A system of safeguards that is meant to protect a computer system and its data from damage, whether it be intentional or unintentional, or access by individuals or users who are not permitted is what is referred to as computer security. This indicates that it is of the utmost importance to protect the system against a variety of dangers, including those posed by natural catastrophes, fire, accidents, vandalism, industrial espionage, hackers, and other types of white-collar crimes.
In addition, security refers to the safeguarding of computer-based resources, including hardware, software, data, processes, and people, against unwanted access, modification, or destruction.
In computer installations, the need for security may be analysed from a variety of perspectives, including physical security, terminal security, data security, programs/software security, process security, communication and network security, and so on.
Physical protection: There is a significant propensity to regard these technological behemoths as pricey playthings, which are then shown for any important clients or guests who may be present. Therefore, it is necessary for each and every computer centre to have some kind of physical security.
Unauthorized entrance: The doors to the computer room should be closed at all times, and regular access and exit should only utilise one of the doors. Whenever there is a security breach or an apparent threat from some source, such as the theft of certain hard discs from the computer centre of a bank, changes in access rules and requirements should be implemented.
Restricted access: Because security also involves attitudes, staff of the computer centre should be encouraged to question any unfamiliar people they see in the operational area or computer centre. This will help ensure the safety of the facility. In addition, clients, school groups, or older people should NOT be permitted to take tours of the computer centre. When there are fewer individuals in the vicinity, there is a lower likelihood that there will be a security breach.
Use of backup files and records: The loss of critical records such as account receivable can prove to be a true tragedy for a firm, hence it is crucial to use backup files and data wherever possible. Inside the computer area, there ought to be personal lockers available for the people who are working there. Except for when they are transported to the library, disc files and tapes should never leave the computer room. It is necessary to demand passes for any records of this kind that are required to leave the building in order to be transported to another place.
It is possible to access a computer from a remote location, whether it be in the same building or thousands of kilometres away. It is possible that providing physical security in the form of controlled access to the computer centre is not as critical as providing terminal security for access to the computer.
There are several entry points for malicious actors into the data files that are managed by the firm. It’s possible that some of these methods will result in individuals engaged feeling ashamed. A firm has a general obligation to keep some information secret, and in circumstances like these, when it may be proven that the company was careless, the company may be subject to legal liability. This is important to have in place in the event that there is a fire at the computer centre.
The first step in establishing security is to choose responsible staff members who are not only competent to do the tasks at hand but also have received enough training in the relevant skills. Before a new hire is placed on the payroll, the individual’s previous employment should be verified, and they should also be put through some sort of competency test. It is to one’s advantage to have someone keeping an ear to the ground, as unfavourable information is frequently accessible if there is someone to listen to it.
It is helpful to plan and schedule a computer installation in order to regulate the work that is done and to allow for work to be done that was not scheduled. This will make it easier to keep a record of the individuals that visit the computer centre. It is essential to have a routine backup mechanism in place, in which processed files and programmes are regularly duplicated onto tapes or other disc files, and then these copies are transported to a safe location, such as a bank vault or a fireproof safe in a different part of the country.
It is important to ensure that communication with other internal and external locations is sufficiently secure in order to ensure that the data are transferred accurately. Just as the transmission of data within the central processing unit is checked by the use of various hardware controls, so too is it important to ensure that this communication is secure. It is important to keep in mind that during data transmission, the message that is being transmitted is only being received by the intended recipients.
The message must have a proper header attached to it, and that header must be able to convey the message’s whole length. This may be verified by the computer that is receiving the message to ensure that it has gotten the entire message in its entirety.
The network provides a unique security dilemma. The system is accessible to a large number of users, many of whom do so from a distance. To begin, Network Operating Systems include fundamental security functions, such as user identification and authentication, most often via a password. Other functions fall into this category as well.
Supervisors of a network are required to give individual users varied levels of access permissions. The word processing programme, for instance, was accessible to all users, whereas the payroll files were restricted to just a subset of users. Some network software can impose a cap on the number of times a user can access a specific file, as well as produce an audit trail that details which users saw which files. This will make it easier to keep track of who logs in or has access to any file (s).
In addition to controlling access to the network, businesses need to be worried about unauthorised individuals capturing data while it is in transit. These individuals might be cybercriminals, industrial spies, or thieves. It is possible that data being carried across communication lines is scrambling the message, which means that it is placing them in a code that can only be deciphered by the person who is receiving the message. Take for instance the correspondence that goes on between two presidents or CEOs.
Encryption is a procedure that may be used to safeguard your systems and is sometimes referred to simply as encryption. There is software available for personal computers that can encrypt data. File encryption, a keyboard, and a password are examples of the kinds of security measures that are often included in a package.
The more experienced users of most systems are familiar with at least one method that can cause the system to crash and prevent other users from gaining permitted access to the information that has been saved. No matter how high of a level of functionality is offered, the value of a collection of protection mechanisms is determined by a system’s capacity to stop security breaches. This is true regardless of the amount of functionality offered.
The accumulation of relevant experiences has led to the discovery of several helpful principles that can serve to direct the design and contribute to an implementation that is free of security issues.
The following are eight examples of design concepts that are particularly applicable to safety mechanisms:
For the sake of the mechanism’s efficiency, try to keep the design as straightforward and compact as feasible. As a consequence of this, it is required to employ methods such as the inspection of software on a line-by-line basis and the physical examination of hardware that implements mechanisms. It is vital for such procedures to have a compact and straightforward design in order to be successful.
The use of permission rather than exclusion as the basis for access choices is a fail-safe default. This concept lays forth the requirements that must be met before access may be granted. For a design to be considered conservative, its foundation must be arguments in favour of making items accessible, rather than reasons why they should not be. Any error in the design or implementation of a mechanism that grants explicit permission will often cause the mechanism to fail and deny permission since the error will be discovered very soon.
Full mediation requires that each and every access point to each and every item be verified for authorisation. It provides a comprehensive overview of access control, including initialization, recovery, shutdown, and maintenance, in addition to regular operation. It suggests that a mechanism that can unequivocally identify the origin of each request has to be conceived of and developed. In the event that there is a transfer of power, it is necessary to methodically bring such previously remembered outcomes up to date.
Open design: the layout of the product should not be kept a secret. The methods shouldn’t rely on the ignorance of possible attackers; rather, they should rely on the ownership of special keys or passwords that may be more readily guarded against prying eyes. In addition, it is possible to provide any user who is sceptical the opportunity to persuade themselves that the system they are about to use is suitable for the task at hand. In conclusion, it is simply not practical to make an effort to keep any system’s details secret if such a system is designed for widespread dissemination.
A protection mechanism that requires two keys to unlock is more durable and adaptable than one that gives access to the presenter with only a single key. This is because separation of privilege ensures that access can only be granted to the person who is in possession of both keys. This idea is frequently implemented in the operation of bank safe deposit boxes. It is also at work in the defence system that will only launch a nuclear bomb if the appropriate command is given at the same time by two distinct persons. Within the context of a computer system, separated keys refer to any circumstance in which access must first be granted contingent upon the fulfilment of two or more conditions.
Least privilege is a philosophy that, in the first place, reduces the amount of harm that may be caused by a mistake or an accident. In addition to this, it cuts the number of potential interactions that may take place between privileged users down to the bare minimum required for correct operations. This makes it less likely that unintended, undesired, or incorrect uses of privilege will occur. Therefore, if there is a question regarding the inappropriate use of a privilege, the number of individuals who need to undergo an audit is kept to a minimum. This idea is shown by the “need-to-know” rule that is used for the protection of military personnel.
In conclusion, the computer system offers a strong instrument for the processing and storing of information, but it also offers a powerful tool for misusing the same information in inappropriate ways. If the appropriate safeguards to prevent unauthorised access to the system are not put into place, even the most advanced computer systems are susceptible to security breaches.