webpointmorpheus Security Info:
Introduction to Security Concerns

     Introduction      Core Security Info      References

©2005 - material compiled by Bob Carnaghi, www.webpointmorpheus.com

Introduction to Computer, Network, and Internet Security     Top of Page

This collection of documents is a series of information that chronicles security related info as applied to computers, networking, and the Internet. Please consider that this information is not intended to serve as a technical reference or a security guideline manual. These documents came about as the result of an intense study over a period of several weeks in preparation for the CompTIA Security+ exam, and is offered here as a collection of online notes about computer security that are accurate to the best effort of the author at the time of writing. Please consider the date of the document when considering the information and its accuracy. The intent of this series of documents is that they will offer an overview or viewpoint of security info to help clarify this often murky and ambiguous subject, which can be confusing and shrouded in technical acronyms. The documents and links that are cited have provided most of the information that is contained in this series.

 

Core Security Info     Top of Page

Computer Security is the assurance that a system, network, body of information, or specific resources are protected from violation, infringement, compromise, or molestation. There are 5 goals or intentions of computer security, as listed and defined:

1. Privacy/confidentiality - the protection, restraint, or restriction of information to only those who are intended to access or have knowledge of that information.
2. Authentication - the verification of the identity of the account which is attempting to access information or resources.
3. Data integrity - the verification that a certain body of information or data has not been altered.
4. Non-Repudiation - the state of removing any and all doubt that information was transmitted and/or received by specific individuals.
5. Access Control - the actions or practices that permit only authorized users to access information or resources.

Additionally, there are 3 types of data encryption, and each has a specific area of application within the goals of computer security:

1. Symmetric or secret-key encryption - algorithms that provide privacy/confidentiality.
2. Asymmetric or public-key encryption - algorithms that provide authentication and non-repudiation.
3. Message digests or hashes - non-reversible, or one way algorithms that provide a check for data integrity.

The documents in this series weave the above concepts into a practical understanding of secure systems and services in the world of computing, networking, and the Internet.

 

References     Top of Page

The following documents and resources were used in the preparation of this series:

• CompTIA Security+ Study Guide: Exam SY0-101   by Mike Pastore & Emmett Dulaney - has an excellent test engine that simulates the CompTIA testing system.
• Security+ Exam Cram 2 (Exam Cram SYO-101)   by Kirk Hausman, Diane Barrett, Martin Weiss & Ed Tittel - also has a testing engine.
• Tech Exams Security+ Documentation - a series of documents that serves as good reference material. The site also has several practice exams.
• Gary Kessler Crypto Document - Finally, a direct, no fluff expose of cryptography and it's application. A little technical and very thorough. Excellent.
• WAP Documentation - a resource for Wireless Access Protocol.

Additional     Top of Page

The website process, the way the web works, Search Engines, and other web & internet concepts are often very confusing, especially for the non-technical person. webpointmorpheus has assembled several documents hoping to simplify these topics. This series of documents are the result of a consistent set of questions posed by current, past, and potential webpointmorpheus clientele. The documents are listed below, and are available in printable/downloadable .pdf form.