Computer security can be defined as controls that are put in place to provide confidentiality, integrity, and availability for all components of computer systems. These components include data, software, hardware, and firmware. This is a complex definition. Let’s illustrate the definition by showing you a day in the life of Samantha, a security manager just hired for a small company. The company doesn’t have any computer security yet, so she knows to start with the very basics.
Components of Computer Systems
Samantha’s first order of business is learning about the components of the computer systems she needs to protect. She asks the IT manager what kind of hardware, firmware, and software the company uses.
- Hardware is the physical part of the computer, like the system memory and disk drive.
- Firmware is the permanent software that runs the processes of the computer and is mostly invisible to the user, like the start-up functions that make elements of the hardware work together.
- Software is the programming that offers services to the user and administrator. The operating system, word processor, computer games, and Internet browser are all examples of software commonly found on a computer.
The CIA Triad
For confidentiality , she’ll have to ensure that information is available only to the intended audience. That confidentiality includes privacy of information that may be personal and sensitive. Protecting the data’s integrity is also a concern. The company needs certainty that information does not become inaccurate because of unintended changes. Finally, she’ll work with the IT manager to protect the data’s availability, or the ability for allowed persons to access the computer and its information whenever necessary. The protection of these qualities is her top goal as a security manager. These qualities are called the CIA triad.
Computer Security Controls
In simple language, computer security is making sure information and computer components are usable but still protected from people and software that shouldn’t access or change it. The protection comes from controls, or technical, physical, and procedural choices that limit access to the computer components.
Samantha knows that controls for computer security could include virus protection, locked computer cabinets, and regular review of the people with access to the computer. She’ll have to choose controls for computer security carefully in order to align the necessary user access with the minimum amount of unnecessary ability.
Types Of Attack
Malicious software can be described as unwanted software that is installed in your system without your consent. It can attach itself to legitimate code and propagate; it can lurk in useful applications or replicate itself across the Internet. Here are some of the most common types of malware:
- Macro viruses — These viruses infect applications such as Microsoft Word or Excel. Macro viruses attach to an application’s initialization sequence. When the application is opened, the virus executes instructions before transferring control to the application. The virus replicates itself and attaches to other code in the computer system.
- File infectors — File infector viruses usually attach themselves to executable code, such as .exe files. The virus is installed when the code is loaded. Another version of a file infector associates itself with a file by creating a virus file with the same name, but an .exe extension. Therefore, when the file is opened, the virus code will execute.
- System or boot-record infectors — A boot-record virus attaches to the master boot record on hard disks. When the system is started, it will look at the boot sector and load the virus into memory, where it can propagate to other disks and computers.
- Polymorphic viruses — These viruses conceal themselves through varying cycles of encryption and decryption. The encrypted virus and an associated mutation engine are initially decrypted by a decryption program. The virus proceeds to infect an area of code. The mutation engine then develops a new decryption routine and the virus encrypts the mutation engine and a copy of the virus with an algorithm corresponding to the new decryption routine. The encrypted package of mutation engine and virus is attached to new code, and the process repeats. Such viruses are difficult to detect but have a high level of entropy because of the many modifications of their source code. Anti-virus software or free tools like Process Hacker can use this feature to detect them.
- Stealth viruses — Stealth viruses take over system functions to conceal themselves. They do this by compromising malware detection software so that the software will report an infected area as being uninfected. These viruses conceal any increase in the size of an infected file or changes to the file’s date and time of last modification.
- Trojans — A Trojan or a Trojan horse is a program that hides in a useful program and usually has a malicious function. A major difference between viruses and Trojans is that Trojans do not self-replicate. In addition to launching attacks on a system, a Trojan can establish a back door that can be exploited by attackers. For example, a Trojan can be programmed to open a high-numbered port so the hacker can use it to listen and then perform an attack.
- Logic bombs — A logic bomb is a type of malicious software that is appended to an application and is triggered by a specific occurrence, such as a logical condition or a specific date and time.
- Worms — Worms differ from viruses in that they do not attach to a host file, but are self-contained programs that propagate across networks and computers. Worms are commonly spread through email attachments; opening the attachment activates the worm program. A typical worm exploit involves the worm sending a copy of itself to every contact in an infected computer’s email address In addition to conducting malicious activities, a worm spreading across the internet and overloading email servers can result in denial-of-service attacks against nodes on the network.
- Droppers — A dropper is a program used to install viruses on computers. In many instances, the dropper is not infected with malicious code and, therefore might not be detected by virus-scanning software. A dropper can also connect to the internet and download updates to virus software that is resident on a compromised system.
- Ransomware — Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While some simple computer ransomware can lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key.
Botnets are the millions of systems infected with malware under hacker control in order to carry out DDoS attacks. These bots or zombie systems are used to carry out attacks against the target systems, often overwhelming the target system’s bandwidth and processing capabilities. These DDoS attacks are difficult to trace because botnets are located in differing geographic locations.
Botnets can be mitigated by:
- RFC3704 filtering, which will deny traffic from spoofed addresses and help ensure that traffic is traceable to its correct source network. For example, RFC3704 filtering will drop packets from bogon list addresses.
- Black hole filtering, which drops undesirable traffic before it enters a protected network. When a DDoS attack is detected, the BGP (Border Gateway Protocol) host should send routing updates to ISP routers so that they route all traffic heading to victim servers to a null0 interface at the next hop.
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. They may exist for a number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability.
4. Denial-of-service attacks
Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victims account to be locked, or they may overload the capabilities of a machine or network and block all users at once. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service (DDoS) attacks are possible, where the attack comes from a large number of points – and defending is much more difficult. Such attacks can originate from the zombie computers of a botnet, but a range of other techniques are possible including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim.
Main article: Spoofing attack
Spoofing is the act of masquerading as a valid entity through falsification of data (such as an IP address or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain. Thereare several types of spoofing, including:
Email spoofing, where an attacker forges the sending (From, or source) address of an email.
IP address spoofing, where an attacker alters the source IP address in a network packet to hide their identity or impersonate another computing system.
MAC spoofing, where an attacker modifies the Media Access Control (MAC) address of their network interface to pose as a valid user on a network.
Biometric spoofing, where an attacker produces a fake biometric sample to pose as another user.
Tampering describes a malicious modification of products. So-called “Evil Maid” attacks and security services planting of surveillance capability into routers are examples.
What Is Computer Security Risk?
A computer security risk is really anything on your computer that may damage or steal your data or allow someone else to access your computer, without your knowledge or consent. There are a lot of different things that can create a computer risk, including malware, a general term used to describe many types of bad software. We commonly think of computer viruses, but, there are several types of bad software that can create a computer security risk, including viruses, worms, ransomware, spyware, and Trojan horses. Misconfiguration of computer products, as well as unsafe computing habits, also pose risks. Let’s look at these in more detail.
Types Of Computer Security Risks