AI News, Difference between revisions of "Basic Computer Security/Introduction"

Difference between revisions of "Basic Computer Security/Introduction"

The aim of this book is to instruct the reader on numerous topics of computer security, such as passwords, privacy, encryption, and networking.

This book is written for a reader with little to no previous knowledge of security issues, but one who is familiar with the basic functionality of his or her computer's operating system.

Under each heading you will find a short description of the contents of that section, which may assist you in determining which parts of the book are relevant to your needs.

short word of warning before we begin: Any book on the subject of security is likely to enlighten the reader on a variety of nasty things that could potentially happen to him or her.

It is our hope that by reading this book you will learn more about the world around you and gain valuable knowledge and understanding that will help you protect yourself, your privacy, and your information.

Basic Computer Security/Introduction

This book is written for a reader with little to no previous knowledge of security issues, but one who is familiar with the basic functionality of his or her computer's operating system.

Reading this book should give you a basic understanding of the processes needed to secure your home computer and home network, as well as protect your privacy and data on the web.

(Also visible on the top right of the page.) This feature will facilitate returning to the index to move on to the next section, to return to this introduction, or to re-orient yourself if you click on a link and find yourself lost.

short word of warning before we begin: Any book on the subject of security is likely to enlighten the reader on a variety of nasty things that could potentially happen to him or her.

It is our hope that by reading this book you will learn more about the world around you and gain valuable knowledge and understanding that will help you protect yourself, your privacy, and your information.

Malware will introduce you to and describe the main malware (malicious software) threats that your computer will be subject to, and will then teach you how to safely and effectively eliminate them.

These topics include the encryption of data, setting user account controls and ensuring your computer is physically secure, to prevent theft of your important or sentimental data.

The Information Security Triad: Confidentiality, Integrity, Availability (CIA)

Upon successful completion of this chapter, you will be able to: As computers and other digital devices have become essential to business and commerce, they have also increasingly become a target for attacks.

In this chapter, we will review the fundamental concepts of information systems security and discuss some of the measures that can be taken to mitigate security threats.

Just as a person with integrity means what he or she says and can be trusted to consistently represent the truth, information integrity means information truly represents its intended meaning.

Integrity can also be lost unintentionally, such as when a computer power surge corrupts a file or someone authorized to make a change accidentally deletes a file or enters incorrect information.

For example, a stock trader needs information to be available immediately, while a sales person may be happy to get sales numbers for the day in a report the next morning.

The most common way to identify someone is through their physical appearance, but how do we identify someone sitting behind a computer screen or at the ATM? Tools for authentication are used to ensure that the person accessing the information is, indeed, who they present themselves to be.

The primary drawback is that each information resource is managed separately, so if a security administrator wanted to add or remove a user to a large set of information resources, it would be quite difficult.

With RBAC, instead of giving specific users access rights to an information resource, users are assigned to roles and then those roles are assigned the access.

Encryption is a process of encoding data upon its transmission or storage so that only authorized individuals can read it. This encoding is accomplished by a computer program, which encodes the plain text that needs to be transmitted;

This type of encryption is problematic because the key is available in two different places.  An alternative to symmetric key encryption is public key encryption.

Not only should the data on the corporate servers be backed up, but individual computers used throughout the organization should also be backed up. A good backup plan should consist of several components.

Additional concepts related to backup include the following: As information has become a strategic asset, a whole industry has sprung up around the technologies necessary for implementing a proper backup strategy.

A company can contract with a service provider to back up all of their data or they can purchase large amounts of online storage space and do it themselves.

A firewall protects all company servers and computers by stopping packets from outside the organization’s network that do not meet a strict set of criteria.

Some organizations may choose to implement multiple firewalls as part of their network security configuration, creating one or more sections of their network that are partially secured.

This segment of the network is referred to as a DMZ, borrowing the term demilitarized zone from the military, and it is where an organization may place resources that need broader access but still need to be secured.

Through a combination of software and security measures, this lets an organization allow limited access to its networks while at the same time ensuring overall security.

An organization can implement the best authentication scheme in the world, develop the best access control, and install firewalls and intrusion prevention, but its security cannot be complete without implementation of physical security.

To implement physical security, an organization must identify all of the vulnerable resources and take measures to ensure that these resources cannot be physically tampered with or stolen.

A good information-security policy lays out the guidelines for employee use of the information resources of the company and provides the company recourse in the case that an employee violates a policy.

According to the SANS Institute, a good policy is “a formal, brief, and high-level statement or plan that embraces an organization’s general beliefs, goals, objectives, and acceptable procedures for a specified subject area.”

As the use of mobile devices such as smartphones and tablets proliferates, organizations must be ready to address the unique security concerns that the use of these devices bring.

For an employee with malicious intent, it would be a very simple process to connect a mobile device either to a computer via the USB port, or wirelessly to the corporate network, and download confidential data.

When an employee does have permission to access and save company data on his or her device, a different security threat emerges: that device now becomes a target for thieves.

According to a 2013 SANS study, organizations should consider developing a mobile device policy that addresses the following issues: use of the camera, use of voice recording, application purchases, encryption at rest, Wi-Fi autoconnect settings, bluetooth settings, VPN use, password settings, lost or stolen device reporting, and backup.

In some cases, it may even make sense to install remote data-removal software, which will remove data from a device if it becomes a security risk.

If a system’s security measures make it difficult to use, then users will find ways around the security, which may make the system more vulnerable than it would have been without the security measures!

If the organization requires an extremely long password with several special characters, an employee may resort to writing it down and putting it in a drawer since it will be impossible to memorize.

The same holds true for us personally: as digital devices become more and more intertwined with our lives, it becomes crucial for us to understand how to protect ourselves.

Cybersecurity: Crash Course Computer Science #31

Cybersecurity is a set of techniques to protect the secrecy, integrity, and availability of computer systems and data against threats. In today's episode, we're ...

Understanding the Basics of Cyber Security to prevent your digital Doomsday

A good IT-Infrastructure is the backbone of a company. But what if the backbone becomes fragile? Companies/Softwares like FireEye, Kaspersky or Cylance are ...

Wireshark Packet Sniffing Usernames, Passwords, and Web Pages

Subscribe! - In this beginner tutorial, I demonstrate capturing packets with Wireshark. Protocols that are analyzed are Telnet, SSH, FTP, ..

Privacy Law Handbook

BOOK REVIEW PRIVACY LAW HANDBOOK Legal Handbooks General Editor: Keith Mathieson Law Society Publishing ISBN: 978-1-85328-843-2 ...

Post Scarcity Civilizations & Privacy

Start protecting your internet experience today with 77% off a 3 year plan by using code 'ISAAC' at This episode begins an ..

Introduction to Information Security

Summary Threats to network security: attackers (types of attackers and their motives), malicious code, social engineering Also covers common attacks and ...

Oprah's POWERFUL Secret to SUCCESS Using The Law Of Attraction - Oprah Winfrey Show

Your FREE Gift: LAW OF ATTRACTION Booster MP3 ▻ Free WEALTH Booster MP3 ..

The Secret to Making Powerful Friends | Jordan Harbinger on Impact Theory

Jordan Harbinger is a former Wall Street lawyer who learned how to effectively network and build relationships to survive in a competitive industry. Years and ...

DEF CON 23 - Bruce Potter - A Hacker's Guide to Risk

When the latest and greatest vulnerability is announced, the media and PR frenzy can be dizzying. However, when the dust settles, how do we actually measure ...

DEFCON 17: Hack The Textbook

Speakers: Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Mike Cooper Senior Security Engineer, IPC Systems Hack the ...