Tuesday, February 21, 2012

Computer Security

As computers are very delicate equipments they are very of chips, damage of data by viruses, data corruption, data error in reading by disk heads etc. They are sensitive to heat, light, smoke and dust. The possible calamities are burning
Computer security refers to the protection of the computer resources from accidental, intentional, or natural disaster including theft, physical damage, heat, power management, illegal access, data privacy, virus infection etc. The protection of computer, its accessories, data and programs for a long lasting of computer system is termed as computer security. Computer security is a branch of technology known as information security as applied to the computers. The objective of computer security varies and can include protection of information from theft or corruption, or the preservation of availability as defined by the security. The computer security is concerned with physical security of building, the protection of the software and hardware etc. Security can be defined by as safety against attack or failure. Computer systems also need to be protected from attack or failure.

The steps taken to protect against the attack or failure are known as security measures. There are different problems we face while working in a computer system environment. Power or supply to a computer may fail especially in bad weather; program or packages may contain bugs. Computer Media such as disk or hard disk or tapes may become corrupted, data may be lost. Even the working staff may be careless or do some criminal type of activities.

Threats to security
Today’s organizations are dependent on their information system and most could not survive the devastating effects of their destruction. Threats to the information system include the human error, computer crime, natural disaster, war or terrorist activities and hardware failure.

Threats to security Example

Human error Mistakes in data entry
Program error
Operator errors(using wrong data or instruction)


Computer crime Hacking (unauthorized access) and stealing data
Modify data illegally
Injecting viruses or logic bombs or WORMS
Natural disasters Fire, earthquake, hurricane, flood
War and terrorist activity Bombs, fire

Hardware failure Power failure
Disk head crash
Network failure

Risks Analysis

The first step in defining a security policy is to establish a clear picture of what the risks are and what the company stands to lose of disaster strikes. This risk analysis could include finding- the nature of data being stored in the system, the data used, the access to the system, money the company stands to lose if the data is lost, corrupted or stolen.

The computer security can be categorized in to hardware security and software security. They are: -
 Hardware Security
 Location
 Regular Maintenance
 Ventilation and light
 Protection from theft
 Fire Protection
 Electric Power Supply
 Air Conditioning (Dust free)
 Furniture
 Access Control
 Computer
 Building Construction and Design(Building and equipment security)
 Insurance

 Software Security
 Security of Data
 Safety from viruses

Hardware security
The protection of all hardware components used in computer system is known as hardware security. Hardware security includes all types of checks to detect the errors and even to correct them. Now a day’s modern computer (processors) includes special engineering controls inside it. Such type of controls detects the malfunctions arising or existing in the system and records them so that engineers can remove the faults afterward. Some hardware diagnostic facilities are available to find the faulty components or units of the computer system.
With the help of the parity check disk and tape transport system checks are carried out to ensure that data is correctly stored.

Such hardware checks are included by the manufacturers. The user also should feel his responsibility to keep the secure and properly working computer system. Other factors affecting the computer’s hardware security are as follows: -

Location
The location where computers are kept determines many of the risks that affect it. Any such location (site) is subjected to many natural risks such as stability of ground and weather conditions. Thus, the risks inherent in the computer location need to be assessed. The other factor or conditions affecting the location are:
Wind, Rain, Snow, Ice, Floods, Lightening, Land slip, Fire etc.

Regular maintenance
Computers are delicate machines. They need regular maintenance, cleaning and configuration of new hardware, removal of unnecessary files, etc.

Ventilation and light
The temperature of the room is to be maintained i.e. about 18 to 24 degree Celsius. Very cold temperature or very hot temperature can affect the computer and lead t cease the work. The room should be clean bright, and closed so that no dust can enter the room. Exhaust fans are to be installed to blow the dull and humid air out of the room.

Protection from theft
There should be certain preventive measures for the protection from the theft. Grills in the windows and safety lock are required on the doors of the computer room.

Electrical power supply
No computer can operate without power supply. Computer needs 220 Volts (AC) to 240 Volts (A.C) supply as the input voltage to its Power Supply Unit. The voltage fluctuation may damage integrated circuits of computer chips because these are the most sensitive parts of the computer. Frequency of AC (Alternating Current) Supply should be 49.5 Hz to 50 Hz.

UPS
An Uninterrupted Power Supply (UPS) is the One which provides uninterrupted supply of power incase of failure of regular supply to the computer system. Whenever there is power cut or supply problem, automatic switches takes place between regular supply line and the UPS and without interruption, a continuous or constant supply to the computer is maintained. Hence data or program loss or any electric damages to any unit or circuit will not take place. It acts like a buffer between incoming power supply and the computer system. It constantly monitors the quality and characteristics of the power supply. A standby generator with battery supported UPS can maintain supply. Such a generator need very high capital cost.

Volt guard
Volt guard is another important power protection device. It provides constant output voltage to the computer system in case of high input voltage coming from the source. High and low voltage can affect the computer system. It plays an important role to save the computer system from the damage due to high voltage. In case high input voltage comes from the source, it provides constant output voltage between the ranges of 220 to 240 volt.

Spike guard
Lightening occurs mostly in the rainy season that can cause sudden increase in the voltage level of the AC line supplied to our house. The voltage can increase up to 2000V in our normal 220V supply. It can severely damage our electric device. This sudden over voltage is known as spikes. Spikes are very brief over voltages up to 2000V or more caused due to lightening, power line faults etc. To protect our electric devices from these spikes we need the special equipment called spikes guard. Spike guards are the electronic devices that remove the spike and prdvent it from entering into the main system.

Fire Protection
Fire protection is also necessary for the computer security. Computers can easily catch fire. The electronic circuits and the hardware components get damaged due to fire. So it should be protected from fire. Fire extinguisher must be installed in the room.

Air Conditioning (dust free)
Large computers dissipate too much heat, so ventilation is required to maintain temperature. For a mainframe computer or a mini computer certain environment is needed. A dust free atmosphere is to be maintained which is possible with air conditioning plants. Rise in temperature inside the computer room leads to over heating of computer (i.e. IC chips, transistors etc.), moisture precipitation. Computer components are delicate to dust and smoke. To protect from dust and smoke they should be kept in neat and clean rooms which are air conditioned.

Furniture
The furniture required in each computer differs from office to office, place to place. However the height of the keyboard and the chair should not be more than 10 inches. The eyelevel and the screen should be at the same level.

Access Control
Unnecessary persons should not be allowed inside the computer room. The entry and exit point of the computer room should be controlled and monitored properly.

Computer
We should all know how to use a computer. We should check the computers regularly. The computer and other electrical devices are not to be connected from the same point. They are to be connected with voltage stabilizer to the main power supply point.

Building Construction and Design
Proper building or Housing for the computer system makes an important contribution to the security of computers. The structure of the building should have fire resistance and sound construction. Sufficient space should be kept for expansion of the computer equipments. There should as few doors as possible to the exteriors. The number of doors and windows should be less. Emergency doors and windows are to be constructed.

Personal computer requires a small space, about a normal size room table and a chair while mainframe and mini computers require quite a large space. The walls may be painted white or pink so as to control dust and smoke. There can be Smoke detector.

Wall to wall carpeting of Vinyl Asbestos is advisable as it protects from static charges of electricity. The room needs frequent cleaning with vacuum cleaner because no dust should be thrown in a computer room. Besides biometric methods including fingerprint, hand print etc. can be used to gain access to a room or to a particular terminal.

Insurance
Computer needs insurance as it helps the user to reimburse in case of occurrence of any calamities of theft, loss of data, fire etc.
These are the main preventive methods for long life of computer and its accessories.

Software Security
Protecting our computers from viruses, security threats, and other technology risks has been a top priority for ensuring data safety and computer functionality is called software security. Computer security software can help us protect important documents, maintain program stability, and even prevent hackers and Trojans from entering our internal networks.

Software security is one of the important security measures required for a safe computer. The security of software includes security of both application programs and system software. From the security view point, Operating System (OS) is the most important which controls and monitors the entire system. If the system software has been designed with adequate security protection features, different types of computer abuse and malpractice can be prevented.
The operating system should include a set of security features to provide automatic protection. Generally the manufacturer incorporates security features as a part of the operating system or they added as a security package to the operating system. Software security is mainly required for:-
1. Prevention of loss of data.
2. Prevention of data and software program privacy.
3. Prevention of corruption of data
4. Prevention of error reading of data.

Whether it’s a small computer or the one that is for personal use, computer security software is essential for maintaining a well protected computer system and tracking all the program files.
The software having proper security system is able to:
1. Identify each and every system user.
2. Maintain a log of all usage.
3. Maintain properly the access control over data, program, resources, so that only the authorized user are allowed to access them.

Security Of data

The security of data is concerned with the control of circulation of information or data. The protection or security of data is the ethical use of data. It imposes the restrictions on the data stored in the computer system and the purpose for what it is to be used. Other aspect of data security is that inaccurate data should not be used.

Safety from Virus
Computer Viruses are a small computer program written by the computer criminals. The computer viruses affect the computer system resulting top the malfunctioning of the system. It is an agent insinuating into a program or a disk and forcing its host to replicate the virus code. It behaves as a destructing agent to the computer hardware or software. Today’s most common threats include computer viruses, Trojans, and worms, online ID theft, malware downloads false security threats by malicious self-called ‘anti spy ware’ program and unauthorized program downloads that can lead to system instability.

The following are the major harmful activities done by the viruses to the computer system:
a. They change the orderly arrangement of the program (e.g. package with or some other programs or hangs after running).
b. The data are lost whenever infected by some virus.
c. The size of file is altered.
d. When a file is infected by a virus there is every chance that it spreads to most of the other important files.

Viruses are mostly made to protect programs from the privacy, to introduce entertainment during the use of program, and to let the software companies to earn more money.

There are more than three thousand types of virus but according to the nature they are classified into three categories:-
a. Start up infector
b. system infector
c. General purpose application infector.
Thus, Viruses arises many problems, loss of programs and data which in turn results into wastage of money and manpower. So it’s wise to prevent our system from viruses. These are the following steps to be protected from viruses:
 Do not download any program from infected floppy disks or any networks to the hard disk of our computer unless we are confirmed that it is virus free.
 Not booting our computers with virus infected disks.
 Checking any diskette from friend or a unknown person before inserting into the drive.
 Keeping backups of our programs or data whenever we update it.
 Always keeping the backup of .Com, .Exe and Data files.
 Regular check of viruses in the computer and their elimination
 Using firewall from protecting from downloading of cookies containing viruses.
 Installing Antivirus software that isolates a file containing virus in a special directory and leaves a warning message on the screen.

Software should not only be free from viruses but also from other bugs and errors. Some software measures are:-

1. Password
To prevent the computer the user ca put the password system in the computer. Password protection prevents unauthorized access. We should prevent the use of computer by unnecessary persons. We should have password protection for our software access.

Maintenance of hard disk using defragmentation of files to manage and store fragmented files should be done. The passwords should change time to time and should not be revealed to others. Access rights will be assigned to each user depending upon their position in the organization.

2. Hard lock key
Hard lock key is a kind of checking point available within the software during its running time. The user must type a kind of password when the software asks the hard lock key to be typed. If it matches the software runs, otherwise it doesn’t work. Thus it protects the software piracy.

3. Backup
Sometime the software or the database stored in the hard disk could be damaged due to crash of the disk or due to virus. This can lead to a great deal of loss if we don’t have the backup files. Thus to prevent this problem the user must create the backup from time to time.

Operational security
Many PC LAN security packages include an audit control. It tracks what happens to a network. Like:-
1. Which user have logged on, from where and for how long.
2. How many times a server have been acbessed by which user?
3. Which software has been used?
4. Which files have been accessed by which users?
5. How many unsuccessful attempts were made to log on from any terminal (To detect hackers trying to guess the password)?

Security Policy
Proper security policy is to be made without costly overkill. A typical security policy will cover the following aspects:
• Awareness and education:
- Training and education requirements
- Timetable for training/ education
• Administrative controls:
- Defining formal procedures and standards
- Careful screening of personal during the hiring.
- Disciplinary procedures in the event of security breaches.
• Operational Controls:
- Backup procedures
- Control of the access to the data centers by means of smart cards, ID badges, sign- in sign- out registers.
• Physical protection of data:
- Controlled access to the sensitive areas
- Protection against fire and flood
- Uninterruptible power supplies
• Access control to system and information
- Identification and authentication of the users
- Password protection
- Different levels of access for different users according to their needs
- Different access rights, e.g. read only, read write, read – write- update, etc.
- Encryption of sensitive data.
- Detection of misuse and multiple attempts to get a password correct.
• Disaster recovery plan

Beside we can scan the files using scandisk that finds the files corrupted and repairs them and essential files should be encrypted i.e. should be converted into codes.
Also communication security measures like callback, hand shaking and encryption can be used.

These are some of the ways ve can protect, prevent, and secure our computer components from different factors and keeping it safe and secure for the prosperity of the user as well as computer and its contents.