Security and the Internet

by Pradeep Varma

Speaking in general terms, a secure computer system is a system that does not allow the violation of its intended functionality. Security of a computer system is often directly in conflict with the convenient use of the system. The shift from use of computers as isolated machines to use of computers as networked machines that may provide users with an automated cyberspace, or an information superhighway provides an example of the tradeoff between security issues and convenience issues. In this talk I discuss the vulnerability introduced by providing a computer system unhindered exposure to the Internet. I discuss the use of the TCP/IP protocol suite on the Internet. TCP/IP consists of a collection of communication protocols that include standard services such as Simple Mail Transport Protocol (SMTP) and telnet; RPC-based protocols such as Network File System (NFS); File Transfer Protocols; and information services such as gopher, Wide Area Information Services (WAIS) and what is called as World Wide Web (WWW). I discuss the vulnerabilities of some of the individual communication protocols, and the strategies used for coping with the vulnerabilities and for building a secure network of computers.