(1.3)
Computer Security
Computer Security / Cyber Security
Computer security refers to protecting computer and its
content from damage, theft or misuse and action to prevent such incidents. Computer
security includes security of data and information stored and being
transferred, computer programs and applications and computer hardware.
Examples of computer security
Password, Biometric, Firewall, Cryptography etc
Types of computer
security
Hardware
security Software
security.
Information Security (infosec)
Information
security is the practice of preventing unauthorized access, use, disclosure,
modification, recording or destruction of information.
Key principles of Information Security
a)
Confidentiality:-
Only authorized users can access the data resources and information.
b)
Integrity:-
Only authorized users should be able to modify the data when needed.
c)
Availability:-
Data should be available to users when needed.
We can protect our data by
· by periodically
checking the hard disk and replacing it if it shows failure symptoms
· by copying the
data in another disk in the system to avoid accidentally erasing or erasing
data by unauthorized person.
· we can copy
important data into online storage devices which is also called cloud storage
like Dropbox, Google Drive, iCloud, OneDrive etc.
· We can also,
sometimes, send important files as an attachment to our own mail such as Gmail
or Hotmail.
· Another issue of
protecting data is preventing them from authorized access. Unauthorized users
may access our data store in our computer in the cloud storage. To prevent our
data from unauthorized access we have to protect the storage space, folder or
file with password.
Security Threats
—
A
risk which can potentially harm computer systems and organization.
—
The cause could be physical such as someone
stealing a computer that contains vital data.
—
The
cause could also be non-physical such as a virus attack.
Possible Security Threats
Phishing is the
fake attempt to obtain sensitive information such as usernames, passwords and
credit card details by disguising oneself as a trustworthy entity in an
electronic communication.
A botnet is a
logical collection of Internet-connected devices such as computers, smartphones
or internet of things (IoT) devices whose security have been breached and
control is given away to a third party.
A rootkit is a
malicious code (kit) that hides in system area provides continued
Administrator's (root) privileged access to a computer while actively hiding
its presence.
Keylogger is
hardware or software for recording the keys pressed on a keyboard secretly so
that person using the keyboard does not know that their actions are being
monitored.
Hacker
A computer hacker is any skilled computer expert who uses his/her
technical knowledge to overcome a problem.
Malicious code (Malware)
Malicious code is
a kind of harmful computer code or web script that is planned to cause
undesired effects to damage a system.
Types of malware
a)
A
computer virus is a destructive program that copies itself and infects a PC,
spreading from one file to another, and then from one PC to another when the
files are copied or shared. . E.g. C-Brain, Frodo, Disk Killer, I
Love You etc
Some viruses
produce unnecessary messages on the screen, some virus hide files, some virus
corrupt files and programs, some virus reduce memory size, etc.
Computer viruses
can spread from one computer to other computers through sharing of infected
portable disk like pendrive, opening a virus infected email, messages or
attached files and downloading files and programs form the websites which are
not secure.
b)
Computer
worms use the network to send copies of themselves to other PCs, usually
utilizing a security hole to travel from one host to the next, often
automatically without user intervention.
c)
Trojan
horses are applications that look like they are doing something harmless, but
secretly have malicious code that does something else.
d)
Spyware
is any software installed on user’s PC
that collects your information without user’s knowledge
e)
Adware
is a software application used by companies for marketing purposes; advertising
banners are displayed while any program is running.
Any four symptoms of computer virus.
v Program takes long time to load.
v Increased use of disk space and growth in file
size.
v Corrupting the system data.
v Renaming files with different names.
Security
mechanisms
—
A
mechanism that is designed to detect, prevent, or recover from a security
attack.
—
It
includes
—
Authentication
Systems
—
Firewalls
—
Cryptography
—
Antivirus
Software
—
Backup
System
Authentication System
—
The
process of identifying an individual usually based on a username and password
is called an authentication system.
—
Authentication
system makes sure that right people enters the system and access the right
information.
—
Types
of Authentication
Password
Biometric
Password
policy
A password policy defines the password strength rules that
are used to determine whether a new password is valid.
Password
—
A
password is a string of characters including letters, digits, or other symbols
which confirms the identity of a user.
Importance of password
protection
—
Password
secures the data by protecting the data from unauthorized access.
—
We
have to keep the password secure and strong so that unauthorized users may not
gain access to the resource and misuse it with our identity.
Following are some
of the tips to make password secure and strong:
l Never share your credentials
online.
l Don't use easily guessable the
name of a pet, child, family member, birthdays, birthplace, name of a favourite
holiday.
l Don't use a sequence like abcd or
1234 which are, again, easily guessable.
l Mix characters, numbers and
symbols. Also, mix small and capital letters.
l Avoid using the same password in
all applications.
l Change password periodically
Biometric
· Biometrics are
physical or behavioral human characteristics that can be used to digitally
identify a person to grant access to systems, devices or data.
· E.g.,
fingerprints, facial patterns and voice.
Any four areas where biometric are used :
Mobile Device Security: secures smartphones and tablets,
allowing access only to authorized users.
Cybersecurity: Prevent unauthorized access to sensitive
data with multi-factor authentication.
Time and Attendance Tracking: track employee attendance
accurately.
Financial Transactions: secure access to accounts and
transactions.
Biometric
verification
Biometric
verification is a method of confirming an individual's identity by analyzing
and measuring unique physical or behavioral characteristics like fingerprints,
facial patterns and voice
Firewall
A firewall is the network security systems that monitors and controls the
traffic flow between the Internet and private network on the basis of a set of
user-defined rules.
Firewall blocks
unwanted traffic as well as malicious software from infecting your computer.
Its Types are:
- Network Firewall: A security system placed between a
private internal network and the internet to monitor and control incoming and
outgoing network traffic.
- Host-based Firewall: A software program installed on a
single computer or device to monitor and control incoming and outgoing network
traffic for that specific device.
Two uses
of firewall
v Firewalls act as a barrier between an internal
network and external networks (like the internet). By filtering traffic, they
help safeguard sensitive data and critical resources within the network.
v Firewalls enforce access control policies by
allowing or denying specific types of traffic based on criteria such as IP
addresses, ports, protocols, and packet contents.
Cryptography
—
Cryptography is the study of secure communications
techniques that allow only the sender and intended recipient of a message to
view its contents.
—
Cryptography
is used to secure and protect data during communication.
Types of
Cryptograpy
Encryption
Decryption
Encryption
—
Encryption
is the technology to encode file or message that is being stored or transferred
online in intelligible content which cannot be used by an unauthorized person.
—
Encryption
is done by the person who is sending the data to the destination
— Encryption helps in data protection by
providing a secure way to store and transmit sensitive information.
Decryption
—
The
conversion of encrypted data into its original form is decryption.
—
Decryption
is done at the person who is receiving the data
Why data decryption is necessary?
To
convert encrypted (coded) data into readable form.
Antivirus software
—
Antivirus
software is software designed to detect and remove virus from computer system
and ensures virus free environment.
—
E.g.
Kaspersky, NAV, MSAV, McAfee, NOD 32 etc.
How antivirus helps to secure computer software?
An antivirus helps to secure computer software by detecting
and removing malicious software, such as viruses, spyware, and Trojans, that
can harm the computer or steal sensitive information.
Backup system
· Backup is the system of copying data and programs into
another location or creating a duplicate copy of it in a secured place.
· Backup is vital to computer security system in order
to save the data from being lost or damaged due to accidental or intentional
harm. When data and software are lost or damaged, we can easily recover through
backup.
Hardware Security
Hardware security
is the protection given to the various hardware tools and equipment used in
computer system from the accidental or intentional harm.
Different hardware
security measures are:
a)
Regular
Maintenance
b)
Insurance
c)
Dust
free environment
d)
Protection
from Fire
e)
Protection
from Thief
f)
Air
condition system
g)
Power
Protection device (Volt guard, Spike guard, UPS)
Regular Maintenance
Computer system
need regular maintenance to keep the computer hardware in good working
condition and it also helps to find out problems in hardware and correct the
problems before they cause several damages.
Insurance
· A means of
protection from financial loss.
· If a computer is
damaged or stolen or any kind of harm done then we can claim for the insurance
amount and get the economic support.
Dust Free Environment
· Dust particles can
cause the failure of hardware components.
· Computer room
should be absolutely free from dust and air pollution.
Protection from Fire
· Due to faulty
wiring, loose connection, smoking in the computer room and overload on power
socket can cause fire in a room.
· Using fire alarms,
fire doors, fire detectors and fire extinguishers can minimize the damage of
hardware components and loss of information from fire.
Protection from Theft
The computer room
should have physical security with proper locking system, controlled access of
authorized persons only by having human guard or biometric machine.
Air Condition System
A system for
controlling the temperature and humidity (wetness) of the air
Maintains suitable
temperature or humidity in the computer room.
Room Temperature
should be maintained between 210C to 240C.
Power Protection Device
An electric device
that controls electric voltage and provides enough backup to the computer
system when there is power failure. Its role in computer
security is to keep data and programs safe.
Computer needs 220
volts to 240 volts constantly.
Some common power
protection devices are:
a)
UPS
b)
Volt
Guard
c)
CVT
(Constant Voltage Transformer)
d)
Spike
Guard
e)
Surge
Suppressor
Why Power Protection Device needed?
To protect
computer system from damage, expensive data loss and unnecessary down time (is
out of action or unavailable for use).
Volt Guard
A power protection
device that provides constant output voltage to the computer system in case of
high input voltage coming from the source.
UPS (Uninterruptible Power Supply)
· UPS is a battery
supported power protection device which controls the electric voltage and supplies
clean and continuous power to the computer system even during power failures.
· The importance of UPS in computer security system is
that it controls fluctuation of electric voltage and provides enough backup
electric power to the computer system when there is power failure.
Why do
you connect your PC to the UPS?
We
connect PC to the UPS to control fluctuation of electric voltage and
provides enough backup electric power to the computer system when there is
power failure.
Spike Guard
A device designed
to protect electrical devices from voltage spikes.
Automatically maintains a constant voltage level.
Software security
Software security is the protection of computer systems and applications
from threats, such as hacking, virus attacks, and unauthorized access, to
ensure their confidentiality, integrity, and availability.
Some of the software security
measures
a)
Backup
b)
Scandisk
c)
Password
d)
Antivirus
Scan
disk
Scan disk is a
process which involves in maintaining the disk files and folders, bad sectors,
lost clusters, lost chains and other errors of the specific disk and it can fix
them if it is possible.
List
some points about how we can protect our data.
Antivirus
software can detect and remove virus from the computer.
Software
for backup helps in securing the information by keeping backup
What is
digital signature?
Digital
signature is a security mechanism system used on the internet for data and
information transaction by attaching a code at the end of the electronic
message that confirms the authenticity of sent message.
What is
digital currency?
Digital
currency is a type of electronic money that is stored and exchanged using
computers and other digital devices.
No comments:
Post a Comment