Hi – I choose to research computer security devices. The presentation is posted on the wiki within the assignment week 3 tab. I’ll start off by reviewing what computer security is, why we need it, and then discuss a few various types of security.
A security device is a type of hardware or software mechanism that sits between your personal computer or network and the public. It systematically protects against unauthorized access. There are four main reasons why we project our computer or network. For confidentiality.. To keep our data private from anyone we don’t want to access to it. For integrity so that information is not changed or altered without our knowledge. For authentication so that we can identify that the user is who they claim to be and for availability so that the user identified can access secured information. Computer Security for corporations is typically more heightened than for your home computer security. For example, IBM requires that I pass three sets of password logins from the time I start my laptop to the moment I can access my email. When using my home computer, I use one password to log into my personal email. There are a variety of different types and brands of security devices and software to choose from and many home security software can even be accessed via free downloads.
Well we wouldn’t need security if our computers were never linked to a network of computers or to the internet. The internet allows anyone and everyone to potentially hijack our information We use security devices to block intruders, keep our data safe, protect our hardware and data from viruses and many of the other malware roaming around the wwww. Corporations may use security to keep employees from gaining access to certain web sites while they are working and to comply with federal security regulations such as Sarbanes Oxley.
Firewalls and Anti-Virus/Anti-spyware devices are the most commonly used types of security. I will discuss those in further detail in the next few slides. Logins and passwords are often overlooked, but can be one of your greatest security tools. We are seeing more and more sites create password rules in order to make sure you are created a “hard to hijack” password. Make your passwords someone complicated with lowercase and uppercase letter, #’s, characters, and don’t use friends or relatives names or identifiable #’s such as phone #’s, ss #’s. VPN (virtual private network) allows connectivity to a network over a long physical distance. VPNs are very popular in organizations and often used to allow employees remote access to the companies network. The secure access happens through a VPN key or encryption and provides both authentication and confidentiality Data Encryption and file encryption is the simplist and old form on security. Ecryption codes or scrambles your data so that it is unreadable to any one who does not have permission to access it. For example, some emails tat come through on my blackberry are encrypted because the sender does not want just anyone to pick up my pone and read the message. I would have to login into my email to read the message.
A firewall is said to be the most significant computer security. It not only prevents unauthorized or maliscious access from entering your network or computer system, but it also helps prevent your data from leaving your system without your knowledge. Firewalls are filter based on customized settings and they operate using 1 of 2 types of filters. A Packet filter analyzes packets of data that attempt to cross the firewall into your system. Packets are only allowed to cross the firewall when they meet the criteria set. The disadvantages of packet filtering are that it can cause performance issues as it slows the flow of data and experienced hackers can replicate the packet type and port #’s in order to meet the criteria and gain access. Proxy Filtering is much different and can be safer than packet filtering. When using proxy filtering the firewall acts a large data storage. Requests are made and retrieved from the proxy, as the actual computer is not directly connected to the internet You can also choose between a hardware or software type firewalls. Hardware firewalls are typically used between a network of computers and the internet connection. We see hardware firewalls more often in organization with a larger networks. and software firewalls are typically used with a personal computer connected directly to the internet. A hardware firewall is generally more secure, more reliable, and work independently or your computer system and since prices are coming down on them, some home users have chosen to set up one of these as well. However they are still more expensive than software firewalls and are harder to upgrade and repair. Software firewalls are cheap or even free, simple to install and upgrade, but they can be difficult to disable or remove. . A firewall does not protect your computer completely, you should use other types of security such as anti virus software.
Here I’ve identified several different hardware and software firewall products. Your hardware firewall can be either wired, wireless (which we typically see today), or broadband. IBM uses Symantec, and at home my simple Cisco router acts has my hardware firewall. Prices range from 40 to tens of thousand for a hardware firewall system. As far as the software firewall go, I had not heard of any of these products prior to this research. On a consumer research site, Online Armor was rated the best personal firewall for its ease of use and lack of system slow down. These range from 20-60 per year for service. The best rated free software download was Comodo and consumers said that it was better than most firewalls you pay for and it also includes antivirus and anti-spyware software. And if you have Microsoft XP or Vista your system include a built in firewall that you activate if its not already running.
- Heuristics is the application of experience-derived knowledge to a problem and is sometimes used to describe software that screens and filters out messages likely to contain a computer virus or other undesirable content. A heuristic (pronounced hyu-RIS-tik and from the Greek "heuriskein" meaning "to discover") is a "rule-of-thumb." Heuristics software looks for known sources, commonly-used text phrases, and transmission or content patterns that experience has shown to be associated with e-mail containing viruses. Because many companies or users receive a large volume of e-mail and because legitimate e-mail may also fall into the pattern, heuristics software sometimes results in many "false positives," discouraging its use. Security experts note that, although such software needs to get better, it is a valuable and necessary tool. heuristic scanning looks for certain instructions or commands within a program that are not found in typical application programs. As a result, a heuristic engine is able to detect potentially malicious functionality in new, previously unexamined, malicious functionality such as the replication mechanism of a virus, the distribution routine of a worm or the payload of a trojan They do this by employing either weight-based systems and/or rule-based systems (both of which will be explained in greater detail later in this paper). A heuristic engine based on a weight-based system, which is a quite old styled approach, rates every functionality that is detected with a certain weight according to the degree of danger it may pose. If the sum of those weights reaches a certain threshold, also an alarm can be triggered. Virus dictionary approach In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file. To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries. Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis. Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary. Suspicious behavior approach The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do. Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it also sounds a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the anti-virus software is obviously useless to that user. This problem has especially been made worse over the past 7 years, since many more nonmalicious program designs chose to modify other .exes without regards to this false positive issue. Thus, most modern anti virus software uses this technique less and less. Other ways to detect viruses Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immeadeatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives. Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans. User education is as important as anti-virus software; simply training users in safe computing practices, such as not downloading and executing unknown programs from the Internet, would slow the spread of viruses, without the need of anti-virus software. Computer users should not always run with administrator access to their own machine. If they would simply run in user mode then some types of viruses would not be able to spread. The dictionary approach to detecting viruses is often insufficient due to the continual creation of new viruses, yet the suspicious behavior approach is ineffective due to the false positive problem; hence, the current understanding of anti-virus software will never conquer computer viruses. A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. All computer viruses are man-made and they can also replicate themselves by making a copy of themselves over and over again. Even such a simple virus is dangerous, because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. When people talk about a computer virus, they generally call different types of computer viruses, like worms or Trojan horses a "virus". While the words (Trojan, worm and virus) are often used interchangeably, they are technically not the same. However, what they have in common is that they all are malicious programs that can cause damage to your computer. They also can be found and removed by the same security program (for the purpose of this article, we also use the word virus to describe all three types of threats). Spyware as the name suggests is software that spy’s on you and collects information on your internet usage. The computer user will be unaware that this is happening as spyware software applications are usually hidden components in both freeware and shareware programs that can be downloaded from the internet. Spyware is installed without your knowledge or consent and poses some very real threats. Once spyware software has been installed onto your computer it will actively begin monitoring your activity on the internet and will transmit all the information it gathers onto its owner which is usually an advertiser of some sorts. Spyware software is very dangerous and this illegal software can record your internet history, passwords, and keystrokes, and some spyware can also record other confidential and private information. The only proven and successful way to get rid of spyware is to install a spyware blocker or anti-spyware software. These are available in both free and paid software versions. If you use the internet, for whatever use, you should also use a spyware blocker or spyware removal software. It is also essential that you run this spyware removal software daily to remove any threats to your personal information. Doing this will not only help to keep your internet usage and private information safe but it will also help to keep your computer running efficiently. Spyware software is as mentioned very dangerous and allowing your personal information which can include passwords and bank details to get into the hands of the wrong people can prove detrimental. Act now and install anti-spyware software and keep your information safe. Most times, the only way to remove spyware from your computer is to install spyware software, or anti spyware software. This software will take care of that nasty spyware quickly. Anti spyware software works a few different ways. They can either do a scan of your system to see if there is presently any spyware installed, or the anti spyware program will actively protect your system from spyware that is attacking your computer presently. The first type of protection, the scan, is used for detecting and removing the current spyware that is installed on your computer. This is usually how anti spyware software works, and it is usually the most popular. You can usually do a quick scan, or a smart scan, which will scan only some of the files in your computer which spyware is known to regularly infect and install. The good thing about this is that the scan will find a lot of spyware, or most of the spyware fairly quickly. The downside is that the scan is not going through all the files in your computer. The other option is a full scan. The full scan takes longer, but it will scan your entire computer and maximize its chances at finding all the spyware. The anti virus software will run the scan in the background while you can still do work on your computer. The other way the anti spyware software will protect your computer is through real time protection. Now, some software may contain each type of protection, or a combination of the two. Having both types is best. This way you can have your computer actively protected against spyware attacks all the time. A pop up window, a small one, will sometimes come up alerting you that a spyware attack has been blocked. It happens maybe once a day with my program. With the addition of new spyware, anti spyware programs have to become increasingly good at detecting and removing spyware to satisfy the user. No one wants spyware on their machine, it steals your personal information and takes up bandwidth, ultimately slowing your connection and stealing your information. Make sure your anti spyware software updates itself automatically to the latest spyware definitions so it can properly defend your computer against spyware.