Computer Security – Overview
Computer security refers to protecting and securing computers and their related data, networks, software, hardware from unauthorized access, misuse, theft, information loss, and other security issues. The Internet has made our lives easier and has provided us with lots of advantages but it has also put our system’s security at risk of being infected by a virus, of being hacked, information theft, damage to the system, and much more.
Technology is growing day by day and the entire world is in its grasp. We cannot imagine even a day without electronic devices around us. With the use of this growing technology, invaders, hackers and thieves are trying to harm our computer’s security for monetary gains, recognition purposes, ransom demands, bullying others, invading into other businesses, organizations, etc. In order to protect our system from all these risks, computer security is important.
Types of computer security
Computer security can be classified into four types:
1. Cyber Security: Cyber security means securing our computers, electronic devices, networks , programs, systems from cyber attacks. Cyber attacks are those attacks that happen when our system is connected to the Internet.
2. Information Security: Information security means protecting our system’s information from theft, illegal use and piracy from unauthorized use. Information security has mainly three objectives: confidentiality, integrity, and availability of information.
3. Application Security: Application security means securing our applications and data so that they don’t get hacked and also the databases of the applications remain safe and private to the owner itself so that user’s data remains confidential.
4. Network Security: Network security means securing a network and protecting the user’s information about who is connected through that network. Over the network hackers steal, the packets of data through sniffing and spoofing attacks, man in the middle attack, war driving, etc, and misuse the data for their benefits.
Types of cyber attack
1. Denial of service attack or DOS: A denial of service attack is a kind of cyber attack in which the attackers disrupt the services of the particular network by sending infinite requests and temporary or permanently making the network or machine resources unavailable to the intended audience.
2. Backdoor: In a backdoor attack, malware, trojan horse or virus gets installed in our system and start affecting it’s security along with the main file. Consider an example: suppose you are installing free software from a certain website on the Internet. Now, unknowingly, along with this software, a malicious file also gets installed, and as soon as you execute the installed software that file’s malware gets affected and starts affecting your computer security. This is known as a backdoor.
3.Eavesdropping: Eavesdropping refers to secretly listening to someone’s talk without their permission or knowledge. Attackers try to steal, manipulate, modify, hack information or systems by passively listening to network communication, knowing passwords etc. A physical example would be, suppose if you are talking to another person of your organization and if a third person listens to your private talks then he/ she is said to eavesdrop on your conversation. Similarly, your conversation on the internet maybe eavesdropped by attackers listening to your private conversation by connecting to your network if it is insecure.
4. Phishing: Phishing is pronounced as “fishing” and working functioning is also similar. While fishing, we catch fish by luring them with bait. Similarly, in phishing, a user is tricked by the attacker who gains the trust of the user or acts as if he is a genuine person and then steals the information by ditching. Not only attackers but some certain websites that seem to be genuine, but actually they are fraud sites. These sites trick the users and they end up giving their personal information such as login details or bank details or card number etc. Phishing is of many types: Voice phishing, text phishing etc.
5. Spoofing: Spoofing is the act of masquerading as a valid entity through falsification of data(such as an IP address or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain. Spoofing is of several types- email spoofing, IP address spoofing, MAC spoofing , biometric spoofing etc.
6. Malware: Malware is made up of two terms: Malicious + Software = Malware. Malware intrudes into the system and is designed to damage our computers. Different types of malware are adware, spyware, ransomware, Trojan horse, etc.
7. Social engineering: Social engineering attack involves manipulating users psychologically and extracting confidential or sensitive data from them by gaining their trust. The attacker generally exploits the trust of people or users by relying on their cognitive basis.
8. Polymorphic Attacks: Poly means “many” and morph means “form”, polymorphic attacks are those in which attacker adopts multiple forms and changes them so that they are not recognized easily. These kinds of attacks are difficult to detect due to their changing forms.
Steps to ensure computer security
In order to protect our system from the above-mentioned attacks, users should take certain steps to ensure system security:
1. Always keep your Operating System up to date. Keeping it up to date reduces the risk of their getting attacked by malware, viruses, etc.
2. Always use a secure network connection. One should always connect to a secure network. Public wi-fi’s and unsecured networks should be avoided as they are at risk of being attacked by the attacker.
3. Always install an Antivirus and keep it up to date. An antivirus is software that scans your PC against viruses and isolates the infected file from other system files so that they don’t get affected. Also, we should try to go for paid anti-viruses as they are more secure.
4. Enable firewall. A firewall is a system designed to prevent unauthorized access to/from a computer or even to a private network of computers. A firewall can be either in hardware, software or a combination of both.
5. Use strong passwords. Always make strong passwords and different passwords for all social media accounts so that they cannot be key logged, brute forced or detected easily using dictionary attacks. A strong password is one that has 16 characters which are a combination of upper case and lower case alphabets, numbers and special characters. Also, keep changing your passwords regularly.
6. Don’t trust someone easily. You never know someone’s intention, so don’t trust someone easily and end up giving your personal information to them. You don’t know how they are going to use your information.
7. Keep your personal information hidden. Don’t post all your personal information on social media. You never know who is spying on you. As in the real world, we try to avoid talking to strangers and sharing anything with them. Similarly, social media also have people whom you don’t know and if you share all your information on it you may end up troubling yourself.
8. Don’t download attachments that come along with e-mails unless and until you know that e-mail is from a genuine source. Mostly, these attachments contain malware which, upon execution infect or harms your system.
9. Don’t purchase things online from anywhere. Make sure whenever you are shopping online you are doing so from a well-known website. There are multiple fraud websites that may steal your card information as soon as you checkout and you may get bankrupt by them.
10. Learn about computer security and ethics. You should be well aware of the safe computing and ethics of the computing world. Gaining appropriate knowledge is always helpful in reducing cyber-crime.
11. If you are attacked, immediately inform the cyber cell so that they may take appropriate action and also protect others from getting attacked by the same person. Don’t hesitate to complain just because you think people may make your fun.
12. Don’t use pirated content. Often, people try to download pirated movies, videos or web series in order to get them for free. These pirated content are at major risk of being infected with viruses, worms, or malware, and when you download them you end up compromising your system security.
Question 1. What are the types of computer security?
Computer security is of four types:
- Cyber Security
- Information Security
- Application Security
- Network Security
Question 2. What is Cyber security?
Cyber security means securing our computers, electronic devices, networks, programs, systems from cyber attacks. Cyber attacks are those attacks that happen when our system is connected to the Internet.
Question 3. What is social engineering?
Social engineering attacks involves manipulating users psychologically and extracting confidential or sensitive data from them by gaining their trust. The attacker generally exploits the trust of people or users by relying on their cognitive basis.
Question 4. What steps can be taken to ensure computer security?
- Always keep your Operating System up to date.
- Always use a secure network connection.
- Always install an Antivirus and keep it up to date.
- Enable firewall.
Question 5. What is an antivirus? Name some antivirus software.
An antivirus is software that scans your PC against viruses and isolates the infected file from other system files so that they don’t get affected. Also, we should try to go for paid antiviruses as they are more secure.
Some of the antivirus are: Quickheal, Norton, F-secure, Kaspersky.