Information Technology; Security
The goal of computer security is to prevent computer and network systems from being accessed by those without proper authorization. It encompasses different aspects of information technology, from hardware design and deployment to software engineering and testing. It even includes user training and workflow analysis. Computer security experts update software with the latest security patches, ensure that hardware is designed appropriately and stored safely, and train users to help protect sensitive information from unauthorized access.
The first line of defense in the field of computer security concerns the computer hardware itself. At a basic level, computer hardware must be stored in secure locations where it can only be accessed by authorized personnel. Thus, in many organizations, access to areas containing employee workstations is restricted. It may require a badge or other identification to gain access. Sensitive equipment such as an enterprise server is even less accessible, locked away in a climate-controlled vault. It is also possible to add hardware security measures to existing computer systems to make them more secure. One example of this is using biometric devices, such as fingerprint scanners, as part of the user login. The computer will only allow logins from people whose fingerprints are authorized. Similar restrictions can be linked to voice authentication, retina scans, and other types of biometrics.
Inside a computer, a special type of processor based on a trusted platform module (TPM) can manage encrypted connections between devices. This ensures that even if one device is compromised, the whole system may still be protected. Another type of security, device fingerprinting, can make it possible to identify which device or application was used to access a system. For example, if a coffee shop's wireless access point was attacked, the access point's logs could be examined to find the machine address of the device used to launch the attack. One highly sophisticated piece of security hardware is an intrusion detection system. These systems can take different forms but generally consist of a device through which all traffic into and out of a network or host is filtered and analyzed. The intrusion detection system examines the flow of data to pinpoint any attempt at hacking into the network. The system can then block the attack before it can cause any damage.
Network security is another important aspect of computer security. In theory, any computer connected to the Internet is vulnerable to attack. Attackers can try to break into systems by exploiting weak points in the software's design or by tricking users into giving away their usernames and passwords. The latter method is called phishing, because it involves “fishing” for information. Both methods can be time consuming, however. So once a hacker gains access, they may install a backdoor. Backdoors allow easy, undetected access to a system in future.
One way of preventing attackers from tricking authorized users into granting access is to follow the principle of least privilege. According to this principle, user accounts are given the minimum amount of access rights required for each user to perform their duties. For instance, a receptionist's account would be limited to e-mail, scheduling, and switchboard functions. This way, a hacker who acquired the receptionist's username and password could not do things such as set their own salary or transfer company assets to their own bank account. Keeping privileges contained thus allows an organization to minimize the damage an intruder may try to inflict.
Software represents another vulnerable point of computer systems. This is because software running on a computer must be granted certain access privileges to function. If the software is not written in a secure fashion, then hackers may be able to enhance the software's privileges. Hackers can then use these enhanced privileges to perform unintended functions or even take over the computer running the software. In the vernacular of hackers, this is known as “owning” a system.
Computer security professionals have an unenviable task. They must interfere with the way users wish to use their computers, to make sure that hardware and software vulnerabilities are avoided as much as possible. Often, the same users whom they are trying to protect attempt to circumvent those protective measures, finding them inconvenient or downright burdensome. Computer security in these cases can become a balancing act between safety and functionality.
—Scott Zimmer, JD
Boyle, Randall, and Raymond R. Panko. Corporate Computer Security. 4th ed. Boston: Pearson, 2015. Print.
Brooks, R. R. Introduction to Computer and Network Security: Navigating Shades of Gray. Boca Raton: CRC, 2014. Digital file.
Jacobson, Douglas, and Joseph Idziorek. Computer Security Literacy: Staying Safe in a Digital World. Boca Raton: CRC, 2013. Print.
Schou, Corey, and Steven Hernandez. Information Assurance Handbook: Effective Computer Security and Risk Management Strategies. New York: McGraw, 2015. Print.
Vacca, John R. Computer and Information Security Handbook. Amsterdam: Kaufmann, 2013. Print.
Williams, Richard N. Internet Security Made Easy: Take Control of Your Computer. London: Flame Tree, 2015. Print.