Computer System Security
Table of Content
- What is Computer Security
- What is Information System
- How to Develop an Information System
- What is the Goal of Computer System Security?
- Threat Related to Computer Security
1. What is Computer Security
Computer Security is the mechanism for protecting Information System from all possible type of threats like Theft or Damage to hardware, Software and Information store on the system.
Its include protection against steeling of information, private information, physical damage to hardware, corrupting software, unauthorize access to data or information stored on the system, code injection on the system etc.
Computer Security is the major concern in todays scenario. before going in deep of this lets first talk about information system.
Computer system security consist of four basic teams called Assets, Vulnerability, threat, attacker
Assets: Assets are the valuable things for an organization or a person that he want to secure.
Vulnerability: it the loop hole in the Assets.
Threat: it can set of action taken by attacker to take benefit of Loop holes present in the Assets
Attacker: Attacker are the person who want to take benefits of these vulnerability
Computer System Security: it can be define as a mechanism to get ride from these loop hole so that attacker cant able to take benefits of these vulnerability.
2. What is Information System and Its Component
“Information system is the collection of component which take data as input from user and provide output after processing it.”
Note:
Data is raw, facts and figures
Processing include analysis, Sorting and Computation on data.
Major components of information system are
1. Resource/People:
people include person who is skilled one or feeding data to the information system.
Note: Feeding wrong data results in wrong out put mean wrong information.
2. Software:
Software include basically two type of software system software and application software. System software is work like a interface between user and hardware example operating system (Windows, Linux, Unix, Mac OS etc.) and application software is the software which provide specific functionality to the user like tally, paint, word.
3. Hardware:
Its include Input device and output device for taking input from the user and showing output to the user.
4. Networking Devices:
It include all networking devices that is used by computer to connect with outside world. like router, hub , cables etc.
3. How to develop an Information system
Development of Information System consist of following Steps
Step 1: In first step we gather all the requirement of user. The requirement of user can be gather in so many ways like by doing analysis, by taking interview of stack holder, by doing panel discussion.
Step 2: Next phase is designing phase, in this we have prepare the design of Information system with the help of UML Diagram
UML Diagram include Class Diagram, Use Case Diagram, Sequence Diagram, Activity Diagram etc.
Step 3: Next phase is coding phase, In this coding of information system done by developer in any language required to deployed it.
Step 4: Next phase is Testing Phase, In this phase test of information system is done mean that tester check for functionality of software, also check for the requirement like all the requirement is correctly full filled by the software or not.
Note: For testing the functionality of information system tester make use of Test Case
Step5: it is the last Step of Development which is called Deployment. In this we deploy the software at customer site.
4. What is the Goal of Computer System Security?
Basic goal of Computer System Security is to achieve CIA
CIA stands for Confidentiality, Integrity, Availability
A computer system is said to be secure if it provide confidentiality, Integrity and availability to data.
Here Confidentiality is related to the reading of data means only authorized person can only able to read the data.
Here integrity is related to the modification of data means only a authorized person can only able to modify the data.
in last the Availability mean when data/service required it get available to user like in case if DOS attack server denied to provide service.
So it can be conclude that the Basic Goal of Computer System Security is to provide Confidentiality, Integrity and availability to valuable assets.
5. Threat Related to Computer Security
Threat can be define as an action taken place in order to take benefits of loop hole present in the application or valuable assets.
Threat can further categorized into following type
- Interruption
- Interception
- Modification
- Fabrication
Interruption: It is the mechanism in which attacker affect the availability of service or information by disturbing the proper functioning of system
Example of Interruption:
- Cutting communication Line.
- Redirecting packet to individual system.
- Overload the server so that it cant able provide service.
Solution to the attack is Fire wall, replication
Interception: It is the mechanism in which attacker affect the confidentiality of assets by making unauthorized access to data, system or assets.
Example of Interception:
- Obtaining the copy of message.
- Eavesdropping on communication mean silently listening the communication between to process.
- Key logging
Solution to attack is Encryption , Traffic Padding
Modification : It is another mechanism in which attacker make unauthorized modification to data or assets. it is the attack to the integrity of assets.
Example of Modification:
- modifying the content traveling through network
- Making changes in some one sensitive data
- Deleting some one data
Solution to the attack is Encryption, Preparing Backup of data, Intrusion detection system
Fabrication: It is another mechanism in which attacker insert a fake message in the network as authorized user its affect the integrity, availability and confidentiality all.
Example of Fabrication:
- using another identity placing message in the network.
- Relay to previously message, intercepted during interception attack.
- Spoofing
Solution to the attack Fabrication is Authentication, Firewall and Digital Signature
Broadly attacks classified into two type
- Active attack
- passive attack
Active Attack is attack in which modification to data take place. they are easy to identify.
Passive Attack is attack in which reading of data take place. it is not easy to identify as attacker is only reading or observing the activity.
Virus and warms are another potential threat to the security of System.
there are lot of virus, warm which is inserted through internet to the user system with a intension of Steeling data, corrupting software and filling the storage.