What is computer security?

Computer security basically is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system.

There are various types of computer security which is widely used to protect the valuable information of an organization.

What is Computer Security and its types?

One way to ascertain the similarities and differences among Computer Security is by asking what is being secured. For example,

• Information Security is securing information from unauthorized access, modification & deletion
• Application Security is securing an application by building security features to prevent from Cyber Threats such as SQL injection, DoS attacks, data breaches and etc.
• Computer Security means securing a standalone machine by keeping it updated and patched
• Network Security is by securing both the software and hardware technologies
• Cybersecurity is defined as protecting computer systems, which communicate over the computer networks

It’s important to understand the distinction between these words, though there isn’t necessarily a clear consensus on the meanings and the degree to which they overlap or are interchangeable.

 

So, Computer security can be defined as controls that are put in place to provide confidentiality, integrity, and availability for all components of computer systems. Let’s elaborate the definition.

Components of computer system

The components of a computer system that needs to be protected are:

• Hardware, the physical part of the computer, like the system memory and disk drive
• Firmware, permanent software that is etched into a hardware device’s nonvolatile memory and is mostly invisible to the user
• Software, the programming that offers services, like operating system, word processor, internet browser to the user 

Computer security threats

Computer security threats are possible dangers that can possibly hamper the normal functioning of your computer. In the present age, cyber threats are constantly increasing as the world is going digital. The most harmful types of computer security are:

Viruses

A computer virus is a malicious program which is loaded into the user’s computer without user’s knowledge. It replicates itself and infects the files and programs on the user’s PC. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all. 

Computer Worm

A computer worm is a software program that can copy itself from one computer to another, without human interaction. The potential risk here is that it will use up your computer hard disk space because a worm can replicate in greate volume and with great speed.

Phishing

Disguising as a trustworthy person or business, phishers attempt to steal sensitive financial or personal information through fraudulent email or instant messages. Phishing in unfortunately very easy to execute. You are deluded into thinking it’s the legitimate mail and you may enter your personal information.

Botnet

A botnet is a group of computers connected to the internet, that have been compromised by a hacker using a computer virus. An individual computer is called ‘zombie computer’. The result of this threat is the victim’s computer, which is the bot will be used for malicious activities and for a larger scale attack like DDoS.

Rootkit

A rootkit is a computer program designed to provide continued privileged access to a computer while actively hiding its presence. Once a rootkit has been installed, the controller of the rootkit will be able to remotely execute files and change system configurations on the host machine.

Keylogger

Also known as a keystroke logger, keyloggers can track the real-time activity of a user on his computer. It keeps a record of all the keystrokes made by user keyboard. Keylogger is also a very powerful threat to steal people’s login credential such as username and password.

Why is Computer Security Important?

In this digital era, we all want to keep our computers and our personal information secure and hence computer security is important to keep our personal information protected. It is also important to maintain our computer security and its overall health by preventing viruses and malware which would impact on the system performance.

Computer Security Practices

Computer security threats are becoming relentlessly inventive these days. There is much need for one to arm oneself with information and resources to safeguard against these complex and growing computer security threats and stay safe online. Some preventive steps you can take include:

• Secure your computer physically by:
  • Installing reliable, reputable security and anti-virus software
  • Activating your firewall, because a firewall acts as a security guard between the internet and your local area network 
• Stay up-to-date on the latest software and news surrounding your devices and perform software updates as soon as they become available
• Avoid clicking on email attachments unless you know the source 
• Change passwords regularly, using a unique combination of numbers, letters and case types
• Use the internet with caution and ignore pop-ups, drive-by downloads while surfing
• Taking the time to research the basic aspects of computer security and educate yourself on evolving cyber-threats
• Perform daily full system scans and create a periodic system backup schedule to ensure your data is retrievable should something happen to your computer.

 

 

What is Network Security Critical Necessity?

Information and efficient communication are two of the most critical strategic problems for the success of each business. With the advent of digital manner of conversation and storage, more and more companies have shifted to using information networks to communicate, keep data, and to achieve assets. There are different types and levels of network infrastructures which can be used for running the business.

It may be stated that in the modern world nothing had a larger effect on businesses than the networked computers. but networking brings with it security threats which, if mitigated, permit the advantages of networking to outweigh the dangers.

Role of Network in Business

Nowadays, computer networks are considered as a resource by means of almost all businesses. This resource permits them to collect, analyze, organize, and disseminate data this is important to their profitability. most businesses have installed networks to stay competitive.

The most obvious role of computer networking is that groups can shop genuinely any type of data at a important region and retrieve it at the preferred place through the network.

Benefits of Networks

Computer networking permits people to share data and thoughts easily, in order to work more successfully and productively. Networks improve activities including purchasing, selling, and customer service. Networking makes traditional business techniques extra efficient, greater possible, and less expensive.

The main benefits a business draws from computer networks are −

• Resource Sharing − A business can lessen the amount of cash spent on hardware by means of sharing components and peripherals related to the network.
• Streamlined Business Processes − computer networks allow groups to streamline their internal business methods.
• Collaboration Among Departments − when two or more departments of business connect selected quantities of their networks, they can streamline business methods that generally take inordinate amounts of time and effort and often pose difficulties for achieving higher productivity.
• Improved Customer Relations − Networks offer customers with many advantages including convenience in doing business, speedy carrier response, and so on.

There are many other business unique advantages that accrue from networking. Such advantages have made it important for all sorts of businesses to adopt computer networking.

Necessity for Network Security

The threats on stressed or wireless networks has significantly improved because of advancement in present day technology with developing capacity of computer networks. the overwhelming use of internet in today’s world for numerous business transactions has posed challenges of data theft and different assaults on business intellectual assets.

In the present technology, maximum of the businesses are performed through network utility, and hence, all networks are at a risk of being attacked. maximum common security threats to business network are information interception and theft, and identity theft.

Network security is a specialized subject that offers with thwarting such threats and presenting the protection of the usability, reliability, integrity, and protection of computer networking infrastructure of a business.

Importance of Network Security for Business

• Protecting Business Assets − that is the primary goal of network security. property suggest the data that is saved in the computer networks. data is as important and precious as any other tangible assets of the organization. network security is involved with the integrity, safety, and secure access of personal data.
• Compliance with Regulatory Requirements − network security features assist organizations to conform with government and industry precise rules about data protection.
• Secure Collaborative working − network security encourages co-worker collaboration and enables communication with clients and providers by providing them relaxed network access. It boosts client and consumer confidence that their sensitive information is protected.
• Reduced Risk − Adoption of network security reduces the effect of security breaches, such as legal action that may bankrupt small organizations.
• Gaining Competitive Advantage − developing an powerful security device for networks supply a competitive area to an company. in the area of net financial services and e-commerce, network security assumes prime importance.

Firewall

A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.

Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet

History and Need for Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address.
But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.

Connectivity to the Internet is no longer optional for organizations. However, accessing the Internet provides benefits to the organization; it also enables the outside world to interact with the internal network of the organization. This creates a threat to the organization. In order to secure the internal network from unauthorized traffic, we need a Firewall.

How Firewall Works

Firewall match the network traffic against the rule set defined in its table. Once the rule is matched, associate action is applied to the network traffic. For example, Rules are defined as any employee from HR department cannot access the data from code server and at the same time another rule is defined like system administrator can access the data from both HR and technical department. Rules can be defined on the firewall based on the necessity and security policies of the organization.
From the perspective of a server, network traffic can be either outgoing or incoming. Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is always better in order to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of these three major Transport Layer protocols- TCP, UDP or ICMP. All these types have a source address and destination address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port number which identifies purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For this reason, the firewall must always have a default policy. Default policy only consists of action (accept, reject or drop).
Suppose no rule is defined about SSH connection to the server on the firewall. So, it will follow the default policy. If default policy on the firewall is set to accept, then any computer outside of your office can establish an SSH connection to the server. Therefore, setting default policy as drop (or reject) is always a good practice.

Generation of Firewall

Firewalls can be categorized based on its generation.

1. First Generation- Packet Filtering Firewall :  Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).
   Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets based on unique packet headers.

1. Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table.
2. Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused.
   In other words, Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between either side of the firewall, each packet has to pass through the proxy. It can allow or block the traffic based on predefined rules.

   Note: Application layer firewalls can also be used as Network Address Translator(NAT).

3. Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop modern security breaches like advance malware attacks and application-layer attacks. NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats.

 Types of Firewall

Firewalls are generally of two types: Host-based and Network-based.

1. Host- based Firewalls : Host-based firewall is installed on each network node which controls each incoming and outgoing packet. It is a software application or suite of applications, comes as a part of the operating system. Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted network. Host firewall protects each host from attacks and unauthorized access.
2. Network-based Firewalls : Network firewall function on network level. In other words, these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using rules defined on the firewall. A Network firewall might have two or more network interface cards (NICs). A network-based firewall is usually a dedicated system with proprietary software installed.

 

 

What is Access Control

Access control is a method of restricting access to sensitive data. Only those that have had their identity verified can access company data through an access control gateway.

What are the components of access control?

At a high level, access control is about restricting access to a resource. Any access control system, whether physical or logical, has five main components:

1. Authentication: The act of proving an assertion, such as the identity of a person or computer user. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, or checking login credentials against stored details. 
2. Authorization: The function of specifying access rights or privileges to resources. For example, human resources staff are normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. 
3. Access: Once authenticated and authorized, the person or computer can access the resource.
4. Manage: Managing an access control system includes adding and removing authentication and authorization of users or systems. Some systems will sync with G Suite or Azure Active Directory, streamlining the management process.
5. Audit: Frequently used as part of access control to enforce the principle of least privilege. Over time, users can end up with access they no longer need, e.g. when they change roles. Regular audits minimize this risk.  

How does access control work?

Access control can be split into two groups designed to improve physical security or cybersecurity:

• Physical access control: limits access to campuses, building and other physical assets, e.g. a proximity card to unlock a door.
• Logical access control: limits access to computers, networks, files and other sensitive data, e.g. a username and password.

For example, an organization may employ an electronic control system that relies on user credentials, access card readers, intercom, auditing and reporting to track which employees have access and have accessed a restricted data center. This system may incorporate an access control panel that can restrict entry to individual rooms and buildings, as well as sound alarms, initiate lockdown procedures and prevent unauthorized access. 

This access control system could authenticate the person's identity with biometrics and check if they are authorized by checking against an access control policy or with a key fob, password or personal identification number (PIN) entered on a keypad. 

Another access control solution may employ multi factor authentication, an example of a defense in depth security system, where a person is required to know something (a password), be something (biometrics) and have something (a two-factor authentication code from smartphone mobile apps). 

In general, access control software works by identifying an individual (or computer), verifying they are who they claim to be, authorizing they have the required access level and then storing their actions against a username, IP address or other audit system to help with digital forensics if needed.

Why is access control important?

Access control minimizes the risk of authorized access to physical and computer systems, forming a foundational part of information security, data security and network security.

Depending on your organization, access control may be a regulatory compliance requirement:

• PCI DSS: Requirement 9 mandates organizations to restrict physical access to their buildings for onsite personnel, visitors and media, as well as having adequate logical access controls to mitigate the cybersecurity risk of malicious individuals stealing sensitive data. Requirement 10 requires organizations employ security solutions to track and monitor their systems in an auditable manner. 
• HIPAA: The HIPAA Security Rule requires Covered Entities and their business associates to prevent the unauthorized disclosure of protected health information(PHI), this includes the usage of physical and electronic access control.  
• SOC 2: The auditing procedure enforce third-party vendors and service providers to manage sensitive data to prevent data breaches, protecting employee and customer privacy. Companies who wish to gain SOC 2 assurance must use a form of access control with two-factor authentication and data encryption. SOC 2 assurance is particularly important for organization's who process personally identifiable information(PII).
• ISO 27001: An information security standard that requires management systematically examine an organization's attack vendors and audits all cyber threats and vulnerabilities. It also requires a comprehensive set of risk mitigation or transfer protocols to ensure continuous information security and business continuity. 

What are the types of access control?

The main types of access control are:

• Attribute-based access control (ABAC): Access management systems were access is granted not on the rights of a user after authentication but based on attributes. The end user has to prove so-called claims about their attributes to the access control engine. An attribute-based access control policy specifies which claims need to be satisfied to grant access to the resource. For example, the claim may be the user's age is older than 18 and any user who can prove this claim will be granted access. In ABAC, it's not always necessary to authenticate or identify the user, just that they have the attribute. 
• Discretionary access control (DAC): Access management where owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource. These systems rely on administrators to limit the propagation of access rights. DAC systems are criticized for their lack of centralized control. 
• Mandatory access control (MAC): Access rights are regulated by a central authority based on multiple levels of security. MAC is common in government and military environments where classifications are assigned to system resources and the operating system or security kernel will grant or deny access based on the user's or the device's security clearance. It is difficult to manage but its use is justified when used to protected highly sensitive data. 
• Role-Based Access Control (RBAC): In RBAC, an access system determines who can access a resource rather than an owner. RBAC is common in commercial and military systems, where multi-level security requirements may exist. RBAC differs from DAC in that DAC allows users to control access while in RBAC, access is controlled at the system level, outside of user control. RBAC can be distinguished from MAC primarily by the way it handles permissions. MAC controls read and write permissions based on a user/device's clearance level while RBAC controls collections of permissions that may include complex operations such as credit card transactions or may be as simple as read or write. Commonly, RBAC is used to restrict access based on business functions, e.g. engineers, human resources and marketing have access to different SaaS products.
• Rule-based access control: A security model where an administrator defines rules that govern access to the resource. These rules may be based on conditions, such as time of day and location. It's not uncommon to have some form of rule-based access control and role-based access control working together.
• Break-Glass access control: Traditional access control has the purpose of restricting access, which is why most access control models follow the principle of least privilege and the default deny principle. This behavior may conflict with operations of a system. In certain situations, humans are willing to take the risk that might be involved in violating an access control policy, if the potential benefit of real-time access outweighs the risks. This need is visible in healthcare where inability to access to patient records could cause death. 

 

Data Link Layer

Data Link Layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the physical layer. Originally, this layer was intended for point-to-point and point-to-multipoint media, characteristic of wide area media in the telephone system. Local area network architecture, which included broadcast-capable multi-access media, was developed independently of the ISO work in IEEE Project 802. IEEE work assumed sub-layering and management functions not required for WAN use. In modern practice, only error detection, not flow control using sliding window, is present in data link protocols such as Point-to-Point Protocol (PPP), and, on local area networks, the IEEE 802.2 LLC layer is not used for most protocols on the Ethernet, and on other local area networks, its flow control and acknowledgment mechanisms are rarely used. Sliding window flow control and acknowledgment is used at the transport layer by protocols such as TCP, but is still used in niches where X.25 offers performance advantages. The ITU-T G.hn standard, which provides high-speed local area networking over existing wires (power lines, phone lines, and coaxial cables), includes a complete data link layer which provides both error correction and flow control by means of a selective repeat sliding window protocol. Both WAN and LAN service arrange bits from the physical layer into logical sequences called frames. Not all physical layer bits necessarily go into frames, as some of these bits are purely intended for physical layer functions. For example, every fifth bit of the FDDI bit stream is not used by the layer.

Services provided by Data Link Layer

Data Link Layer is basically second layer of seven-layer Open System Interconnection(OSI) reference model of computer networking and lies just above Physical Layer.

This layer usually provides and gives data reliability and provides various tools to establish, maintain, and also release data link connections between network nodes. It is responsible for receiving and getting data bits usually from Physical Layer and also then converting these bits into groups, known as data link frames so that it can be transmitted further. It is also responsible to handle errors that might arise due to transmission of bits.

Service Provided to Network Layer :
The important and essential function of Data Link Layer is to provide an interface to Network Layer. Network Layer is third layer of seven-layer OSI reference model and is present just above Data Link Layer.

The main aim of Data Link Layer is to transmit data frames they have received to destination machine so that these data frames can be handed over to network layer of destination machine. At the network layer, these data frames are basically addressed and routed.

1. Actual Communication :
In this communication, physical medium is present through which Data Link Layer simply transmits data frames. The actual path is Network Layer -> Data link layer -> Physical Layer on sending machine, then to physical media and after that to Physical Layer -> Data link layer -> Network Layer on receiving machine.

2. Virtual Communication :
In this communication, no physical medium is present for Data Link Layer to transmit data. It can be only be visualized and imagined that two Data Link Layers are communicating with each other with the help of or using data link protocol.

Types of Services provided by Data Link Layer :

The Data link layer generally provides or offers three types of services as given below :

1. Unacknowledged Connectionless Service
2. Acknowledged Connectionless Service
3. Acknowledged Connection-Oriented Service 

1. Unacknowledged Connectionless Service :
   Unacknowledged connectionless service simply provides datagram styles delivery without any error, issue, or flow control. In this service, source machine generally transmits independent frames to destination machine without having destination machine to acknowledge these frames.
   
   

   This service is called as connectionless service because there is no connection established among sending or source machine and destination or receiving machine before data transfer or release after data transfer.

   In Data Link Layer, if anyhow frame is lost due to noise, there will be no attempt made just to detect or determine loss or recovery from it. This simply means that there will be no error or flow control. An example can be Ethernet.

2. Acknowledged Connectionless Service :
   This service simply provides acknowledged connectionless service i.e. packet delivery is simply acknowledged, with help of stop and wait for protocol.

   In this service, each frame that is transmitted by Data Link Layer is simply acknowledged individually and then sender usually knows whether or not these transmitted data frames received safely. There is no logical connection established and each frame that is transmitted is acknowledged individually.

   This mode simply provides means by which user of data link can just send or transfer data and request return of data at the same time. It also uses particular time period that if it has passed frame without getting acknowledgment, then it will resend data frame on time period.

   This service is more reliable than unacknowledged connectionless service. This service is generally useful over several unreliable channels, like wireless systems, Wi-Fi services, etc.

3. Acknowledged Connection-Oriented Service :
   In this type of service, connection is established first among sender and receiver or source and destination before data is transferred.

   Then data is transferred or transmitted along with this established connection. In this service, each of frames that are transmitted is provided individual numbers first, so as to confirm and guarantee that each of frames is received only once that too in an appropriate order and sequence.