User:Snn2537/sandbox

Computer Security

This Wikipedia page outlines computer security as the topical focus point.

Image via www.vpnsrus.com

Computer security - Are security measures used to protect and secure the computer and data from vulnerability of cyber attackers, it also controls and ensures confidentiality, integrity of the data and the availability of information stored in the computer as well as accessibility to authorized and unauthorized users.

History

Diagram of security and how prevention works. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

As technology evolves and advances, the more security and data protections remain a major factor, as more skilled hackers are finding different ways to interfere and threaten vulnerable organizational systems and private data. according to the National Institute of Standards and Technology for the past 50 years they have researched and developed the NIST guidance for industry, government, and academia. Since 1979 NIST have worked with different tools, to advance cybersecurity and continue to research and make sure that the state of computers and technology is secured and safe for users. [1]

Concepts of Security models

Security models are structures built around computer systems with the intent to protect and build executable polies. Policies and procedures enforce law and order, it is a very important structure for computer security and data protection. according to Bartleby "The security models are specifically defining the relationship of operational systems performance with the information security models." The importance of security model structure is to provide and implement a comprehensive content for security key models that are executable.

There are three types of security model.

• Bella - LaPadula - This model was invented by two scientists name, David Elliot Bell and Leonard.J.LaPadula. This model is used to maintain confidentiality of security.
• Biba - This model used to maintain Integrity of security.
• Clarke Wilson security - This model is considered as the highly secured model with the following entities: Unconstrained data items, transformation processes, integration verification processes, and constrained data items. More about security models with [2] and [3].

Types of computer security

They are categorized and classified into four types.

1. Cybersecurity - Simply means defending measures, implemented to protect data, and practice to secure computers, mobile devices, networks, servers and Eletronic systems threats and malicious attacks.
2. Information security - This measurement implemented to protect systems information from theft, unauthorized users and illegal use of private data.
3. Application security - This security measures implements different application security to protect applications/ software, hardware. Using security features including, encryption, authentication, logging in passwords or pins, and application testing. This type of security standards continues to research other ways to protect applications.
4. Network security - This kind of security means securing networks as well as protecting user information by preventing unauthorized access, using tools that protect the network from being compromised.

Most common types of computer attack

Computer attackers grow rapidly, and always learning new skills to execute cyber-attacks using different techniques and threats listed as follow:

• Malware - This attack uses a code or malicious software, used to filtrate into the system to compromise confidentiality, integrity and availability and private and protected data, if the program is successfully inserted by the attacker, it affects your data application or operating system and can course extensive damage and disruption. The intension of this attack is to violate privacy.
• Ransomware - This type of malicious attack blocks access to the system and request payments to regain access by encrypting files and sends threats to expose personal data and in some cases permanently block access. The FBI reports [4] and it is also known to be very hard to detect and these dangerous techniques continue to evolve.

• Distributed Denial of Services (DDos) Attacks - DDoS create traffic uncontrollable traffic from different locations and sources, the website response slows down and prevents access during DDos attack, by developing a large network of infected computers called botnets by infiltrating the system with malware.
• Spam & Phishing - These attacks include unsolicited messages, using email or social media in attempt to get sensitive information they can used to attack, this attack will sometimes, represent and appear to be a real person or business, by sending links that will lead you to fake website.
• Corporate Account Takeover (CATO) - They represent themselves as an entity but, they are criminal hackers and cyber attackers who use techniques to electronically obtain electronic access to your account and make unauthorized purchases and transactions, the attack can involve changing the setting on ATM web-based controlled panels and regain unlimited control and operation. The Institute of Standards and Technology issued these incident handling guideline [5]

Tips and prevention from cyber attackers

• Avoid sending and receiving files by email especially those that include private data.
• Encrypt sensitive data when sharing them on the internet.
• Number of users with administrative access should be limited eligibility.
• Use long passwords and strong logging in codes.
• Update security checks often and run upgrade often.
• Use face and fingerprint to log in or unlock the device.

To learn more about prevention and attacks visit [6]