ABSTRACT Policies and latest threats of various

ABSTRACT The continuous development of computer network system brings both a great experience and convenience but new security threats for users. Computer security problem generally includes network system security and data security. Specifically, it refers to the reliability of network system, confidentiality, integrity and availability of data information in the system. Network security problem exists through all the layers of the computer network, and the network security objective is to maintain the confidentiality, authenticity, integrity, dependability, availability and audit-ability of the network. This paper mainly aims to discuss about the basic concepts,implementations of security mechanisms, Policies and latest threats of various systems that are upcoming today. Keywords Goals,  Cryptography, Cryptanalysis, Access  Control  Lists,Mechanisms, Bell-LaPadula, Biba. 1. INTRODUCTION Computer security should be seen as a basic management task. It is an extension of the duty to protect the organization’s assets against misuse or loss. Also, the information stored and processed by computers is the most significant asset of most organizations. (Some prefer to the use the term information security to describe the process of protecting computing. It plays a major role in ensuring an organization’s ability to survive as what the law calls a going concern. Increasingly, maintaining this process will involve ensuring that the organization is complying with relevant statutory and regulatory agency requirements.) Information is inevitable in all kinds of entrepreneurial activities, and must be therefore protected as assets. Information security may be assured in various ways, including related policies, processes, procedures, organizational structures, software programs and hardware equipment able to eliminate many sources of safety jeopardizing such as espionage, computer fraud and deceit, sabotage, vandalism, fire or water. Computer Security is the protection of computing systems and the data that they store or access. How many attacks to computers on campus do you think take place everyday? l Thousands of attacks per minute bombard our campus network. l An unprotected computer can become infected or compromised within a few seconds after it is connected to the network. l A compromised computer is a hazard to everyone else, too – not just to you. 2. BASIC CONCEPTS 2.1 Goals of Security: Computer security rests on Confidentiality, Integrity and Availability that is CIA. The interpretation of these aspects vary, as do the contexts in which they arise. The interpretation of aspect in a given environment is dictated by the needs of the individuals, customs and laws of particular organizations. But we can define it in a general way as follows- 1. Confidentiality Confidentiality is the concealment of information or resources. The need of keeping information secret arises from the use of computer in sensitive fields such as government. Ex-Military,banks. 2. Integrity Integrity refers to the trustworthiness of data or resources and it usually phrased in terms of preventing improper or unauthorized change. Integrity includes data integrity(Content information) and origin integrity(the source of data often called authentication). 3. Availability Availability refers to the ability to use the information or resource desired. Computer security professionals usually address three common challenges to availability: Denial of service (DoS) due to intentional attacks or because of undiscovered flaws in implementation (for example, a program written by a programmer who is unaware of a flaw that could crash the program if a certain unexpected input is encountered).Loss of information system capabilities because of natural disasters (fires, floods, storms, or earthquakes) or human actions (bombs or strikes). And Equipment failures during normal use. 2.2 Threats: A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more. 2.3 Cryptography: Cryptography means secret writing. Basically writing text in secret form such that it’s not understandable to attackers. Cryptanalysis is the breaking of codes. The basic component of cryptography is Cryptosystem. 2.4 Policies: A. Security Policies-A security model is a model that represents a particular policy or set of policies. A model abstracts details relevant for analysis. Analyses rarely discuss particular policies; they usually focus on specific characteristics of policies, because many policies exhibit these characteristics; and the more policies with those characteristics, the more useful the analysis. By the HRU result, no single nontrivial analysis can cover all policies, but restricting the class of security policies