What is Computer Security - Information Technology

What is Computer Security

The topic from a very technical point of view normally what we've done is we've taken a look at one aspect of security and basically we talked about the math or the principles that drives that particular concept and while that's all well and good we haven't really taken an overview at what security really is as a whole so this article is partly by request partly out of necessity we're going to approach the general principles of computer security and then we're going to move on to some common examples of what a security breach might be like this also gives me a very convenient way to plug some of my older work because as we move along in this episode we will come across some concepts that i have actually explained before and of course this article on computer security we are about to see are the four basic principles behind information security these four principles which I would consider you know things that have if you want a secure system as follows confidentiality integrity accessibility and non-repudiation now some of these terms are kind of self-evident while some others are not so let's take it from the top and try to understand what each of them meet first of all confidentiality think that is pretty self-evident the idea is if you are making a transmission you don't want any unauthorized third party to be able to tap into it and to understand its context

The practical way to achieve this would probably be to use some form of an encryption so that even if the information falls into the wrong hands that person wouldn't be able to make sense out of the information because to them encrypted information looks like garbled text and they don't have a means to reverse the encryption cryptography particularly the concepts of public and private key cryptography the whole idea behind that is when you receive a message from someone you need to be sure that this message is whole and not modified in other words the entirety of the message needs to be intact you need to know that that is indeed what that person wanted to send you practically what that means is we meet some way to know if modifications will meet to a particular piece of information and the way to achieve that is to use some checksum or fingerprints the whole idea of such an algorithm is that it is a mathematical method that considers all the text inside that transmission any little change in the contents of that text will create a huge change in the checksum and the way we actually use that to guarantee integrity is that the sender needs to compute the check some of the message then both the message and check some encrypts it and set on the receiving end when the user has received the message they need to decrypt it and then run the checksum on the contents of the message they'll need to check the information contained within the message into account next up is availability as its name implies we want to be able to guarantee that a piece of data is accessible when required now practically what this means is some form of protection against a denial of service now of service attacks can work in quite a number of ways but the most common one we see over the Internet is to simply flattest server with so much traffic that it cannot respond to legitimate requests how do you got against that well it's not an easy problem to solve by any means what people normally do is they have some kind of load balancing mechanism that is sort of able to take large volume of data that is coming in and if it's able to handle that then maybe the system you know still has enough resources to respond finally non-repudiation now this one is very interesting basically the idea is the person was sent the message cannot deny that data ones who have sent it like what wikipedia says this actually sort of transcends the idea of computer security and goes into sort of the legal side of things but at the same time we talked about it in this context and a reason being well there are actually computing methods for us to guarantee or at least ensure this to a certain extent practically to achieve non-repudiation we actually have to include some kind of fingerprints on the side of the sender of course the way we set things up is such that well the sender is the only person who could have generated this fingerprint and as a result it proves the center so you have those were the four principles behind computer security in general so to quickly summarize we've taken a look at confidentiality integrity availability and non-repudiation for fundamental principles behind security let us now move on to take a very general look at some common examples of vulnerabilities in systems.

let's take this list from the top and skim over some of the most common issues a programmer needs to protect the application against first and foremost is buffer overflow which happens when you allocate a certain amount of RAM space for a value but he end up inserting a value too large for that space as a result this value spills over out of the allocated space and possibly into areas of ramp that are in use by other applications this could cause corruption of data or even worse if the overwritten area was meant to be executed you run the risk of executing the input data which could be malicious code in disguise the simplest defense against this is to concave your information to the size of the allocated buffer that way it won't spill over operating systems also have mechanisms to prevent data areas of memory from being executed as code in Windows this is called data execution prevention and we've covered that before in the past next is integer overflow we've talked about this as well on several occasions but the idea is numbers are represented as combinations of a finite sequence of bits if we can make the numbers so large that we overrun the maximum value we can hold the number basically resets a malicious user could take advantage of this to make systems behave in undesirable ways we move on to SQL injection SQL which is used to interact with databases has syntax that is basically just a plain text drink a lot of the time curries are made based on user input but the user input should not be directly substituted into the statements because a malicious user could include SQL logic in input that ends up getting past this one is very interesting but we don't have next up is cross-site scripting web applications that receive and re display user input must be careful of this if a user enter some text containing HTML code it will get past when it's displayed on screen abolitionists user could use this to include scripts hosted elsewhere that could possibly compromise security the solution to this is to escape any code input by the user in the case of HTML that will be HTML text this stops user input from being executed we move on to passwords we could do all we can to protect the security of our database but you can't guarantee that it passwords held within our safe this is why to be safer we should install passwords in plain text if the database gets compromised the lost passwords could compromise more than one accounts if the password has been reused on multiple sites to protect against this password should be cryptography curly hashed we've discussed this before as well so follow the annotation on screen if you'd like to find out more grace conditions are an interesting one usually a small period of time elapses between obtaining a permission and actually using it if something crops up between these two points of time that invalidate the permission would the users still be able to perform the action since they've already gotten permission for it before him this is a hard one to tackle but one good solution is to minimize the time between obtaining and using a permission which reduces the chances of this happening finally permissions exploits generally a user is allowed to perform certain operations on a system but not others a user with malicious intent may try to find ways to give themselves more permissions to access what they are not allowed to this is not easy to guard against but staying up to date with software allows you to cover up loopholes that have been discovered so far so yeah there you go just a very quick crash course on top most basics when it comes to computer security in general we've also moved on and take a look at some examples that are quoted very often at least in school so yeah hopefully this gives you some sort of a comprehensive introduction to computer security in general...