0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 About

Senior PaperTomhave 3

evidence of his software pirating practice, I was able to have his access to the internet

via the Concordia networks removed.

As I progressed on to Luther College (Decorah, IA), I became more and more

interested in security. One of the great innovations of the time was the World Wide

Web (WWW), something that I saw as the future of computing. Through playing with

WWW technology, I became active in web site administration, and eventually system

administration, working for the Computer Center and the college's system

administrator. The more involved I became with system administration, the more

interested I became in security. There are many reasons for this interest, varying from

having a personal stake in the security and stability of the Luther web server to pure

interest based on ethical and moral reasons. From this background I have worked

hard to become educated in the theories and practices of system and network security

with the hope of some day working in this field. More could be said about my

background, motivation and interests, but at this juncture it is more worthwhile to talk

some about what security really is.

Trying to put a specific definition or label on security is a difficult task due, in

part, to the fact that as technology advances and new technologies emerge, the old

technologies that may once have been considered strong are suddenly considered

weak. This idea applies also to security in that, as new technologies and techniques

emerge, so do new attacks, bugs and flaws. The simple fact of the matter is that

security is always evolving to become stronger and more sophisticated, just as

hackers are becoming better educated and more sophisticated. Add to this the added

dimension of generational jumps in technical competence and you begin to see the

scope of the dilemma in trying to define security in hard, technical terms.

For this reason, I instead define security in terms of striking a balance between

the value of the information/system(s), the risk posed and the cost of securing it. An