Computing Security Concepts And Problems

INTRODUCTION:

Computing Security can be defined as the techniques to secure sensitive data(data of companies or end users)from getting misused by unauthorized users. There can be various techniques to secure data whose foremost aim is to protect susceptible information. Some of the techniques are:

Data Encryption: It is the process of translating data into some other form, a locked which can be unlocked with the help of with the help of secret keys or passwords.

Data Anonymization: It is the process of maintaining privacy of individuals by releasing information in a balanced manner as well as removing personally identifiable information. Personally Identifiable Information basically means the information with the help of which one can trace back to a specific person. Example: IP addresses, life insurance numbers, biometric records and many other factors which can be helpful in tracing back a person.

Data Masking: It is the process involving data scrambling and character replacement such that data remains structurally same. It basically replaces real data with structurally similar fake data used for testing and training. Its aim is to guard a person’s identity by removing or hiding personally identifiable information. Algorithms used in data masking (Substitution or Shuffling) are difficult to be reversed but uphold strict data formats so that testing can be done easily without compromising on security of confidential data.

Deep Magic: It’s a term which apply to complex code which is used by programmers but not fully understood. Due to its complexity it can’t be understood widely but its one of the effective techniques to defend vulnerabilities.

COMPUTING SECURITY CONCEPTS:

Vulnerabilities:

It is a term used to describe the flaws or weaknesses of an application storing valuable data which can be a potential prey to an attacker.

Hardware, Software or Operating System can be one of the elements open to threat or an malicious attack. Softwares being one of the most weakest point of security. Some of the vulnerabilities are:

Weak Passwords being set by either users or admins.

Applications with bugs giving unexpected results.

Broken Authentication and Session Management

Downloadable Codes having no Integrity checks.

Using out-dated software or operating systems.

URL averted to spoofed sites.

However, there are many vulnerabilities but one can be shielded from these shady attackers by being aware and following some precautions:

From the user’s point of view one should set strong passwords or by being aware of phishing websites or by being aware about the updation of softwares . Also in case of mobile applications, one should be careful about the permission user is granting to that application.

From the company point of view who store a large amout of data which if accessible to its rival companies can turn out be a major loss for them. So, they should frequently test their systems for all possible vulnerabilities and think from a hacker’s point of view to give their information best security.

Personal Security:

It is a basic concept which holds a major importance in everybody’s life whether it’s a IT professional or a lay man carrying out his various basic activities and transactions.

Mostly, all of the common users of technology know how to use the technology and what ways it can benefit them but what they rarely know is the importance of their data security or more specifically personal security. At large people keep weak passwords or keep the same passwords for various sites, which makes their data unsafe. Beacause hackers attack those sites or blogs which are inactive or traffic and security is low for the same reason that people keep repetitive passwords.

Most disastrous example of repetitive passwords is when hackers get the access to bank account details through these inactive or insecure websites and get rich illegally. Some tips to have a strong password to keep one’s confidential data secure:

Choose words which are not unavailable in dictionary.

Do not share passwords through e-mails or through social messaging apps.

Trying to keep different passwords for different websites.

Not keeping very relatable passwords like birthdates, names, etc.

Hacking And Hackers:

Hacking is an art of exploitation of computer systems(either for personal motives or professional) or public or private networks. It can be better defined in some cases as unauthorized access to confidential data.

Hacking is not a term which can be clearly categorized as authorized or unauthorized or rather legal or illegal.

To have a better understanding of hacking, we should know about hackers who are the protagonist of the whole cybersecurity story.

Hackers are the people who put into action the art of exploitation. However, not all hackers use legal ways to exploit (exploit PC’s or networks without authorization). So Hackers are classified according to the objective of their actions.

White Hat Hacker(Ethical Hacker): He or she is the one to access and fix the vulnerabilities by the authority of the owner.

Black Hat Hacker(Cracker): He or she is the one who gains unauthorized access for their personal gains such as ATM Fraud,Electronic funds transfer,privacy violation, etc.

Grey Hat Hacker: He or she is the one does break into systems view weaknesses but eventually discloses them to the owner of the system.

CIA Model:

This acronym defines the goals of cybersecurity i.e., CIA stands for Confidentiality, Integrity and Availability.

Confidentiality: It means that information or data should be accessed by the correct person in charge with the correct permission. If any one of the condition goes wrong that is either information is viewed or accessed by incorrect person incharge or without permission,the goal of confidentiality goes away.

Confidentiality is put on practically through encryption.

Integrity: It means that data should be secure even when it’s not in its stagnant position. So, while data is being transmitted or dealt with, it should be secure(Not even a bit of should get changed).

The central way integrity is achieved is through Hashing.

Availability: It means that by accomplishing above mentioned goals, the processes of companies should be smoothly running. And for smooth running we should never fall to be a victim of DDoS(Distributed Denial Of Service).

AAA Model: It is an acronym for one of the most important model for secure networks. In the acronym, first of the three A stands for Authentication.

Authentication: It is common term which simply means proving that one is a genuine user of that system or more specifically the process or action of validating the individuality of a user or process.The process can be done in one of three possible forms: Something one knows,like a password; something a individual has, like a key fob; something one really is-- biometrics.

When we merge more than one of these forms,

that's called multifactor authentication, and it is the future of authentication. But in the present time we use Two-Factor Authentication, in which we uses the factors what a individual knows i.e. password and what an individual has i.e. an OTP given through a text or an email. 2FA(Two-Factor Authentication) are not that secure as SMS messages can be intercepted or readdressed.

Authorization: It is the A in the triple –A acronym which means to have the permission to have access to data or information. It can be easily understood by an example of any company’s management levels in which an HR employee can access the data of its employees under him (like projects one is currently assigned and the progress). And the head of all HR’s of all regions can access data of all these HR’s. Therefore, it can be said most of the times authorization functions in hierarchy.

Accounting: It is third A in the triple-A acronym which means tracking the activities of the user after he hd authenticated and authorizated to do so.

Threat Agents: It is everything and anything that is of potential danger that can damage or distrupt or change one’s data. It can be hackers but not always they are the only threat agents. It can also be natural calamities like fires, floods or earthquakes.

Threat actors carry out the threat by exploiting the weaknesses.

Exploitation means intruding into a system by using the tools or methods used to intrude into a system and take advantage of data present in the system. Risks or Threats can be decribed as binaries or they are the combination of zero percent probability and hundred percent probability. But while treating these risks or weaknesses, we can never eliminate all the risks. Either we can mitigate it or transfer it, but whatever measure we take never gives the 100% positive result.

Security V/S Convenience: Security and Convenience are the two terms which are very essential for a stable and prosperous future of a company. Security of company’s data is described above by the AAA model (Authorization, Authentication and Accounting) and convenience simply means one can access data with ease. But relationship between these two concepts can be understood by taking an example of a swing or see-saw. When one side sets off other does the opposite. If we keep high on security, we loose convenience which means progress will be slow as employees wouldn’t be able to work with ease. But processing the other way down, we can loose our data to rival companies which can bring us down.

In simple words, to get the best of both worlds, we need to create a balance between the two.

COMPUTING SECURITY PROBLEMS:

Data Breaches:

A data breach is the intended or accidental circulation of protected or confidential data to an unfaithful or rival location.

Incidents vary from concentrated attack by black hat hackers (discussed above) allied with planned illegal activists for political gain or for personal gain. One thing that every user or owner of data loses is confidentiality.

From past few years, these incidents are increasing in numbers putting a lots of money into illegal activists pocket which in turn puts the digital future into risks.

Some of the data breaches which made news in past few years are:

Yahoo: It took place in 2013-14 where data which was compromised were users email id, telephone numbers, birth dates, and even security questions and their answers as well. Initially it affected 1 billion users but eventually at the end of 2014 it affected 3 billion users.

E-Bay: This incident took place around May 2014 in which rendered names, addresses, dates of birth and encrypted passwords of about 145 million users. And probably it was done by intruding into the company’s network and using credentials of some employees. However, company claimed that no financial information was out as a prey and the users were requested to change their passwords. But, it wasn’t implemented in its best way.

Uber: It happened in late 2016 which made public the data consisting of personal information of about 57 million Uber users and about 600,000 Uber drivers. Data of users consisted of their email ids, phone numbers , passwords ,names and driving license numbers of Uber drivers but fortunately social security numbers were safe and secure.

TimeHop: This data breach took place in July,2018 where anonymous attackers intruded into their Cloud Computing Environment and access the data of entire 21 million users, comprising of their names, email addresses, and about 4.7 million phone numbers attached to their accounts.

These were only a few to mention there is a lot more data which got stolen and putting future to risk.

Rising Cybersecurity Threats:

With increasing advancement in technology, threats are also increasing day by day. One of the most disastrous threat or attack was that of Ransomware Attack which still creeping inside every possible System. The attackers locked and encrypted the systems with a warning if they don’t agree to pay their Ransom amount for decryption key they would publish or misuse their data. These attacks were not only on big and small firms but also captured personal systems. As new technologies develop for good but they also bring in some troubles. For example, Internet Of Things(IoT) provides us the inter-connectedness at its best but this central idea of this technology also brings in the most vulnerabilities which might lead to some serious cyber attacks.