computer security or cybersecurity

computer security or cybersecurity

Today, the internet faces several threats, especially from hackers who illegal access crucial information for personal benefits. Over the years, computer experts have dedicated resources to ensure that information located on the internet is secure. These measures are popularly known as computer security, which consists of processes, practices, and technologies aimed at protecting vital information, networks, programs, and computers from attacks from hackers. The intensity of the damage from hackers can be severe as it can lead to loss of finances and the stealing of one’s identity, among others. Therefore, the purpose of computer security is to ensure that information located on the internet, networks, and computers cannot be accessed by hackers to cause damages. The purpose of this research paper is to study computer security or cybersecurity as it is popularly known. Additionally, the article will provide information on computer securities’ elements and its aspects.

Keywords: Computer Security, Security attacks.

Introduction

Computer Security can be defined as the protection of information systems from malicious activities of hackers that may result in theft or damages and also disruption of operations. Computer security consists of the regulatory of physical access to hardware and protection from harm emitting from network access, code and data injection, and operators’ malpractices. Operators in a company can be the reason behind threats to crucial information through accessing the information illegally and using such information to cause harm. Sometimes, these practices by operators can be intentional or can be through blackmailing by other persons. Areas included in the computer security include; application security, information security, email security, mobile device security, web security, and wireless security.

Application Security

Application security is using the software, hardware, and procedural methods to protect computer systems from external threats. It entails measures and countermeasures used during development to protect applications against threats that might emit from flaws in an application’s design, development, maintenance, deployment, or upgrade. The security measures in applications minimize the possibility of unauthorized code to control applications to access, steal, alter, or erase sensitive information.

Information Security

Information security consists of strategies for managing practices, tools, and policies essential in preventing, detecting, documenting, and countering threats to both digital and non-digital information. Programs designed for information security are known for ensuring data confidentiality, reliability, and availability of systems and information. Sensitive information is therefore accessible only to authorized individuals, preventable from illegal modifications, and readily available to authorized personnel.

Email Security

One of the most common means of communication today in most of the businesses is through the use of email. It is, therefore, essential to ensure that information sent and received is safe and secure. To ensure security is through the use of email security applications, which blocks inbound attacks and monitors outbound messages preventing the loss of crucial information.

Mobile Device Security

The mobile device is the most used today, which faces high risks from hackers and cybercriminals. Users need to be aware of which networks their devices are connected to and control the access of other devices. Additionally, users ought to configure their connections to ensure network traffic remains private.

Web Security

The purpose of a web security solution is to regulate web use among one’s staff, blocking web-based threats, and denying access to malicious sites. Through such actions, an individual protects their web gateway.

Wireless Security

Similar to wired networks, wireless networks also face numerous threats. The failure of not setting up stringent security measures while installing a wireless LAN will allow almost every individual access to the system. Therefore to protect against exploitation, users ought to protect the wireless network.

The CIA Triad

Computer security focuses on three key areas; Confidentiality, Integrity, and Availability. Foremost, through confidentiality, computer security ensures that information is only available to authorized personnel. Today, many businesses have embraced technology with devices with the business being connected to a network. Therefore, through computer security, the business can ensure that crucial information is only accessible by authorized personnel for business’ use and modification. On the other hand, Integrity ensures that the entered data is from authorized personnel and is reliable. Integrity can be achieved through computer security that only ensures authorized personnel enters data into the system. Lastly, computer security ensures that information is available and also protects data against unauthorized modification of data.

Security Threats

Computer security threat is anything that can disrupt computer activities through hacking or malware. Over the years, the security threats are on the rise with the continuous embracement of technology. In computer security, the main issues emerging are vulnerabilities, threats, and countermeasures. Vulnerabilities refer to the susceptibility of a system to be attacked. Spies and hackers can exploit these vulnerabilities to get access to the systems disrupting activities and even loss of data. Threats are potential dangers facing a system, while countermeasures are the measures or techniques used to protect the system from threats. There are several sources of dangers that face a system, including hackers, spies, faults, or even events that might exploit a systems’ vulnerability. Therefore, the theory of computer security surrounds the identification of vulnerabilities and protection from threats to computer systems.

Objectives of Computer Security

Computer security aims at protecting information systems from malicious attacks through ensuring prevention, detection, and recovery. Prevention is aimed at ensuring systems’ attacks fail. It involves the implementation of techniques that users cannot bypass and are relied on to be correct and unalterable. Consequently, the attacker is unsuccessfully in trying to alter to gain access to the system. An excellent example would be the attempt to break into a host over a network, and the host is not connected to the network, and therefore, the attack has been prevented. The feature of being unaltered ensures that an attacker is unable in trying to change it. However, preventive mechanisms are cumbersome and to some extent affecting the use of the system. Among the most common preventive mechanisms is the use of passwords that only allows authorized personnel access to the system (Bishop 10).

Another objective of computer security is to detect threats, especially in cases where attacks are unpreventable. Also, detection can be used to determine the effectiveness of prevention measures. Detection mechanism function by acknowledging the possibility of occurrence of attacks and discover that an attack is in progress or has occurred, and report it. The attack is monitored by evaluating the provided data on its nature, severity, and outcomes. However, detection mechanisms monitor various system’s aspects, exploring actions and information that can indicate an attack.

An example would be when a password is incorrectly entered more than thrice, and the mechanism only gives a warning. Afterward, the login may proceed upon a correct password, but on the system, log reports will be an error message indicating the unusually high number of insertion of incorrect passwords. However, the detection mechanism is a disadvantage since it does not prevent the compromise of the systems. Hence, there is a need for continuous and periodic monitoring of the detection mechanism for security problems (Bishop 10).

Lastly is a recovery that bears two forms; the stoppage of attacks and assessments and repairs of any damage caused. The recovery process is very complicated since every attack is unique. Therefore, it is challenging to characterize the type and extent of any damage entirely. The recovery entails the identification and fixing of vulnerabilities exploited by the attacker to gain access to the system (Bishop 10).

Types of Security Attacks

1. Denial of Service Attacks

Denial of service attacks is commonly used to make some resources unavailable in a network. In response, hackers use overload to support unlawful applications for service. The response cannot process the numerous requests and, therefore, slows down or crashes or both.

2. Brute Force Attacks

Often in cases where passwords are required, a hacker may try and guess the logins into the system. Such a trial and error attack is what is commonly referred to as Brute force attacks. The type of attack uses automated software that tries to predict several password combinations before getting the correct one.

3. Browser Attacks

Browser attacks are popular with internet users, encouraging them to download malware unenthusiastically. These attacks often use fake software or application update, and in other cases, websites are forced to download malware. To avoid such attacks, internet users ought to frequently update their browsers.

1. Shellshock Attacks
2. SSL Attack
3. Backdoor Attacks
4. Botnet Attacks

Conclusion

In a nutshell, computer security is essential in daily activities for almost all individuals, companies, and businesses. Computer security is critical in protecting information from malicious activities of hackers and spies. The concepts of computer security are focused on the CIA triad, which stands for confidentiality, Integrity, and Availability.