Outline of computer security

Last updated

The following outline is provided as an overview of and topical guide to computer security:

Contents

Computer security is commonly known as security applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the whole Internet. The field covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance in line with the increasing reliance on computer systems of most societies worldwide. [1] Computer security includes measures taken to ensure the integrity of files stored on a computer or server as well as measures taken to prevent unauthorized access to stored data, by securing the physical perimeter of the computer equipment, authentication of users or computer accounts accessing the data, and providing a secure method of data transmission.

Essence of computer security

Computer security can be described as all of the following:

Areas of computer security

Authentication

Computer security threats

The variety of threats combined with the rapid development of new threats has made cyber insecurity and the removal of information assurance the 'status quo'. As long as man continues to use the computer, man will also takes interest in manipulating, modifying, creating and bypassing 'rules' and 'security standards.'

The most common and effective method of violating computer security protocols is Phishing; Phishing is the process of providing a cloned login page for a site the victim uses, for example, Google's Gmail - once the user enters his/her login information, the data is captured and access to the victims account is gained.

Many corporations executive's, mid-ranking managers and even low level staff of many current U.S. corporations have no idea that a malicious user is quietly and passively intercepting their communications. Why? A strong motivation is the theft of Intellectual Property. Often victims of phishing either never become aware there privacy has been breached, or many months pass before they become aware that their privacy has been lost. [3]

Methods of Computer Network Attack and Computer Network Exploitation

Social engineering is a frequent method of attack, and can take the form of phishing, or spear phishing in the corporate or government world, as well as counterfeit websites.

Computer defenses and security measures

Access control

Access control selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

Application security

Application security

Data security

Data security protecting data, such as a database, from destructive forces and the unwanted actions of unauthorized users. [2]

Information privacy

Mobile security

Network security

World Wide Web Security

History of computer security

Computer security industry

Computer security software

Testing labs

Computer security companies

Computer security publications

Journals and magazines

  • 2600: The Hacker Quarterly technical and political articles of interest to the internet security community
  • Virus Bulletin magazine about the prevention, detection and removal of malware and spam. It regularly features analyses of the latest virus threats, articles exploring new developments in the fight against viruses, interviews with anti-virus experts, and evaluations of current anti-malware products.

Books on computer security

Books on cryptography

Cyber security community

Cyber security communities

Computer security organizations

Academic

  • CERIAS a center for research and education of information security for computing and communication infrastructures located at Purdue University. [17]
  • CERT Coordination Center A program of Carnegie-Mellon University that develops advanced methods and technologies to counter large-scale, sophisticated cyber threats in partnership with other academic programs and with government and law enforcement agencies. The Cert Knowledgebase compiles information on information security incidents. [18]
  • Georgia Tech Information Security Center department of Georgia Tech that deals with information security issues such as cryptography, network security, trusted computing, software reliability, privacy, and internet governance. [19]
  • Oulu University Secure Programming Group studies, evaluates and develops methods of implementing and testing application and system software in order to prevent, discover and eliminate implementation level security vulnerabilities in a pro-active fashion. The focus is on implementation level security issues and software security testing.

Commercial

Government agencies

  • ARNES Academic and Research Network of Slovenia, which is responsible for development, operation and management of the communication and information network for education and research. It includes the SI-CERT, the Slovenian Computer Emergency Response Team.
  • Canadian Cyber Incident Response Centre also known as CCIRC, a Canadian government program under the Ministry of Public Safety. The program monitors threats, coordinates national responses, and protects national critical infrastructure against cyber incidents. [22]
  • Norwegian Cyber Defence Force the branch of the Norwegian Armed Forces responsible for military communications and offensive and defensive cyberwarfare in Norway. [23]
Law enforcement agencies

Internet police police and secret police departments and other law enforcement agencies in charge of policing the Internet. The major purposes of Internet police, depending on the state, are fighting cybercrime, as well as censorship, propaganda, and monitoring and manipulating the online public opinion.

  • Air Force Cyber Command (Provisional) a proposed U.S. Air Force command that existed in provisional status. On 6 October 2008, the Air Force's cyberspace mission was transferred to USCYBERCOM. [24]
  • Department of Defense Cyber Crime Center also known as DC3, is a United States Department of Defense agency that provides digital forensics support to the DoD and to other law enforcement agencies. DC3's main focus is in criminal, counterintelligence, counterterrorism, and fraud investigations. [25]
  • FBI Criminal, Cyber, Response, and Services Branch also known as CCRSB, is a service within the Federal Bureau of Investigation responsible for investigating certain crimes including all computer-based crime related to counterterrorism, counterintelligence, and criminal threats against the United States. [26]
  • FBI Cyber Division Federal Bureau of Investigation division that heads the national effort to investigate and prosecute internet crimes, including "cyber based terrorism, espionage, computer intrusions, and major cyber fraud." This division of the FBI uses the information it gathers during investigation to inform the public of current trends in cyber crime. [27] It focuses around three main priorities: computer intrusion, identity theft, and cyber fraud. It was created in 2002. [28]
  • National Security Agency The United States Bureau responsible for national cybersecurity and military communications protection. [29]
  • US-CERT also known as the United States Computer Emergency Readiness Team, organization within the Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD); a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC). [30] US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. [31]
  • USCYBERCOM is an armed forces sub-unified command subordinate to United States Strategic Command. The unit centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. [32]

Independent non-profits

Independent web-sites
  • Attrition information security-related website, updated at least weekly by an all-volunteer staff. The "Errata" section is devoted to pointing out inaccuracies, omissions, and other problems with mainstream media related to computer security and hacking. Additionally, staff members publish opinion pieces such as "Security Rants" pointing out problems with the computer security industry.
  • Wiretapped.net


Persons influential in computer security

See also

Rubber-hose cryptanalysis

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

Xcitium, formerly known as Comodo Security Solutions, Inc., is a cybersecurity company headquartered in Bloomfield, New Jersey.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Defensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.

<span class="mw-page-title-main">Comodo Internet Security</span> Internet security software suite

Comodo Internet Security (CIS) is developed and distributed by Comodo Group, a freemium Internet security suite that includes an antivirus program, personal firewall, sandbox, host-based intrusion prevention system (HIPS) and website filtering.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

<span class="mw-page-title-main">Trend Micro Internet Security</span>

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

<span class="mw-page-title-main">Email hacking</span> Unauthorized access to, or manipulation of, an email account or email correspondence

Email hacking is the unauthorized access to, or manipulation of, an account or email correspondence.

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

References

  1. "Reliance spells end of road for ICT amateurs", May 07, 2013, The Australian
  2. 1 2 Summers, G. (2004). Data and databases. In: Koehne, H Developing Databases with Access: Nelson Australia Pty Limited. p4-5.
  3. Kristopher Richey
  4. "Keylogger". Oxford dictionaries. Archived from the original on 2013-09-11.
  5. "Rootkits, Part 1 of 3: The Growing Threat" (PDF). McAfee. 2006-04-17. Archived from the original (PDF) on 2006-08-23.
  6. Microsoft Technet. "Virtual Private Networking: An Overview". Archived from the original on 2017-09-25.
  7. Harley, David (2011). AVIEN Malware Defense Guide for the Enterprise. Elsevier. p. 487. ISBN   9780080558660. Archived from the original on 2014-01-03. Retrieved 2013-06-10.
  8. Rosenblatt, Seth (2013-03-15). "Android antivirus apps improve their grades". cnet . CBS Interactive. Archived from the original on 2013-04-13. Retrieved 2013-06-10.
  9. 1 2 Owano, Nancy (2013-01-18). "Microsoft Security Essentials misses AV-Test Certified status". PhysOrg . Douglas, Isle of Man: Omicron Technology Ltd. Archived from the original on 2013-03-10. Retrieved 2013-06-10.
  10. Rosenblatt, Seth (2013-04-08). "Windows 8's rising security tide raises all antivirus boats". cnet . CBS Interactive. Archived from the original on 2013-06-10. Retrieved 2013-06-10.
  11. 1 2 Rubenking, Neil J. (2013-01-16). "Microsoft and Others Fail Antivirus Test". PC Magazine . Ziff Davis. Archived from the original on 2013-05-11. Retrieved 2013-06-10.
  12. Dawson, Jessica; Thomson, Robert (2018-06-12). "The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance". Frontiers in Psychology. 9: 744. doi: 10.3389/fpsyg.2018.00744 . ISSN   1664-1078. PMC   6005833 . PMID   29946276.
  13. "About McAfee" (PDF). 20 September 2012. Archived (PDF) from the original on 27 January 2013.
  14. "Intel Completes Acquisition of McAfee". McAfee News. 28 February 2011. Archived from the original on 27 August 2011. Retrieved 19 November 2014.
  15. "Intel in $7.68bn McAfee takeover". BBC News. 19 August 2010. Archived from the original on 19 August 2010.
  16. Article Archived 2017-10-13 at the Wayback Machine on VentureBeat
  17. CERIAS home page Archived 2005-03-08 at the Wayback Machine
  18. "CERT Coordination Center". Archived from the original on 2015-02-27. Retrieved 2015-03-03.
  19. "Georgia Tech Information Security Center History". Archived from the original on 2007-08-11. Retrieved 2007-08-01.
  20. "About AISA". Archived from the original on 29 November 2014. Retrieved 19 November 2014.
  21. "Microsoft Digital Crimes Unit". Redmond, WA: Microsoft. Archived from the original on 2013-12-10. Retrieved 2013-11-15.
  22. "Canadian Cyber Incident Response Centre". Archived from the original on 2009-02-08. Retrieved 2009-04-25.
  23. CCIS, Center for Cyber and Information Security -. "Norwegian Cyber Defence | Center for Cyber and Information Security". Center for Cyber and Information Security. Archived from the original on 2016-08-28. Retrieved 2017-02-13.
  24. "Air Force senior leaders take up key decisions". Air Force Link. United States Air Force. 7 October 2008. Archived from the original on 17 October 2008. Retrieved 22 October 2008.
  25. "DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)" (PDF). DoDD 5505.13E. Archived from the original (PDF) on 26 October 2011. Retrieved 18 May 2011.
  26. "Ten Years After: The FBI Since 9/11". FBI.gov. Federal Bureau of Investigation. Archived from the original on 29 November 2014. Retrieved 20 November 2014.
  27. Cyber Crime, p. 2 ( "Cyber Crime". Archived from the original on 2016-04-25. Retrieved 2016-06-20.)
  28. FBI's Ability to Address the National Security Cyber Intrusion Threat, p. 2 (PDF Archived 2013-03-11 at the Wayback Machine )
  29. "Mission & Strategy". www.nsa.gov. Archived from the original on 2017-02-14. Retrieved 2017-02-13.
  30. "About the National Cybersecurity and Communications Integration Center". Archived from the original on September 4, 2013. Retrieved September 4, 2013.
  31. "US-CERT Infosheet Version 2" (PDF). Archived (PDF) from the original on May 12, 2013. Retrieved September 4, 2013.
  32. U.S. Department of Defense, Cyber Command Fact Sheet, 21 May 2010 "U.S. Cyber Command - U.S. Strategic Command". Archived from the original on 2014-04-16. Retrieved 2014-04-16.
  33. Danny Yadron, John McAfee at Def Con: Don’t Use Smartphones Archived 2017-07-12 at the Wayback Machine , The Wall Street Journal , August 08, 2014
  34. "Phil Zimmerman's Homepage: Background". Archived from the original on 2013-04-30. Retrieved 2012-01-12.
Windows 7 security
Windows 8 security
Mac security
Linux security
Threat alerts and vulnerability tracking lists
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.