With the growing popularity of technology and its ubiquity, computer security is a serious issue to address to. As systems and devices now come up with wireless connections, there could be a variety of security threats that may occur by unidentified access. For instance, research had been conducted to discover the power of hacking into devices like pacemakers and cars have shown that hackers, once obtaining access, can now control the devices completely. Therefore, it will not be an exaggeration to think that this opens up opportunities for crimes as serious as murder. The worst part is that the criminal can now do this without potentially being identified.
Computer security has everything to do with anything that protects computer-based equipment from any alterations caused by unintended or unauthorized access. In the attempt of understanding how computer security works, let’s take a look at the kinds of threats that any user can be a victim of:
1. Backdoors: bypasses access authentications and enables connection with distant servers with the attempt of being undetected.
2. Denial-of-service attack: blocks access or makes it unusable. 3. Direct access attacks: by accessing the victim’s device directly and install viruses, malwares etc.
4. Eavesdropping: being able to obtain private information shared by two or more hosts in a network.
5. Exploits: by taking advantage of the bugs of software and using it to give unexpected outcomes once executed.
6. Indirect attacks: Using another user’s device to launch and attack to be untraceable.
Computers can be secured by three processes: threat prevention, detection and response. Cryptography, Firewalls and Intrusion Detection Systems can provide basic security from unauthorized access. Softwares are being designed from the scratch with security as one of the prime objectives to attain.
Some of the techniques in this approach include:
• The principle of least privilege: Systems with its parts having only the privileges necessary to perform their function. This limits the hacker’s access.
• Automated theorem proving: Proves that the software’s subsystems are correct and accurate.
• Code reviews and unit testing: If mathematical proofs cannot be formulated to ensure correctness modules are created for security.
• Defense in depth: changes the design to an extent that violating one subsystem does not suffice to hacking procedures.
• Default secure settings, and design to "fail secure" rather than "fail insecure": The system is aware of the legitimate authorities that can violate its security protocols and is able to decide for it.
• Audit trails tracking system activity: In the event of unauthorized access, the process and the extent of the breach can be identified. This hinders intruders from protecting their identity.
• Full disclosure of all vulnerabilities: increase the knowledge base that helps to limit the hacking opportunities even with bugs.
Even with all these novel and innovative ways to secure computers and minimizing victims, much work is needed to be done with the increase of their usage and the incoming of new threats.