The CTDP Security Guide Version 0.2.0 September 1, 2000

Introduction

This Security Guide is written with several purposes in mind. It is not written as a complete guide to computer security but is intended to give enough information to allow the reader to make somewhat competent security decisions without having to do a great deal of reading or study. The information contained in this document is not guaranteed to be accurate and the writer assumes no responsibility of the reader's use of any information contained herein. This document also provides information to allow the reader to do further study. The main objectives of this document are to:

  1. Define terms
  2. Introduce security functions
  3. Introduces some of the main security protocols, and explains how they fit into the security scheme. (RSA, Diffie-Helman)
  4. Give the reader fundamental knowledge to allow for better decision making, without a great deal of reading or study.

There are several areas of security expertise which include but are not limited to:

  1. Security protocols, their strengths, weaknesses, and how they work.
  2. Being able to write security algorithms, both in mathematical formulas and/or write the programs. Normally a mathematician is best qualified here
  3. Knowing various security vulnerabilities of certain operating systems and knowing how to guard against them.
  4. Knowing how to set traps for those who try to break into systems.
  5. Knowing how to set up effective and secure firewalls to keep hackers from other networks or the internet from breaking into private networks.

Computer security defined in this document primarily is about enciphering and deciphering what is called plaintext. Plaintext is un-enciphered data which may be text or any other form of data. Please be aware that when it comes to the art of inventing data enciphering protocols, there are very specialized people in these fields. Therefore it is extremely unlikely that any one or group not specialized in these areas will successfully invent their own security protocols and have them be effectively secure. Most of us are dependent upon the specialists. We will likely use a published protocol with published key management and key generation schemes. However if you want to develop a specialized team of cryptographers, it is my opinion that you will want brilliant mathematicians, not generally programmers or engineers. This is because much math is required and math specialists are most skilled in this area. Also the math specialist has a desire to work on math problems, whereas the programmer or engineer likes to work on logic, development or design problems. However the programmer or engineer if they have a strong desire to concentrate on math and show talent in this area, may qualify for these specialized jobs. To be effective, I recommend a team of at least 5 people specialize in this area with half the team checking the work of the other half.

Keeping the encryption algorithm secret is not security.

Cryptography provides:

Functions required for a secure system.

Useful functions.

Attacks:

Security Guide Contents Page