hanslux Logo 

Costreduction with Linux and OpenSource-Software

Services for Computer, Networks and IT-Security

Consulting, Security Concepts and Training

_Home ] _Services ] _Training ] _OpenSource ] _Wellknown OpenSource Projects ] _Security Goals ] _Security Concepts ] _Documents ] _Impressum ]
Wellknown OpenSource Projects
Security Goals
Security Concepts
Diese Seiten in deutscher Sprache

The Goals of the Security Efforts

Before you make any security concept you should be clear which goals to reach with a security concept.
The four goals of the security efforts are:



is the shelter of your confidence. Everytime we write a letter or do a call on the phone we are sure nobody else is listening to our communication. This is assured by the privacy of letters and (in Germany) there is the privacy of telephone calls given by the Telekommunikationsgesetz § 85. Only under suspicion of a crime an examining magistrate may suspend this privacy and intercept the communication.
Data in computer networks are easyly to be read by anyone, the privacy is not guaranteed. Only with encryption it is possible to achieve privacy, when only the sender and the recipient know the key for decryption.



we expect everytime when we communicate. We assume that messages between us and our communication partner are transfered entirely and unchanged. If someone is capable to insert a "no" into a telephonecall the message will be falsified. This is easy to do on computer networks, messages often cross lots of computers on their way, so called "hops". An attacker can easyly receive a data package on a computer in this chain and send it again with modified contents.
A remedy to care for this problem is checksum over the sent data which is then sent to the recipient on a different way. The recipient can compare the received checksum with an actually generated one. A difference reveals that the integrity is lost, the data has been tampered with.



is missing and causing problems when something of our computer equipment is not working as we expect it to work. This does not only mean failure of hardware but also includes the missing of data, programs and information when we need it. Waiting times caused by hardware failure as well as the retyping of crashed dokuments are expensive. But the availability is also damaged when an attacker abuses the infrastructure for other purposes and the user is blocked by overloaded systems.
To save the availability means on one hand side to avoid the abuse of infrastructure, on the other hand it means data security. It should be fast and cheap to recover lost data in case of hardware failure.
Of course, data protection is a main task of an administrator to prevent losses of availability. Virus protection is important as well, from computer virusses data can be damaged and hardware can be affected in its operation. To exclude abuse every legal user is identified with password and illegal users are rejected.



last not least empowers us to process business over the internet. Only when a company can be sure that a customer who is ordering via internet is the one he claims to be, an electronic business becomes calculable. This is the reason to discuss the electronic signature. This is a very complex item on which scientists have filled books.
A "one way hash function" is used in combination with a certificate which is generated by signing with the private key of an unsymmetric key pair. Using the secret private key enables the recipient to confirm with the public key if the key used for signing is fitting to the public key. The one way hash function ensures, that a change of a document can be detected instandly.

Projects up Security Concepts
_Home ] _Services ] _Training ] _OpenSource ] _Wellknown OpenSource Projects ] _Security Goals ] _Security Concepts ] _Documents ] _Impressum ]