Computer Security in Information Technology
Corporate worlds such as banks, production companies, and IT companies, among others use computer security as part of its day-to-day operation. It is inevitable, this operation, since most (if not all) companies today utilize computer as integral part of their operation, as well as production.
Components of Computer Security
Generally, security means the quality or state of being secure – to be free from danger; to be protected from those who would do harm. In computer security, the components are composed of – Physical and environmental security, personal security, operations security, communications security, and network security.
Physical and environmental security addresses the issues necessary to protect the physical items, objects or areas of an organization from unauthorized access and/or misuse, damage, and interference to business premises and information.
Personal security addresses the protection of individual or group of individuals who are authorized to have access in the organization and its operations.
Operations Security refers and focuses on the protection of a particular operation or series of activities.
Communications security addresses the protection of an organizations communications media, technology, and content.
Network security, on the other hand, is the protection of components, connections, contents, systems, and hardware that are used to store, and transmit information.
Internet Security Issues
Since the inception of internet, problems like virus, hacking, and other activities related to invasion of privacy and destruction of data have been felt by the many. Corruptions such as viruses on a single computer can spread through the network to all of the organization’s computers; disaffected employees have much greater potential to do deliberate damage to valuable corporate data or systems because the network could give them access to parts of the system that they are not really authorized to use.
And when the organization is linked to an external network, persons outside the company (hackers) may be able to get into the company’s internal network, either to steal data or to damage the system. Employees may download inaccurate information or imperfect or virus-ridden software from an external network. The communications link itself may break down or distort data.
Computer Virus, Hackers
Tim Hardt saw firsthand five years ago what a computer virus could do to a company. The computer system at Hardt’s former business in Bakersfield, Calif., was down for two days, bringing work to a halt. That’s why he and his partners at Journey Electrical Technologies Inc., an electrical contractor in Aliso Viejo, Calif., are so adamant about computer security. Journey cannot have a closed system, without Internet or wireless access, because the company installs a range of data, telephone and fiber-optic products for customers in three states such as Sears and Starbucks ( (2005)).
Computer virus is typically a brief program designed to disperse copies of itself to other computers; it disrupts the computers’ normal operations. A computer virus usually attaches itself to or in an executable file or the boot sector (the area that contains the first instructions executed by acomputer when it is started or restarted) of a disk; those that infect both files and boot records are called bimodal viruses.
Moreover, although some viruses are merely disruptive, others can destroy or corrupt data entirely, worse, cause an operating system or applications program to malfunction. There are known to spread via floppy disks, networks, or on-line services. Several thousand computer viruses are known, and on average three to five new strains are discovered every day.
According to (2003), while it may seem as though a flurry of viruses, worms and other undesirables are lurking on the Internet lately, the reality is computer viruses and hackers have been around almost as long as the computers they infect. And while increasing numbers is a contributing factor, much of it has more to do with how common it is now to come into contact with harmful viruses and computer “predators.” People nowadays frequently you use e-mail and the Internet versus few years ago. Like any airborne virus, the more times you are exposed, the more likely you are to be infected.
One of the most astounding computer virus that swept around the globe, across the country and into Hampton Roads was the virus slyly titled ‘ILOVEYOU”. Suspected of originating in the Philippines, the nefarious e-mail message staggered electronic communications, with effects ranging from minor inconvenience to a complete halt of email systems and the destruction of audio and graphic files ( (2000)).
Melissa, on the other hand, was found hidden in Microsoft Word documents attached to email messages. Such viruses are known in computer jargon as a “macro” viruses because they are small computer programs that reside inside a document used by a word processing program or a spreadsheet program. The Melissa virus was especially devious because it tricked an infected person’s computer into sending out 50 email messages to other victims, gleaning the email addresses from the victim’s address book stored on the computer. The recipient was likely to open the message, thus infecting their computer, since the message appeared to be sent by someone they knew ( (1999)).
The “Iove bug” (2000) spread with stunning speed and corrupted those systems where warnings failed to arrive in time, leading to an estimated $1 billion damages in North America alone, triple the amount caused by last year’s major computer virus, Melissa.
Straub advises (2003) that more than ever before it is essential that one practices “safe computing.” But it does not mean one should no longer shop online, stop sending or receiving files by e-mail or disconnect from the Internet entirely. But some necessary and relatively simple precautions will go a long way toward making the home computer or business network more secure. Microsoft recently added a “Protect Your PC” portion to its Web site as a way of responding to some of the recent criticisms concerning Windows security flaws.
Cyberspace is like the new frontier, says security expert Ray Weadock, who heads the Tampa network security company Fortress Technologies. “There are few sheriffs out there.” ( (1998)).
With the global boom in the internet (1998) and ever-cheaper personal computers, hacking is spreading like online kudzu. Hacking is getting more sophisticated and, in many cases, a lot nastier. And it’s chipping away at the ability of government, the military, and the business community to protect proprietary information and preserve individual privacy. Hacking, by definition, involves attempting to gain unauthorized access to a computer system, usually through telecommunications links.
Some known hacker was in St. Petersburg, Russia, who used his laptop computer to transfer illegally at least $3.7 million from New York’s Citibank to accounts around the world. Levin was later arrested at London’s Heathrow Airport. In February, a US judge sentenced him to three years in prison and ordered him to pay Citibank $240, 000 in restitution ( (1998)).
Carlos Felipe Salgado Jr. known as Smak had different story. He was caught last year after stealing 10, 000 credit cards numbers off the files of an Internet service provider in California. Salgado tired selling them for $ 260, 000 to an undercover FBI agent.
Denial of service attack
This kind of “attack” is characterized by an attempt by attackers to prevent legitimate users of a service from using that service. Frequent example of this is “flood”. This is done by bombarding a site, network, or email account with different email messages (sites like Amazon.com and Yahoo! are targeted this way); disrupt connections between two machines, thereby preventing access to a service; and prevent a particular individual from accessing a service.
Security through and through
Organizations nowadays secure their network system with different technologically advanced security devices.
Security can be defined as the state of being free from danger and not exposed to damage from accidents or attacks, or it can be defined as the process for achieving that desirable state () Furthermore, security is a major concern in Information Technology. The lack of security undermines the integrity of data which has a direct impact on the organization itself. Virtual businesses require that proper and adequate security systems be in place to ensure that threats can be brought down to a minimum.
Moreover, in organizations such as companies they have what we call computer security, which means to be the effort to create a secure computing platform, designed so that agents (users or programs) cannot perform actions that they are not allowed to perform, but can perform the actions that they are allowed to. This involves specifying and implementing a security policy. The actions in question can be reduced to operations of access, modification and deletion. Computer security can be seen as a subfield of security engineering which looks at broader security issues in addition to computer security.
It is important to understand that in a secure system, the legitimate users of that system are still able to do what they should be able to do. In the case of a computer system sequestered in a vault without any means of power or communication, the term ‘secure’ is applied in a pejorative sense only.
Furthermore, it is also important to distinguish the techniques employed to increase a system’s security from the issue of that system’s security status. In particular, systems which contain fundamental flaws in their security designs cannot be made secure without compromising their utility. Consequently, most computer systems cannot be made secure even after the application of extensive “computer security” measures.
Encryption, for instance, aims to ensure the security of data during transmission. It involves the translation of data into secret code. To read an encrypted code one must have access to a secret key or password that enables to decrypt it. In novel entitled Digital Fortress, one is greeted with the same context. Unencrypted data is called plain text; encrypted data is referred to as cipher text.
Encryption and Authentication
Encryption, by definition, is the process of encoding information in such a way that only the computer with the key can decode it. Most computer encryption systems are either symmetric-key encryption or public-keyencryption (Plant Engineering 4/1/2002).
Furthermore, Symmetric-key encryption (2002) is a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message. For example, you create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet. So “A” becomes “C,” and “B” becomes “D.” You have already told a trusted friend that the code is “Shift by 2.” Your friend gets the message and decodes it. Anyone else who sees the message will see only nonsense.
Furthermore, Public-key encryption (2002) uses a combination of a private key and a public key. The computer only knows the private key, while the public key is handed over by your computer to another computer that wants to communicate securely with it. Decoding an encrypted message, a computer needs to have the public key, provided by the originating computer, and its own private key. This public-key encryption is based on a hash value, which is essentially a summary of the original value.
Authentication, on the other hand, is another data security process. It is used to verify that the information comes from a trusted source. If information is “authentic,” you know who created it and you know that it has not been altered in any way since that person created it. More over, authentication is a technique of making sure that a message has come from an authored sender.
It involves adding an extra field to a record, with the contents of this field derived from the remainder of the record by applying an algorithm that has previously been agreed between the senders and recipients of data.
Furthermore, at times, the party receiving a message must be certain that the source is authentic and that the contents have not been altered. The network message is transmitted, an authentication code is sent along with it. The recipient compares his own code with that accompanying the message. If implemented properly, this method would have prevented the data center fraud example at the beginning of this article.
Moreover, Encryption and authentication (2002) work hand-in-hand to create a secure environment. Authentication can be done using passwords; pass cards, or digital signatures. The digital signature standard (DSS) is based on a type of public-key encryption method that uses the digital signature algorithm (DSA).
The term ‘firewall’ refers to hardware and software tools which limit traffic between computer networks. Many organizations which are hooked up to the Internet would like to set up firewalls for security but have refrained from doing so because of confusion and misconceptions. To address this problem, the National Institute of Standards and Technology is preparing a bulletin which is designed to educate the layman about firewalls and their purpose (10/1/1995).
Firewalls are generally hardware and software tools that monitor and limit traffic between computer networks. Firewalls are a network’s first, and often only, line of defense against attack. But increasing security can ding performance. Firewalls examine packets passing between your local and wide-area network, checking for suspicious or malicious activities. Also, they create somewhat of a bottleneck ( (2001)). And it can disable part pf the telecoms technology to prevent unwelcome intrusions into company systems, but a determined hacker may well be able to bypass even these.
Providing a hardware firewall, the system controls the security of computers yet is not part of the computer operating system. It creates a physical gap between the Internet and secured networks. Features: operates on any computer platform and does not require subsequent upgrading; tamper-resistant; provides an audit trail of operators by name, date and time.
In Dial-back security every time the persons wanted to access to the network requires to dial into it and identify themselves first. The system then dials the person back on their authorized number before allowing them access. All attempted violations of security should be automatically logged and the log checked regularly. In a multi-user system, the terminal attempting the violation may be automatically disconnected.
Other Methods to overcome security threat
Today, so many antivirus programs and hardware have been developed to combat viruses. These search for evidence of a virus program (by checking for appearances or behavior that are characteristic of computer viruses), isolate infected files, and remove viruses from a computer’s software. Researchers are working to sidestep the tedious process of manually analyzing viruses and creating protections against each by developing an automated immune system for computers patterned after biological processes. In 1995, Israel became the first country to legislate penalties both for those who write virus programs and those who spread the programs ( 2006).
Other methods to combat viruses and hackers are Adware/Spyware scanners. Spam e-mail, pop-up ads, viruses and worms make computing irritating enough at times. With “spyware,” a problem that isn’t new, but gains notoriety and attention as use of free, downloadable software increases. Spyware and “adware” describe software that ends up on your computer, maybe without your knowledge that can track where you go online and report the trends back to a company or advertiser. This way, the user’s routine in his PC is recorded.
Other way is to disable unnecessary services. Especially during online, it happens often that the site you visited asked you to install a program so you can go on with your surfing. It might be a virus-infected program, so it is better not to install it. So much connection online services have the wider chance to “catch” different viruses.
In banks and other companies security is of particular using networked distributed systems such as LANs. Two factors make this concern difficult to address. First, technology is changing rapidly, and the life cycle of both hardware and software is growing shorter. Second, installing and administering systems is often not centralized. When individuals have different levels of expertise and local policies differ, security becomes inconsistent. The system generally is as secure as its least secure link.
Security is important in open systems. In on-line systems, controls are maintained centrally basing upon physical or logical access. In open systems–the message is the primary part, and security is usually an inherent part of the message.
When adapting open systems, corporations must assess the new technology being developed in computer security. Artificial intelligence, for example, enables user activity to be compared to historic use, and any discrepancies are analyzed to identify security violations.
Moreover, the commitment of top management and comprehensive information technology are key to a computer security program.
Primarily most breaches of security are caused not by product deficiencies but by errors or omissions in the organizations’ installation or errors in administering security.
As corporate systems migrate toward multi-vendor configurations, and as the delineation between internal networks and public networks becomes less distinct, this opportunity for human error will increase. Thus, companies relying on the security of their computer networks will insist that the planning and auditing of information systems play a major role in the foreseeable future.