1.3 COMPUTER SECURITY
Computer Security / Cyber Security
Computer
security refers to protecting computer and its content from damage, theft or
misuse and action to prevent such incidents.
Computer
security includes security of data and information strored and being
transferred, computer programs and applications and computer hardware.
a. Hardware security
b. Software security.
Information security is the practice of preventing unauthorized access, use, disclosure, modification, recording or destruction of information.
a) Confidentiality:- Only authorized users can access the data resources and information.
b) Integrity:- Only authorized users should be able to modify the data when needed.
c) Availability:- Data should
be available to users when needed.
a. by periodically checking
the hard disk and replacing
it if it shows failure
symptoms
b. by copying the data in another disk in
the system to avoid accidentally erasing or erasing data by unauthorized person.
c. we can copy important data into online
storage devices which is also called cloud storage like Dropbox, Google
Drive, iCloud, OneDrive etc.
d. We can also,
sometimes, send important files as an attachment to our own mail such as Gmail or
Hotmail.
e. Another issue of protecting data is
preventing them from authorized access. Unauthorized users may access our data store in our computer in the
cloud storage. To prevent our data from unauthorized access we have to protect
the storage space, folder or file
with password.
a) A risk which can potentially harm computer
systems and organization.
b) The cause could
be physical such as someone stealing
a computer that contains vital
data.
c) The cause
could also be non-physical such as
a virus attack.
Phishing is
the fake attempt to obtain sensitive information such as usernames, passwords
and credit card details by disguising oneself
as a trustworthy entity
in an electronic communication.
A botnet is a logical collection of Internet-connected devices such as computers, smartphones or internet of things (IoT) devices whose security have been breached and control is given away to a third party.
A rootkit is a malicious code (kit) that hides in system area provides continued Administrator's (root) privileged access to a computer while actively hiding its presence.
A computer hacker is any skilled computer
expert who uses his/her technical knowledge
to overcome a problem.
Malicious code (Malware)
Malicious
code is a kind of harmful
computer code or web script that is planned to cause undesired effects to damage
a system.
a) A computer
virus is a destructive program that copies itself and
infects a PC, spreading from one file to another, and then from one PC to another
when the files are copied or
shared.
Some viruses produce unnecessary messages
on the screen, some virus hide files, some virus corrupt files and programs, some virus reduce memory size, etc.
b) Computer viruses can spread from one
computer to other computers through sharing of infected portable disk like pendrive, opening a virus infected email,
messages or attached files and downloading files and programs form the websites
which are not secure.
c) Computer worms use the network to send copies of themselves to other PCs, usually utilizing
a security hole to travel
from one host to the next,
often automatically without user intervention.
Trojan horses are applications that look like they are doing something harmless, but secretly
have malicious code that
does something else.
d) Spyware
is any software installed on user’s PC that collects
your information without
user’s knowledge
e) Adware is a software application used by
companies for marketing purposes; advertising banners are displayed while
any program is running.
A mechanism that is designed
to detect, prevent, or recover from a security
attack.
a) It includes
b) Authentication Systems
c) Firewalls
d) Cryptography
e) Antivirus Software
f) Backup
System
i) The process of identifying an individual
usually based on a username and password is called an authentication system.
ii) Authentication system makes sure that right people
enters the system
and access the right information.
iii) Types of Authentication
a) Password b) Biometric
a) A password is a string of characters including letters,
digits, or other symbols which confirms the identity of a user.
b) Password secures the data by protecting the data from unauthorized access.
c) We have to keep the password secure
and strong so that unauthorized users may not gain access
to the resource and misuse
it with our identity.
a) Never share your credentials online.
b) Don't use easily
guessable the name of a pet, child,
family member, birthdays, birthplace, name of a favourite holiday.
c) Don't use a sequence like abcd or 1234
which are, again,
easily guessable.
d) Mix characters, numbers and symbols. Also, mix small and capital
letters.
e) Avoid using the same password in all applications.
f) Change
password periodically
i) Biometrics are physical or behavioral
human characteristics that can be used to digitally identify a person to grant access
to systems, devices
or data.
ii) E.g.,
fingerprints, facial patterns
and voice.
A firewall is
the network security systems that monitors and controls
the traffic flow between the Internet and private network on the basis of a set of user-defined rules.
Firewall
blocks unwanted traffic
as well as malicious software
from infecting your computer.
Cryptography
a) Cryptography is the study of secure
communications techniques that allow only the sender and intended recipient of a message to view its contents.
b) Cryptography is used to secure and protect data during communication.
Types
of Cryptograpy
i) Encryption
ii) Decryption
i) Encryption is the technology to encode
file or message that is being stored or transferred online in intelligible content which cannot be used by an unauthorized person.
ii) Encryption is done by the person
who is sending the data to the destination
i. The conversion of encrypted data into its original form is decryption.
ii. Decryption is done at the person
who is receiving the data
a. Antivirus software is software designed
to detect and remove virus from computer system and ensures virus free environment.
b. E.g. Kaspersky, NAV, MSAV, McAfee, NOD 32 etc.
a) Backup is the system of copying data and programs
into another location
or creating a duplicate copy of it in a secured place.
b) Backup
is vital to computer security system in order to save the data from being lost or damaged due to accidental or intentional harm. When data and software
are lost or damaged, we can easily recover
through backup.
Hardware security is the protection given
to the various hardware tools and equipment used in computer system from the accidental or intentional harm.
i) Regular Maintenance
ii) Insurance
iii) Dust
free environment
iv) Protection from Fire
v) Protection from Thief
vi) Air
condition system
vii) Power
Protection device (Volt guard, Spike guard, UPS)
Computer system need regular maintenance to
keep the computer hardware in good working condition and it also helps
to find out problems in hardware and correct the problems before they cause several
damages.
i. A means of protection from financial loss.
ii. If a computer
is damaged or stolen or any kind of
harm done then we can claim for
the insurance amount and get the economic support.
Dust
Free Environment
i. Dust particles can cause the failure of hardware components.
ii. Computer room should be absolutely free from dust and air pollution.
i. Due to faulty wiring, loose connection, smoking
in the computer room and overload on power socket can cause fire in
a room.
ii. Using
fire alarms, fire doors, fire detectors and fire extinguishers can minimize the damage of hardware components and loss of
information from fire.
Protection from Theft
The computer room should have physical
security with proper locking system, controlled access of authorized persons only
by having human guard or
biometric machine.
A system for
controlling the temperature and humidity (wetness) of
the air Maintains suitable
temperature or humidity
in the computer room.
Room Temperature should
be maintained between
210C to 240C.
Power Protection Device
An electric device that controls electric
voltage and provides enough backup to the computer system when there is power failure.
Computer
needs 220 volts
to 240 volts constantly. Some common power protection devices are:
a. UPS
b. Volt
Guard
c. CVT (Constant Voltage Transformer)
d. Spike
Guard
e. Surge
Suppressor
To protect computer system from damage, expensive data loss and unnecessary down time (is out of action or unavailable for use).
A power
protection device that provides constant output voltage
to the computer system in case of high input voltage coming from the source.
a. UPS is a battery supported power protection device
which controls the electric voltage
and supplies clean and continuous power to the
computer system even during power failures.
b. The importance of UPS in computer security
system is that it controls fluctuation of electric voltage and provides
enough backup electric power to the computer
system when there is power failure.
A device
designed to protect electrical devices from voltage
spikes. Automatically maintains a constant voltage level.
The security given to the software and data
from being lost or damaged due to accidental or intentional harm is called software
security.
a. Backup
b. Scandisk
c. Password
d. Antivirus
Scan disk
Scan disk is a process which involves in
maintaining the disk files and folders, bad sectors, lost clusters, lost chains and other errors of
the specific disk and it
can fix them if it is possible.
Post a Comment