Abstract

Computer security has been a problem since the 1970s, and unfortunately, many of the problems described then are still present on today's systems. However, with the popularization of the Internet, and with the increasing internetworking of computers which perform important or sensitive functions, we find that threats to the security of our computer installations are no longer theoretical and remote possibilities, nor at this point do they remain exciting but isolated incidents à la "Cuckoo's Egg". On the contrary, they have graduated to the mundanity of everyday annoyance, yet they have potentially serious consequences for Concordia University.

In this report, we describe a series of incidents which took place during the summer of 1995, we provide a brief summary of elementary concepts in computer security, and we propose some directions the University can take to decrease the risks to its computer installations and the data they contain.

It is our hope that after reading this report, members of the University community will understand why computer security issues must be addressed, and will offer their enthusiastic cooperation for the implementation of the measures proposed in this document.