Computers have become much more important and popular to our society in recent decades. The computers ability to perform so many tasks speedily and reliably makes it useful for a wide variety of purposes. Therefore much important information is stored on computers. Because people and organisations depend on computers every day for a variety of significant tasks, it is imperative that the systems which are used are protected from loss, damage and misuse. This essay identifies some potential risks to computer systems and software and the safeguards that can be taken to minimise these risks.
A computer security risk is defined as any event or action that could cause a loss or damage to computer equipment, software, data and information, or processing capability. Some of these risks, such as viruses, unauthorised access and use, and information theft, involve deliberate acts, which are against the law. Any illegal act involving a computer generally is referred to as a computer crime. With the advent of the modern day digital computer, a new methodology of crime has been created. Electronic crime is held partly responsible for wreaking havoc in the financial world.
Computer systems are under attack from a multitude of sources today. These range from human threats such as hackers to malicious code such as viruses and worms. The term hacker, though initially a positive term, has become associated with people who try to break into computer systems. Crackers and hackers typically break into systems by connecting to them via modems and logging in as a user. Some do no damage, but merely wander around the system before logging off, while others leave some evidence of their presence by either leaving a message or altering data.
Unauthorized use is the use of a computer system or computer data for unapproved or possibly illegal activities. This may range from an employee using the database for personal activities to gaining access to a bank system and completing an unauthorized transfer Human threats are perpetrated by a person or groups of people who attempt to penetrate computer systems through computer networks, public switched telephone networks or other sources. These attacks generally attack known security vulnerabilities of systems. These vulnerabilities are mainly due to software configuration errors.
Methods used by hackers to gain unauthorised access to systems include password cracking, exploiting known security weaknesses and network spoofing. Password cracking is a technique used to surreptitiously gain system access by using another users account. Users often select weak passwords. The two major sources of weaknesses in passwords are easily guessed passwords based on knowledge of the user (e. g. wifes maiden name) and passwords that are susceptible to dictionary attacks (i. e. brute-force guessing of passwords using a dictionary as the source of guesses).
Another type of method to gain unauthorised access is the exploitation of known security weaknesses. Two types of security weaknesses exist: configuration errors and security bugs. Configuration errors occur when a system is set up in such a way that unwanted exposure is allowed. Then, according to the configuration, the system is at risk from even legitimate actions. An example of this would be if a system exports a file system to the world (makes the contents of a file system available to all other systems on the network). Then any other machine can have full access to that file system.
Security bugs occur when unexpected actions are allowed on the system due to a loophole in some application program. An example would be sending a very long string of keystrokes to a screen locking program, thus causing the program to crash and leaving the system inaccessible. A third method of gaining unauthorised access is networks spoofing. In network spoofing a system presents itself to the network as though it were a different system. Network spoofing occurs in the following manner: If system A trusts system B, system C spoofs (impersonates) system B.
This allows system C to gain otherwise denied access to system A. The easiest way to understand what a virus is, is to think of it as a biological virus. A computer virus also needs a host to infect. In this case it infects programs such as Internet Explorer, Microsoft Word or even the computers Operating System. As compared to a biological virus, a computer virus may be as benign to your computers hard drive as a common cold or as destructive as the Ebola Virus. Viruses are made up of what is called code.
Code is basic instructions that tell the program what to do (i. Show a picture, play a song, etc. ). The computer virus attaches itself to the code and infects the program. When the infected program is run, the virus replicates itself into other programs. This program in turn may infect another program. Viruses may be written to multiply, to damage other programs, to alter files, to delete files or in extreme cases cause physical damage to the computers RAM or disk drives. Some viruses play music, create messages or even play animations that could be considered amusingif they werent causing damage to the system at the same time.
What makes viruses difficult is that, like in the infecting phase, the attacking phase can also wait for some event to trigger it. This means that a virus can wait on a system for years before it actually does anything. Although not all viruses are written to cause damage to a computer system, they exist without the users permission or knowledge and have the potential to do so. Anything that writes itself to a computer disk is stealing storage (i. e. room for other programs) and CPU cycles (i. e. slowing down the system). Some viruses take advantage of the computers operating system to copy itself into other files or disks.
When the infected disk is inserted into another computer, the virus then copies itself onto files on that computers hard drive. The cycle continues as long as files are being shared between computers. Another way of catching a computer virus is by downloading a file from the Internet or online service and running it. Most viruses on the Internet are disguised as e-mail attachments. These attachments are often program files or office documents containing macros. There are also certain web pages that contain harmful programming code that may transfer into a computer system as a harmful virus or virus-like codes.