I. OVERVIEW

Connectivity and communications systems are intertwined. The major thrusts of computer development in the past forty years have been the growing ease of use and growing interconnection of systems. Today, major manufacturers market computers that use compatible operating systems, from microcomputers to mainframes (UNIX or DOS). Postscript is a language accepted by an ever-increasing number laser printers and by almost all new typesetting machines; it is becoming a standard language for describing marks on paper. Word processors are available that accept files from IBM compatible machines into Macintosh computers and vice versa. Networks may span continents, or simply connect rooms.

Connectivity means more than compatible operating systems, compatible languages, communications, and in a holistic sense, computers simply become more pervasive and easier to use. Like a telephone network, the utility is used, with the user unaware of details of the pieces such as DOS or satellite protocols in the case of long-distance telephone.

The presentation of this module reviews the basic concepts of protection as it is applied to communications and network security. There is a misconception that this topic applies only to large organizations with externally interconnected systems. However, even managers who do not have computers connected to communication systems but who do use telephone systems (private or public) for business purposes should recognize that they may also have vulnerable attack points. Competitors can do simple traffic analyses of outgoing calls to determine major clients or suppliers, dishonest employees may use the office phones improperly, etc. While the countermeasures may be simple, the principles covered in this module still apply. Furthermore, if small businesses have only two or three interconnected PC’s and printers without any external connections, they should also apply network security principles because accidents, such as employee failures or errors can cause major problems, e.g., data loss.

Managers, users and designers of communications systems and networks are faced with a paradox. These systems are designed to facilitate the sharing of information, resources and services by legitimate users but simultaneously they must be protected from unauthorized entry and malicious attacks.

In this section, survey the concepts of policies and mechanisms and their roles in protection. The aspects of assets, threats and vulnerability are also reviewed.

Summers points out that since users increasingly access computing systems from remote locations, careful attention must be given to communications security. Also, security is increasingly important when connecting computers into networks or implementing distributed systems. Because of this, relatedness, consider communication and network security together.