Site Loader

Computer security

Untrained users are a vulnerability because they are not
aware of the techniques used to manipulate users into downloading viruses,
malware, worms or click on links and they do not know how to follow security
protocol.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Relating to users, weak passwords pose as vulnerability due
to their simple design. This is because they are usually based upon hobbies,
relatives or pets to make them easier to remember. An accessible way to avoid
weak passwords is to use a password generator; it is good because it randomly
generates a string of characters with the ability to modify what characters are
used and length of the password. A more convenient method is to build upon a
simple password, by including Upper and Lower-case letters, numbers and
symbols.

Insider threat is a user with malicious intents; examples
include bribed, blackmailed or disgruntled employees. It is one of the most
common ways of security breaches. They have the ability to read, steal or
change data. One potential procedure to avert this is to limit access to
crucial information and functionalities of the system.

Other threats to be taken into consideration are spywares. A
spyware is not a virus, but it works in a similar way to viruses. The way
spyware work is they are installed on a computer to track the user’s movement online.
The software passes on data over the user’s Internet connection to another
location. “A company may employ spyware to gain marketing information and
Website usage about company’s products, or it may sell this information to
other organizations” (Wikipedia, 2004). Every time a computer is booted up, the
spyware strengthen up and remains running while the computer is working. More
than one spyware can run on the background without any knowledge form part of
the user. Some ways to protect a computer from spywares are installing
antivirus and firewalls, install e-mail and web filters to prevent executable
files from attaching without permission from the user and the user should also
make sure to delete chain e-mail and spam without opening them.

Phishing is a way of misleading the user into giving the
attacker personal information about them. Usually the attackers possess
information about users through email, social networking sites and other means
of communication. Consequences of this action can be disastrous, as an example
attackers can take over infected computers, therefore, gather information, and
block access to websites, servers and networks.

One of the most common and harmful attacks is SQL injection.
Attackers introduce dangerous code into servers allowing them to access private
data and modify files. Some ways to prevent SQL injections are to limit access
to the database, keep software up to date and constantly supervise SQL
statements running in the background.

In order to make software more secure every bug, flaw or
vulnerability has to be corrected, every input need to be checked and any input
coming from unknown sources should be blocked. Security measures should be
implemented in software when it is being created.

Network security

A router can affect the service safety, needs to be
firewalled and have relevant port forwarding. “IT infrastructure refers to the
composite hardware, software, network resources and services required for the
existence, operation and management of an enterprise IT environment.”

Firewall is a method of controlling network access by
managing and checking data that passes through packet filters. A packet
filtering firewall “uses filters (rules) to determine which packets should be
allowed, based on metrics such as: IP addresses, contained protocols”
L3-Network Security.

One of the biggest advantages of using this method is that
they can process packets rapidly. The cost and usage of resources with this
method is low in comparison to other types of firewalls thus it is recommended
to use them in smaller networks.

They are vulnerable to spoofing attacks, which means that
program is being tricked into allowing corrupted data to pass and blocking the
other. It can not prevent attacks in which data is made to appear as resources
needed on the server. Data is not deeply checked and because of that it is not
used as main layer of security. https://supportforums.cisco.com/t5/security-documents/firewall-and-types/ta-p/3112038

A few physical protections needed to ensure the safety  of a server are setting up surveillance for
the server room, that way the company knows who goes in and out of the server
room and when. A video surveillance camera could be place in a location to make
it difficult to interfere with or disable, on top of that a authentication
system can be implemented into the locking mechanism so that someone who wants
to go in the server room need to use a smart card to unlock the doors.

There should always be backups of important data which is
essential in a disaster recovery situation, it is always important to remember
that the devices the backups are on can be stolen and used by outsiders. The
company should always keep a set of backups off site, and they should be taken
care to ensure that they are secure. One way to remove spywares is using
freeware spyware removal programs that can almost eradicate the spywares from a
computer relatively fast.

Information security

“Historically, data encryption has
been used primarily to protect diplomatic and military secrets from foreign
governments.” (data encryption. 2017). Data encryption is the science of
changing plain text into cipher text by substituting or transposing characters,
and it uses algorithms (mathematical formulas) and keys to create cipher text. Encryption
is a key element of an information security environment, and is used by both
sides to secure data, validate senders, and to protect the IT environment. Security
professionals must be conversant with the techniques, tools, and processes that
are used to encrypt data both on network, and at rest. In addition, they must
know how aggressors may use encryption, either to protect their own data, or to
conceal their attack. Security analysts must also be able to identify poor
cryptosystems. A good strategy for implementing information security is using a
128 bit key for a symmetric encryption algorithm, there are 2128   possible keys. The problem is that
encryption is just one link in the chain of security. Encryption is a really
strong link in that chain, but one weak link breaks the chain. It is usually
easier for the attacker to hack your machine and steal the plaintext than to
break your cipher.

 

Conclusion

This report has identified different vulnerabilities,
threats, and attacks on computer security as well as mention different methods
and techniques than can be adopted by the organization to prevent certain
disasters from happening, although some can’t be avoided such as natural
catastrophes, but we can prevent them from having a bigger impact by taking
some precautions as the ones mentioned before. We can also conclude that network
security starts at physical level. “All the firewalls in the world won’t stop
an intruder who is able to gain physical access to your network and computers.”
()

Post Author: admin

x

Hi!
I'm Stuart!

Would you like to get a custom essay? How about receiving a customized one?

Check it out