This paper discusses some of the technical aspects of computer system security. While it is true that one does not have secure systems without physical security at each of the access points, machines, network routers, network cable, etc., there is yet another important factor of security; the human element of cracking.
Consultant Ira Winkler, in a presentation at the Black Hat Briefings '98 Conference, held in Las Vegas, Nevada, [Kers 98] described how, in four days of telephone work and internet research, he was able to obtain bank login id's and passwords for seventy three newly hired bank employees. This breach of security was performed by Winker who was working as a security consultant for the unnamed bank. Security experts estimated that it might have been easy to use the information gained in the security evaluation to transfer more than $2 million dollars from banking accounts.
The bank had rather good computer based security measures which included unbreakable encryption, firewalls and sophisticated public-key infrastructures. However, certain security policies were flawed together with a breakdown of certain office procedures which resulted in employees releasing login id's and passwords over the telephone.
Computer system security necessarily must involve policy, enforcement mechanisms, technology, physical security and human factors.