced routers may act as switches as well as router. DHCP, NAT, and DNS have made the configuration and routing easy.

The vulnerability of information on each computer depends on the level of security provided by each system and to the system to which it is connected. Recent cyber threats have made organizations and governments realize the importance of information security. Information security has now become one of the major technologies to support the smooth operation of the Word Wide Web and Internet.

With the invention of the World Wide Web and the Internet, millions of users are connected and communicating with each other. This has raised several concerns regarding the integrity of the user, confidentiality of data, types of data that are being shared in the system, who is accessing the data, who is monitoring the information that is being sent on the Internet, and many more concerns related to information security. With the advancement of technologies such as wireless and cellular, users are always connected and networked computing has become the prevailing style of computing. As information became more exposed to the outside world, securing information has become a major challenge in the era of Inter-networking.

Information security is meant to protect information and information systems from unauthorized users accessing, using, modifying, or destroying the information. According to the standards defined by the Committee on National Security Systems, information security is the protection of information and its critical elements, including systems and hardware that uses, stores, and transmits that information. Security is achieved by implementing policies, guidelines, procedures, governance, and other software functions. Information security consists of three main components: hardware, software, and a communication system.

Various tools are developed daily to combat the compromise of information security. Several standards and guidelines have been implemented to reduce the propensity for information security breaches. However, in a constantly evolving world, information security will always be a matter of concern that will need to be addressed for the good of the world!

Information security also spans to physical aspects like hardware and infrastructure, the operating system, networks, applications, software systems, utilities, and tools. Other important contributors (favorable or adverse) to the field of information security are human beings, particularly employees, contractors, system providers, hackers, and crackers.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science