Computer Security

In information technology, there are three principle goals of security (1) confidentiality, (2) integrity, and (3) availability of information

Non-repudiation: It defines a service that provides proof of the integrity and the origin of data.

Encryption: It is a conversion of data, text or information into a form, usually called ciphertext, which is unreadable and cannot be understood by any means of unauthorized people. 

Decryption: It is the reverse transformation of encryption process and it applies the similar steps but uses the key bits in reverse order where the key is used in the decryption transformation.

Public key cryptography (also called asymmetric encryption) requires a pair of keys, a private key and public key.

Digital signature is used for marking and signing an electronic document like paper signatures.

Identification is the process of claiming user, group or system’s identity.

Phishing is a specialized type of spam that attempts to trick you into entering one’s confidential personal or account information for many different purposes including violating his/her account and identity theft or fraud.

Spoofing is the forgery of an e-mail header so that the message seems to be sent from someone or somewhere other than the original source.

Risk management involves assessing, prioritizing, analyzing and accepting risks or addressing the risks to guarantee individuals or organizations accomplish their goals at a minimal cost.

Asset: In computer security, any data, device, or any confidential resource that the computer possess is evaluated as an asset of the computer system which needs to be protected with security tools. Simply, an asset can be considered what it is aimed to be protected from malicious events or attacks. 

Threat: It is an action or possible event to violate the security of the system by exploiting known or unknown vulnerabilities (weak points in the security of the system). Threats can be the source of natural events, accidents, or intentional attacks to harm the computer system. Simply, a threat can be considered what it is aimed to be protected against.

First step is to identify all the assets in a given system. If we know the assets with their locations and value, it is significantly important to determine how much cost in terms of time, effort and money is required to secure these assets. Classification of the assets is the key to various security mechanisms that is required to be implemented to protect the assets.

When supplying security to a computer based system, its cost also need to be considered. This phase is called risk assessment.

Cost-benefit analysis requires four basic processes. First, for each possible loss, a cost must be assigned. Another cost calculation is also required for defending against them. It is required to determine this cost. Then, the probability that the loss will occur should also be identified and finally it is determined if the cost of defending against the risk outweighs the benefit or not.

Spyware: Spywares are malicious software programs that sends important personal information of the user and the actions taken by the user on the computer to the malicious persons without the knowledge of the user.

Virus: Viruses are a type of malicious computer program, which has existed since the computers have been around, disrupting the stated operation of the computer except the user’s consent or knowledge by hiding itself in other files.

The most important difference that separates spyware from viruses and worms is that once they are infected into the target system, they do not need to spread any further.

A Trojan horse creates an environment that allows its programmer to open a certain channel on the system, allowing the attacker to monitor or control the infected user’s system.

Some important precautions are given below to protect a computer based system from malicious software.

• User passwords should be very strong so that no unauthorized entity is able to enter the system; • Check applications installed on the system periodically, remove unused programs from the system; • Install the latest updates of the programs on the system; • Check the entries of users entering the system and change your password policy so that strong password usage is required; • Monitor incoming traffic to your system and intercept unauthorized system access; • Control remote access to the system and use a strong access infrastructure; • Install powerful security software that includes your computer’s versatile and secure firewall; • Keep your operating system and Internet browsers up-to-date; • Do not open e-mails from someone you do not know; • Do not download, install or run programs that you do not know on your computer; • Pay attention to free software, they can open security vulnerabilities; • Take care to use licensed software; • Make sure to back up your important data to another memory; • Install up-to-date antivirus programs; • Do not click unknown links or attachments; • Keep in your mind that sending data through via unencrypted wireless is easy for attackers to get your data; • Remember that use “https” URL.