Introduction to Computer Security

Computer security refers to protecting and securing computers and their related data,
networks, software, hardware from unauthorized access, misuse, theft, information loss, and
other security issues.

The Internet has made our lives easier and has provided us with lots of advantages but it has
also put our system’s security at risk of being infected by a virus, of being hacked, information
theft, damage to the system, and much more.

Technology is growing day by day and the entire world is in its grasp. We cannot imagine even a
day without electronic devices around us. With the use of this growing technology, invaders,
hackers and thieves are trying to harm our computer’s security for monetary gains, recognition
purposes, ransom demands, bullying others, invading into other businesses, organizations, etc.
In order to protect our system from all these risks, computer security is important.
 Importance of Computer Security

Computer security is important because it makes sure that your information and data are
safe. It may be related to your business, health, or personal information. Computer security
provides the features of availability, integrity, and confidentiality for the computer system.
The following are the reasons why computer security is considered important:

1. To Protect Personal Information

To prevent yourself from cyber threats, make sure that you protect your personal
information and data. The issue with Information Technology a big one that is still prevailing
which is responsible for protecting your personal information and critical data.

2. To Protect Company Properties

A company involves a lot of sensitive information and assets. It is very important to protect
the organization's important information and sensitive data so that it can prevent itself from
any unauthorized access or misuse. So, a company does not compromise the security of its
computer system because if the information gets out then the company has to incur huge
losses. Installing a security system in the computers ensures IT protection which indeed
helps the companies to protect their sensitive data and information.

3. To Prevent Data Theft

Data help means stealing any critical and sensitive information such as account passwords,
bank account details, health-related information, personal information, important
documents that are stored in the computer systems and its servers, and so on.

Data theft can happen for multiple reasons that can be stated as follows:

 Stolen and weak credentials.

 Errors caused by humans.
 Presence of any malicious insiders.
 Some application vulnerabilities.
4. To Prevent Malware and Viruses

Computer viruses and malware can be very annoying at times and computer security can
help you to prevent your system from these unwanted visitors. A computer virus or malware
can delete your important data and corrupt the sensitive information that is stored in your
computer system. It can also harm your hard disk as it can spread from one computer to
another with the help of email programming.

5. To Protect From Unauthorized Access

By installing computer security in your system, you will be able to understand who is trying
to get unauthorized access to your system. You can prevent your computer system from
being authorized to access it by implementing computer security. It prevents hackers from
getting access to your computer system
 Types of Computer Security

Here are some of the major types of computer security practices and tactics that are
followed by users and organizations to protect their sensitive data, Software, and hardware.
The different types of computer security are very important to protect the data stored in
electronic systems and networks.

1. Application Security

When security features are introduced in the primary stage of the development process, that
is one it's known as application security. It is very well capable of protecting your computer
system from cyber security threats such as unauthorized access and data breaches.
Furthermore, it can also help your computer system to fight against SQL breaches and denial
of service attacks.

Some of the major application tools techniques are used for installing the application
security feature, such as software encryption, antivirus, firewall, etc. and these help your
system to build a wall against cyber attacks.
2. Information Security

Information security is a type of cyber security that specially focuses on the methodology
and techniques that are built for ensuring computer security. Information security, as a
Process was developed to protect the availability, integrity, and confidentiality of computer
systems from Data thefts, unauthorized access, harm, and destruction.

Information security is commonly known as the CIA triad and this model is used for
protecting the integrity, availability, and confidentiality of organizational data so that
productivity is maintained.

3. Network Security

Network security as the name suggests is another type of computer security that protects
your computer system from authorized intrusions and access to your computer networks. It
is similar to information security in a way that it also protects the integrity, availability, and
confidentiality of your computer networks. Network security is designed in a way with a lot
of configurations that it performs to its best abilities. it includes the safety of both Software
and hardware.

There are various network security methods and components that help computer networks
to be safe and secure. These are stated as follows:

 Application security
 Anti-virus software
 Behavioral analysis
 Firewall
 Email security
 Web security
 Wireless security
 Network access control
 Network segmentation
 Virtual private network
4. Endpoint Security

Any error that is committed by a human can be easily exploited by hackers or cyber
criminals. End users are facing a huge security risk in any organization. End users become the
victims of Cybercrimes because of their lack of knowledge about IT protection and policies.
Because they lack awareness, they can unknowingly give access to their computer systems to
Cyber criminals.

So it is important to understand the comprehensive security policies and procedures so that

you do not fall into the trap of cyber criminals and always stay alert. Awareness training
programs should be arranged for enhancing their knowledge about computer security and its
threats.

5. Internet Security

Internet security is the most recent type of computer security that has reached a boom
period in recent times. It is a method for creating a perfect set of rules and actions to
prevent any unauthorized use or harm to computer systems that are directly connected to
the internet.

It is the newest branch of computer security that specifically deals with the risks and threats
that comes with the internet which is enumerated as follows:

 Hacking
 Computer viruses
 Malware
 Denial of service attacks
.
 Why Do Users Get Attacked?

The main motives for attacking an organization’s or individual’s computer are:

1. Disrupting a business’ continuity: If a business is disrupted, it causes great harm to

the organization in the form of lost profits, fraud, and damage to its reputation.

2. Information theft and manipulating data: Hackers take confidential information that
they steal from organizations and sell it to individuals or groups on the black market.

3. Creating chaos and fear by disrupting critical infrastructure: Cyber terrorists attack a
company or a government body to disrupt their services, doing damage that can
potentially affect an entire nation.

4. Financial loss to the target: Hackers attack an organization or business and disrupt
their services in such a way that the target has to allocate substantial funds to repair
the damage.

5. Achieving a state’s military objectives: Rival nations continuously keep an eye on

each other and sometimes employ cybercriminal tactics to steal military secrets.

6. Demanding ransom: The hackers employ ransomware to block a website or servers,

releasing control only after a ransom is paid.

7. Damaging the reputation of target: The hacker may have personal reasons to attack
an organization or individual so that their reputation suffers.

8. Propagating religious or political beliefs: Hackers may infiltrate websites to promote

religious dogma or a certain political agenda, usually to sway voters to vote a certain
way.
 Types of Attacks

There are many kinds of attacks available to the dedicated hacker. These are among the most
famous and frequent types of attacks.

1. Denial of service (DDoS):

This is an attack used to restrict the user’s access to the system resources by flooding the server
with useless traffic. The botmaster commands all the bots to access a resource at the same time
so that the resource gets hopelessly jammed up. Then, if a legitimate user wants to access that
same resource, they will not be able to do so. This is illustrated below:

Fig: Denial of service illustration

2. Malware attack:

This is a malicious program that disrupts or damages the computer. There are four main types
of malware:

 Keylogger: Keylogger records all the hits on the targeted keyboard. Most hackers use
it to get passwords and account details.

 Virus: A computer virus is a malicious code that replicates by copying itself to another
program or document and changes how a computer works.

 Worms: This is a standalone program that runs independently and infects the system.
One of the more popular examples is W32. Alcra.F. The worm propagates itself
through network share devices.

 Trojan horse: This is a malicious code that takes over your computer. This code can
damage or steal information from your computer.

3. Man in the middle:

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in
a conversation between a user and an application—either to eavesdrop or to impersonate one
of the parties, making it appear as if a normal exchange of information is underway.

The goal of an attack is to steal personal information, such as login credentials, account details
and credit card numbers.
 Fig: Man in the middle attack

4. Phishing:

The attacker sends bait, often in the form of an email. It encourages people to share their
details. For example, you get an email like this:

If someone is a customer of ABC bank, he would probably open the link and enter the details.
But these kinds of emails are always phishing. Banks do not send emails like this.

5. Eavesdropping:

Attacker observes traffic on your system and the work you are doing. The attacker can monitor
you in three ways:
  Email monitoring

 Which websites you visit

 What items you download

6. SQL injection:

As the name suggests, an SQL injection vulnerability allows an attacker to inject malicious input
into a SQL statement. This type of attack happens only on websites. The best example would be
www.facebook.com. There is a database stored on the Facebook website. The hackers get into
that database and sign in using someone else's username and password.

7. Password attack:

To crack a password or find a password, hackers employ the following techniques:

 Dictionary attack: In this method, they handle every password that is possible
through the dictionary

 Brute force: It is a trial and error method used to decode the password or data. This
attack takes the most amount of time.

 Keylogger: As the name suggests, keylogger records all the hits on the keyboard.
Most people use it to get passwords and account details

 Shoulder surfing: The attackers observe the user’s keyboard by looking over the
user’s shoulder.

 Rainbow table: There are rainbow tables that contain precomputed hash values.
Attackers use this table to find the user’s password.
 What to Secure?

The security of any organization starts with three principles: confidentiality, integrity, and
availability. This is called CIA (no relation to the American spy organization!). CIA has served as
the industry standard for computer security since the advent of the first mainframes.

Fig: CIA triad

 Confidentiality: The principles of confidentiality assert that information and functions

can be accessed only by authorized parties. Example: military secrets.
  Integrity: The principles of integrity assert that information and functions can be
added, altered, or removed only by authorized people and means. Example: incorrect
data entered by a user in the database.

 Availability: The principles of availability assert that systems, functions, and data must
be available on-demand according to agreed-upon parameters based on levels of
service.

How Do You Secure Your Computer?

1. Two-way authentication

Two-factor authentication adds a layer of security to the authentication process by making it

harder for attackers to gain access to a person's devices or online accounts. For example, when
you make online payments, you first have to confirm your card’s cvv number, then you undergo
a second confirmation by providing your mobile number.

2. Secure passwords

Create strong passwords so that no one will be able to hack or guess your password. The best
passwords include:

 At least 15 characters.

 Capital letters.

 Special characters. Example: @#$%.

 Numbers.

3. Regular updates
Always keep your system and all its software updated. Many updates contain additional
defenses against cyber attacks.

4. Antivirus

Antivirus is a computer program used to prevent, detect, and remove malware. Examples of
antivirus include Norton, Quickheal, and McAfee.

5. Firewalls

Firewalls prevent unauthorized Internet users from accessing private networks connected to
the Internet, especially intranets.

6. Anti-Phishing Tactics

When you get an email that looks suspicious or has no relation to you, then do the following:

 Do not click on the link in the email.

 Do not provide any personal details if asked.

 Do not open the attached files.

7. Encryption

This is the process of converting ordinary plain text into unintelligible text and vice-versa.
Encryption is used in many applications like:

 Banking transactions.

 Computer passwords.
  E-commerce transactions.

Unfortunately, cybercrime is increasing daily, so it’s imperative to have a solid grasp of the best
cybersecurity practices.
 Conclusion

Computer security refers to protecting and securing computers and their related data,
networks, software, hardware from unauthorized access, misuse, theft, information loss, and
other security issues. The Internet has made our lives easier and has provided us with lots of
advantages but it has also put our system’s security at risk of being infected by a virus, of being
hacked, information theft, damage to the system, and much more

Reference
https://en.wikipedia.org/wiki/Computer_security

https://www.knowledgehut.com/blog/security/computer-security

https://www.geeksforgeeks.org/computer-security-overview/

https://www.sailpoint.com/identity-library/five-types-of-cybersecurity/