Home Introduction Security Definition Aims of Security Types of Threats Protection Additional Reading About KRaM at UEL Site Map

Home
Classification of Security Attacks

SECURITY AIMS

In actual fact, computer/internet security is simple as well as it is complex. Simple because it is easy to break the web down into various parts and see where the problem is, and more complex since there are no solutions or magic formulas to make the web secure. However, it is accepted that irrespective of the background of the definer, the most acceptable definition must cover the following aspects:

As stated by Stallings [2002, pp.9-11] and Oppliger [2002, pp. 72-75], security should provide the following services:

  • Confidentiality
    • The prevention of unauthorised disclosure of information
  • Integrity
    • The prevention of anything that will make information insecure and unreliable
  • Authentication
    • The prevention of unauthorised modification of information
  • Non-repudiation
    • Allows users the ability to identify the sender or receiver of information
  • Access control
    • The ability to limit and control the access to host systems and applications through communications links by using id and authentication
  • Availability
    • The prevention of unauthorised withholding of information or resources, that is, preventing denial of service

Back to top

Below are the reasons why security in all aspects is now topical and sensational issues in the computer systems environment from different points of view:

 User’s point of view:

  • The remote server should be owned and operated by the organisation that is seems to be owned by
  • The documents that the server returns are free from dangerous viruses and malicious intent
  • The remote server will not record or distribute information that the user considers private.

 Webmaster’s point of view:

  • The user will not attempt to break into the web server computer system or altered the content of the website
  • The user will not get access to documents that he/she is not authorised to
  • The user will not crash the server making it unavailable for others to use
  • If the user has identified  himself, he is who he really says he is

 Both parties point of view:

·         The network connection is free from third-party eavesdropping listening in on the communication line

·         The information sent between browser and server is delivered  in tact, and free from tampering by the third party

The main purpose then is that Computer/Internet security should ensure that these are always valid. It should allow its users to have some sense of confidence in the system. If this confidence is broken then security is not effective and does not serve its purpose.

Back to top

This page was developed by Richard Bonsu, a member of the KRaM team

This site was created by KRaM - Keisha, Richard and Madeline