Computer security is an important issue and threats to the computer must be countered through various access controls and safety measures. Authorized accesses, avoidance of malicious software and prevention of applications from hackers are the steps that make a system secure. The fundamentals of computer security include an understanding of security policy stating laws, practices, and regulations to manage and protect sensitive information. Enforcing a devised security policy and assurance of policy implementation are other important aspects of computer security (Paulauskas and Garsva 84). Computer security has various characterizations. First comes the information technology (IT) security based on three key points: Confidentiality, Integrity, and Availability. Confidentiality refers to maintain the secrecy of any information. Integrity deals with the management of unauthorized alteration of information and availability refer the anticipation of unauthorized maintenance of information. These form a part of larger security threats that are discussed in detail later in the paper. Computer security is an important issue that needs tackling at all levels and the threats to PCs increases by each passing day (Paulauskas and Garsva 84).
The paper aims to study the security threats to personal computers. The security threats, policies, and appropriate security mechanisms are discussed to understand the threat. The paper discusses the background of security threats and then details some of the procedures and security mechanisms for personal computers.
Security Threats
There are four kinds of security threats, Interception, Interruption, Modification, and Fabrication.
Interception
Interception is an unauthorized access to data. Interception occurs when someone else who is not supposed to listen to that conversation intercepts communication between two entities. The interception in case of computer systems is the illegal access to data communication or breaking into the private directory of the personal computer’s file system (Paulauskas and Garsva 85).
Interruption
Interruption is the situation when a computer or a system’s data or services become unavailable, destroyed or corrupted, and unusable. An example of interruption is the DoS (Denial of Service) attacks by malicious software that make a service or a system unavailable (Paulauskas and Garsva 85).
Modification
The modification involves unauthorized tampering of data or a service on a computer system. The modification is preceded by interception and subsequently tampering of the transmitted data. The tampering may also include changes to database entries or system programs and secretly stores the activities of the user of the personal computer. The data gathered by the malicious software is uploaded to a server. The presence of such malicious software also causes damage to the computer file system (Paulauskas and Garsva 85).
Fabrication
Fabrication refers to a generation of additional activity or data that does not exist normally. An example is adding an entry into database or password file through an intruder software program. Another example is resending of sent messages by breaking into a system (Paulauskas and Garsva 86).
A serious threat to PC security is Malware. Malware is a malicious code that includes worms, Trojan horses and viruses (Yost 6). Popular tools such as emails, instant messages, and downloadable files are used for their distribution. Figure 1, is an infographic from Kaspersky (a security software company) describing security threats to a PC.
Figure 1: Malware Threat. (usa.kaspersky.com)
Security Policy
All the four classifications of security threats are data falsification techniques that can be protected by building a secure system. In order to protect the system completely, a robust security policy must be in place. A security policy specifies the entities or locations in a computer that are accessible to users based on their profiles or privileges. The defined entities in a security policy include users, data, file paths, services, and if on a network, then machines. After constituting a policy, it becomes easy to focus on the security mechanism for enforcing the policy (Yost 7).
Security Mechanism
Encryption
Encryption is the basic element of computer security. Encryption process transforms data into a form that becomes unreadable for an unauthorized person or program. Encryption ensures confidentiality and integrity. Encryption is also secured against data modification. Cryptography is an encryption technique for securing data and systems so that only authorized persons can access those. An example of encryption technique includes Symmetric key-based Advanced Encryption Standard (AES) algorithm (Bishop).
Authentication
Authentication enables verification of the identity of the user or services that intends to access a computer system. In general, authentication is through passwords and for personal computers; there are other ways of authentication like voice and optical based authentications (Paulauskas and Garsva, 87).
Authorization
The next stage after successful authentication is Authorization. Authorization ensures that only authorized people can access only those sections of the computer system that they are allowed to access. For example, an administrator might be authorized to install new programs on a computer while a user can only view, access or play those programs but cannot modify. Another example is access to records in a database system (Paulauskas and Garsva 87).
Auditing
Auditing is an important activity in computer security as it keeps a trace of what all sections and data a user or a client accessed. Auditing is not a protection mechanism against security threats, but it is extremely useful for the purpose of analysis and investigation in the event of a security breach. Audit logs also provide a basis for modifications and enhancements to security policies and identification of attackers (Bishop).
Works Cited
Bishop, Matt. "Computer Security in the Future." The ISC International Journal of
Information Security 3.1 (2015). Web.
Paulauskas, N., and E. Garsva. "Computer system attack classification." Elektronika ir
Elektrotechnika 66.2 (2015): 84-87. Web.
usa.kaspersky.com,. 'Multi-Device Security'. N.p., 2015. Web. 10 July 2015.
Yost, Jeffrey R. "Computer Security [Guest editors' introduction]." Annals of the History of
Computing, IEEE 37.2 (2015): 6-7. Web.
