Antivirus and Malware Protection

One way that hackers gain access to secure information is through malware, which includes computer viruses, spyware, worms, and other programs. These pieces of code are installed on computers to steal information, limit usability, record user actions, or destroy data. Using strong antivirus software is one of the best ways of improving information security. Antivirus programs scan the system to check for any known malicious software, and most will warn the user if he or she is on a webpage that contains a potential virus. Most programs will also perform a scan of the entire system on command, identifying and destroying any harmful objects.

Most operating systems include a basic antivirus program that will help protect the computer to some degree. The most secure programs are typically those available for a monthly subscription or one-time fee, and which can be downloaded online or purchased in a store. Antivirus software can also be downloaded for free online, although these programs may offer fewer features and less protection than paid versions.

Even the best antivirus programs usually need to be updated regularly to keep up with the new malware, and most software will alert the user when a new update is available for downloading. Users must be aware of the name and contact method of each anti-virus program they own, however, as some viruses will pose as security programs in order to get an unsuspecting user to download and install more malware. Running a full computer scan on a weekly basis is a good way to weed out potentially malicious programs.

Firewalls

A firewall helps maintain computer information security by preventing unauthorized access to a network. There are several ways to do this, including by limiting the types of data allowed in and out of the network, re-routing network information through a proxy server to hide the real address of the computer, or by monitoring the characteristics of the data to determine if it's trustworthy. In essence, firewalls filter the information that passes through them, only allowing authorized content in. Specific websites, protocols (like File Transfer Protocol or FTP), and even words can be blocked from coming in, as can outside access to computers within the firewall.

Most computer operating systems include a pre-installed firewall program, but independent programs can also be purchased for additional security options. Together with an antivirus package, firewalls significantly increase information security by reducing the chance that a hacker will gain access to private data. Without a firewall, secure data is more vulnerable to attack.

Codes and Cyphers

Encoding data is one of the oldest ways of securing written information. Governments and military organizations often use encryption systems to ensure that secret messages will be unreadable if they are intercepted by the wrong person. Encryption methods can include simple substitution codes, like switching each letter for a corresponding number, or more complex systems that require complicated algorithms for decryption. As long as the code method is kept secret, encryption can be a good basic method of information security.

On computers systems, there are a number of ways to encrypt data to make it more secure. With a symmetric key system, only the sender and the receiver have the code that allows the data to be read. Public or asymmetric key encryption involves using two keys — one that is publicly available so that anyone can encrypt data with it, and one that is private, so only the person with that key can read the data that has been encoded. Secure socket layers use digital certificates, which confirm that the connected computers are who they say they are, and both symmetric and asymmetric keys to encrypt the information being passed between computers.

Legal Liability

Businesses and industries can also maintain information security by using privacy laws. Workers at a company that handles secure data may be required to sign non-disclosure agreements (NDAs), which forbid them from revealing or discussing any classified topics. If an employee attempts to give or sell secrets to a competitor or other unapproved source, the company can use the NDA as grounds for legal proceedings. The use of liability laws can help companies preserve their trademarks, internal processes, and research with some degree of reliability.

Training and Common Sense

One of the greatest dangers to computer data security is human error or ignorance. Those responsible for using or running a computer network must be carefully trained in order to avoid accidentally opening the system to hackers. In the workplace, creating a training program that includes information on existing security measures as well as permitted and prohibited computer usage can reduce breaches in internal security. Family members on a home network should be taught about running virus scans, identifying potential Internet threats, and protecting personal information online.

In business and personal behavior, the importance of maintaining information security through caution and common sense cannot be understated. A person who gives out personal information, such as a home address or telephone number, without considering the consequences may quickly find himself the victim of scams, spam, and identity theft. Likewise, a business that doesn't establish a strong chain of command for keeping data secure, or provides inadequate security training for workers, creates an unstable security system. By taking the time to ensure that data is handed out carefully and to reputable sources, the risk of a security breach can be significantly reduced.

7.2 Security Software.

Security software is computer software which is designed to enhance security for an individual computer or for a computer network. This software is meant to be used as part of a total security plan, rather than as a standalone security measure. Numerous software companies make security products, ranging from freeware which can be downloaded by individual computer users to specialty programs designed for particular networks, such as those used to store information for governments.

Security software can serve a number of security functions. Some programs are designed for a single and specific purpose, such as spyware removal, while others can accomplish several functions. Security software is used to establish firewalls, to detect and remove viruses, to secure information on a network, to detect attacks on a computer or network, and so forth. As a general rule, it runs all the time, providing background protection, and users can also run utilities to scan their computers for specific computer threats.

Such software can also be used for access filtering. With some computers and networks, access filtering may be desired to keep people away from sites which could threaten security, such as sites which automatically start downloads of malicious code. Access filtering may also be utilized to ensure that people in the workplace only access work-appropriate sites, and to protect young computer users such as children from material which could be threatening or dangerous.

Most programs are highly flexible. The program may have settings which ensure that only an administrator can execute certain tasks with the program, and the program can be configured to meet the needs of a specific system. Security software programs can also be directed to issue reports which are sent to an administrator when problems are detected. They can also be used to secure specific content on a particular computer; for example, someone can create password protected files or directories with security software to limit unauthorized access.

The term “security software” is also used to describe cryptographic software. This software is used to send and receive encoded messages, ensuring that even if a message is intercepted, it will not be readable. Truly robust cryptographic software which is extremely difficult to crack can be quite costly and resource intensive, while basic programs provide a low level of encryption for people who want moderately secure communications.

Reviews of security software are available through many reputable websites and computer magazines. Such reviews discuss the cost, ease of use, installation process, and other features to help consumers make an informed choice about which product will be most suitable.

7.3 What Is a Cyberattack?

A cyberattack is an attempt to undermine or compromise the function of a computer-based system, or attempt to track the online movements of individuals without their permission. Attacks of this type may be undetectable to the end user or network administrator, or lead to such a total disruption of the network that none of the users can perform even the most rudimentary of tasks. Because of the increasing sophistication of these kinds of network attacks, the development of effective software defenses is an ongoing process.

It is important to understand that a cyberattack can be relatively innocuous and not cause any type of damage to equipment or systems. This is the case with the clandestine downloading of spyware onto a server or hard drive without the knowledge or consent of the owner of the equipment. With this type of cyberattack, the main goal is usually to gather information that ranges from tracking the general movements and searches conducted by authorized users to copying and forwarding key documents or information that is saved on the hard drive or server. While the ultimate goal is to capture and transmit information that will help the recipient achieve some sort of financial gain, the spyware runs quietly in the background and is highly unlikely to prevent any of the usual functions of the system from taking place.

However, a cyberattack can be malevolent in its intent. This is true with viruses that are designed to disable the functionality of a network or even a single computer that is connected to the Internet. In situations of this nature, the purpose is not to gather information without anyone noticing, but to create problems for anyone who uses the attacked network or computers connected with that network. The end result can be loss of time and revenue and possibly the disruption of the delivery of goods and services to customers of the company impacted by the attack. Many businesses today take steps to ensure network security is constantly being enhanced to prevent these types of malicious computer attacks.

Attempts by cyberterrorists to interfere with the function of power grids and other means of delivering public services are also classified as cyberattacks. Because attacks of this kind can quickly cripple the infrastructure of a country, they are considered an ideal means of weakening a nation. A strategy utilizing a series of cyberattacks timed to simultaneously disrupt several different key systems can, in theory, render a nation unable to successfully overcome any of the attacks before a great deal of damage has taken place. Fortunately, many nations recognize the very real threat of cyberterrorism and take steps to protect government and public service systems from any type of Internet attack, as well as the manual introduction of software that could disrupt the systems.

Just as governments and corporations must be aware of the potential for a cyberattack to occur, individuals must also take steps to protect their home computers and related equipment from sustaining an attack. A basic preventive measure is to secure high quality anti-virus and anti-spyware software, and update it on a regular basis. End users should also make sure to scan and files or programs that are stored on a CDR or similar remote storage system before loading them onto a hard drive.

7.4 Different Types of IT Security Qualifications.

Information technology (IT) security professionals are responsible for making sure that all of an organization's software, telecommunication devices, telecommunications programs and networks are protected against intruders. They do this by installing firewalls, which block access from unauthorized locations, and by developing passwords and other deterrents. IT security professionals must keep up with new threats, such as viruses and hacking methods, so they can develop new defenses against these security risks. Some of the most common IT security qualifications are undergraduate and graduate degrees in fields such as computer science and information systems — normally with concentrations in security. Other IT security qualifications depend on the level of responsibility that is associated with a particular position.

For entry-level positions, IT security qualifications might require only some academic preparation. Many people take these positions as interns while still in their college programs. They might apply security principles that they learn in class to the work they do in an IT department under close supervision of established IT security professionals. In many cases, IT security qualifications for these lower-level positions might also include references from instructors who can attest to an individual's understanding of IT security concepts and perhaps professional references that show that an individual is able to follow instructions and work in a professional environment.

People who are interested in higher-level positions in which they might actually design security solutions and perform risk management generally must satisfy IT security qualifications that include significant amounts of technical and management experience. People in these positions have to be deeply familiar with operating systems and software. They must understand their vulnerabilities and know which solutions typically are prescribed to deal with these flaws. Project management, which includes the development and implementation of security processes and solutions, requires professionals who are able to effectively delegate tasks and complete projects in allotted periods of time and under budgetary constraints.

In most cases, IT security qualifications also include the ability to communicate clearly in various ways. Most positions require that individuals can write clear reports that describe issues such as system vulnerabilities and possible solutions. In many cases, higher-level IT security professionals must give presentations in which they use graphs and written text to convince managers and executives that certain threats exist and that only particular solutions apply.

Professional certification and membership in professional associations related to IT security might not be considered IT security qualifications by many employers, but they can help job candidates to stand apart from the competition. These credentials can show that a person keeps up with current trends and concerns. It also is common for people who have these professional connections to read trade publications and attend presentations where they can learn about new products and ideas in the field of IT security.

Наши рекомендации