What is a Computer Security
Introduction
Today we are going to explain the basics of Computer Security. How it’s important in our life since the internet became a vital part of our daily life. We are also going to talk about attack types that may you face during your tech life.
Computer Security Definition
As per Wikipedia,
Computer security, cybersecurity, or information technology security (IT security) is the protection of computer systems and networks from information disclosure, theft of, or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
The field is becoming increasingly significant due to the increased reliance on computer systems, the Internet, and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of “smart” devices, including smartphones, televisions, and the various devices that constitute the “Internet of things”. Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world.
This branch was developed over the years, starting from a project called ARPANET (The Advanced Research Projects Agency Network) ending with Robert Morris’s worm and John McAfee.
Important definitions for use in the internet community
Security Service
A processing service or communication service provided by a system to give a specific type of threat protection to the resources of another system.
Threat
The ability to violate security that exists when an entity, circumstance, Act, or event is able to cause harm or damage, such as viruses and floods.
Threat Action
An act of threat; that is, an attack on system security as a result of an intentional act or accidental event. Such as sending a file containing confidential information to the email address of a company competitor.
Malicious logic is a type of threat Act, including virus, Trojan horse, worm, Logic Bomb, and spyware:
Virus
It is part of a self-replicating computer program. It spreads by infection; meaning, it copies itself and attaches itself to another program.
Trojan Horse
A program that appears to the user to be harmless. But contains hidden code designed to harm the systems on which it runs. It can not be run without user intervention, does not spread alone, does not repeat or copy itself.
Worm
It is a malicious program that self-propagates from one computer to another via network connections. Also, is implemented and spread without user intervention.
Logic Bomb
rum is placed inside a legitimate program equipment Lenoir (i.e., start breathing) when certain conditions may be related to the weight and time.
Spyware
It is software that collects information from the computer on which it is executed without the consent or knowledge of the user and sends the information obtained to interested parties of the person targeted for espionage.
Attack
An intentional act in which an entity tries to evade security services or penetrate the security policy of the target system.
Vulnerability
A flaw or weakness in the design, completion, operation, or management of the system, which can be exploited to breach the security policy of the system.
Security Policy
is a specific goal, course, or method of action that guides and determines current and future decisions related to system security. In other words, it is the set of rules that guide how security services are provided by a system or organization to protect the critical and critical resources of the systems.
Security Mechanism
Is a method or procedure used to accomplish a security service. For example, encryption uses a mechanism to achieve the confidentiality of data provided as a security service to protect sensitive data, transmitted over the network and established within the security policy.
Attack types in a Computer Security
It generally does not distinguish between threat and attack.
For example, a virus is a threat to data stored on a computer. But when the virus goes into damage mode and erases some work report files stored on a computer infected with the virus. The term “attack” becomes more appropriate and clear.
The attack is often divided into two types: Passive Attack and Active Attack.
Passive Attack
The attacker tries to obtain or take advantage of the information. But it does not affect the resources of the system itself. Such as network eavesdropping and monitoring of emails.
Passive Attack Parts
- Message content detection: such as obtaining sensitive information from an email or file stored on a computer or transmitted over the network.
- Traffic analysis: knowing certain information by inference by observing the characteristics of the data flow. Such as knowing the return address, the address of the receiver, and the size of the data.
Active Attack
Task tries to change the resources of the target system or affect its operation.
Active Attack Parts
- Masquerade impersonation: occurs when an entity claims to be another entity, i.e. using an identity other than the entity’s true identity.
- Reply: intercept data on the network and retransmit it later to produce an authorized act.
- Modification of message: modifying or changing some parts of a regular massage, rearranging or delaying some messages so as to produce an unauthorized effect.
- Denial of service: prevents normal use or management of connection equipment, such as causing network bottleneck.
Conclusion
In this Article ” What is a Computer Security “, we covered the definition of computer security as well as some important definitions in the internet community. So we can better protect our devices and ourselves.
Check out more Articles