Chapter 5

Computer security
5.1 Introduction
Computer security, also called cybersecurity, the protection of computer
systems and information from harm, theft, and unauthorized use. Computer
hardware is typically protected by the same means used to protect other
valuable or sensitive equipment: namely, serial numbers, doors and locks,
and alarms. The protection of information and system access, on the other
hand, is achieved through other tactics, some of them quite complex.
The security precautions related to computer information and access
address four major threats: (1) theft of data, such as that of military secrets
from government computers; (2) vandalism, including the destruction of
data by a computer virus; (3) fraud, such as employees at a bank channeling
funds into their own accounts; and (4) invasion of privacy, such as the
illegal accessing of protected personal financial or medical data from a
large database. The most basic means of protecting a computer system
against theft, vandalism, invasion of privacy, and other irresponsible
behaviours is to electronically track and record the access to, and activities
of, the various users of a computer system.
This is commonly done by assigning an individual password to each person
who has access to a system. The computer system itself can then
automatically track the use of these passwords, recording such data as
which files were accessed under particular passwords and so on. Another
security measure is to store a system’s data on a separate device or medium
that is normally inaccessible through the computer system. Finally, data is
often encrypted so that it can be deciphered only by holders of a singular
encryption key. Computer security has become increasingly important since
the late 1960s, when modems (devices that allow computers to
communicate over telephone lines) were introduced. The proliferation of
personal computers in the 1980s compounded the problem because they
enabled hackers (irresponsible computerphiles) to illegally access major
computer systems from the privacy of their homes. With the tremendous
growth of the Internet in the late 20th and early 21st centuries, computer
security became a widespread concern. The development of advanced
security techniques aims to diminish such threats, though concurrent
refinements in the methods of computer crime pose ongoing hazards.

Also, Computer security can be defined as controls that are put in place to
provide confidentiality, integrity, and availability for all components of
computer systems. Let’s elaborate the definition.

 Confidentiality: is ensuring that information is available only to

the intended audience
 Integrity: is protecting information from being modified by
unauthorized parties
 Availability: is protecting information from being modified by
unauthorized parties

5.2 Encryption
Data encryption, also called encryption or encipherment, the process of
disguising information as “ciphertext,” or data unintelligible to an
unauthorized person. Conversely, decryption, or decipherment, is the
process of converting ciphertext back into its original format. Manual
encryption has been used since Roman times, but the term has become
associated with the disguising of information via electronic computers.
Encryption is a process basic to cryptology.
Computers encrypt data by applying an algorithm i.e., a set of procedures
or instructions for performing a specified task—to a block of data. A
personal encryption key, or name, known only to the transmitter of the
message and its intended receiver, is used to control the algorithm’s
encryption of the data, thus yielding unique ciphertext that can be
decrypted only by using the key. Since the late 1970s, two types of
encryption have emerged. Conventional symmetric encryption requires the
same key for both encryption and decryption. A common symmetric
encryption system is the Advanced Encryption Standard (AES), an
extremely complex algorithm approved as a standard by the U.S. National
Institute of Standards and Technology. Asymmetric encryption, or public-
key cryptography, requires a pair of keys; one for encryption and one for
decryption. It allows disguised data to be transferred between allied
parties at different locations without also having to transfer the (not
encrypted) key. A common asymmetric encryption standard is the RSA
(Rivest-Shamir-Adleman) algorithm.

Encryption keys selected at random and of sufficient length are considered

almost impregnable. A key 10 characters long selected from the 256
available ASCII characters could take roughly 40 billion centuries to
decode, assuming that the perpetrator was attempting 10,000 different keys
per second.

5.3 Backup
The main purpose is to recover the lost data from an unpredictable event
like deletion by mistake or file corruption which in many cases is caused by
a virus. An example is Ransomware, which encrypts all your data when
your computer gets infected and the second is to roll back the data at a
specific time you want. This is a scenario that happens often in companies
which have applications and databases and they want to test their
applications with a specific version of data.

5.4 Computer threats

Computer security threats are possible dangers that can possibly hamper
the normal functioning of your computer. In the present age, cyber threats
are constantly increasing as the world is going digital. The most harmful
types of computer security are:

5.4.1 Viruses
A computer virus is a malicious program which is loaded into the user’s
computer without user’s knowledge. It replicates itself and infects the files
and programs on the user’s PC. The ultimate goal of a virus is to ensure that
the victim’s computer will never be able to operate properly or even at all.

5.4.2 worms
A computer worm is a software program that can copy itself from one
computer to another, without human interaction. The potential risk here is
that it will use up your computer hard disk space because a worm can
replicate in great volume and with great speed.

5.4.3 Phishing
Disguising as a trustworthy person or business, phishers attempt to steal
sensitive financial or personal information through fraudulent email or
instant messages. Phishing in unfortunately very easy to execute. You are
deluded into thinking it’s the legitimate mail and you may enter your
personal information.

5.4.4 Botnet
A botnet is a group of computers connected to the internet, which have
been compromised by a hacker using a computer virus. An individual
computer is called ‘zombie computer’. The result of this threat is the
victim’s computer, which is the bot will be used for malicious activities and
for a larger scale attack like DDoS.
5.5 Why is Computer Security Important?
In this digital era, we all want to keep our computers and our personal
information secure and hence computer security is important to keep our
personal information protected. It is also important to maintain our
computer security and its overall health by preventing viruses and malware
which would impact on the system performance.

5.5.1 Computer Security Practices

Computer security threats are becoming relentlessly inventive these days.
There is much need for one to arm oneself with information and resources
to safeguard against these complex and growing computer security threats
and stay safe online. Some preventive steps you can take include:

 Secure your computer physically by:

o Installing reliable, reputable security and anti-virus software
o Activating your firewall, because a firewall acts as a security
guard between the internet and your local area network
 Stay up-to-date on the latest software and news surrounding your
devices and perform software updates as soon as they become
available
 Avoid clicking on email attachments unless you know the source
 Change passwords regularly, using a unique combination of numbers,
letters and case types
 Use the internet with caution and ignore pop-ups, drive-by downloads
while surfing
 Taking the time to research the basic aspects of computer security
and educate yourself on evolving cyber-threats
 Perform daily full system scans and create a periodic system backup
schedule to ensure your data is retrievable should something happen
to your computer.
 Apart from these, there are many ways you can protect your computer
system. Aspects such as encryption and computer cleaners can assist
in protecting your computers and its files.
 Unfortunately, the number of cyber threats are increasing at a rapid
pace and more sophisticated attacks are emerging. So, having a good
foundation in cybersecurity concepts will allow you to protect your
computer against ever-evolving cyber threats