Many of the day-to-day activities in developed countries depend, to a greater or lesser extent, on computer systems and networks, and computer security is very important there. The impressive growth of the Internet and telematics services (such as e-commerce, broadband multimedia services, e-government, and communication tools such as e-mail or videoconferencing) has helped to further popularize the use of computing and computer networks. Currently, they are not only used in the work and professional sphere, but have also become a common part of many homes, increasingly affecting the communication and leisure activities of citizens.
On the other hand, essential services for a modern society, such as financial services, control of electricity production and supply (power plants, distribution and transformation networks), means of transport (air and land traffic control), health (computerised medical records, telemedicine), supply networks (water, gas and sanitation) and the Public Administration itself, they rely heavily on computer systems and networks. In many cases, the use of paper and manual processes have been eliminated or drastically reduced.
In companies, the growing complexity of their relationships with the environment and the large number of transactions they carry out as part of their activity have led to many of their processes being supported in an automated and computerized way. This trend has accelerated with the implementation of ERP, comprehensive management software packages.
For a better understanding of the aforementioned concepts, tasks are added to be carried out that have to do with the point that is being discussed and that can be useful for teachers or students.
WHAT IS COMPUTER SECURITY
Nowadays, the proper functioning of computer systems and networks is essential for the daily activities of companies, Public Administrations, various institutions and bodies, and citizens in general. This correct operation is especially crucial to ensure safety.
Therefore, great importance must be given to all aspects related to computer security within an organization. The proliferation of viruses and malicious code and their rapid spread through networks such as the internet, along with the numerous attacks and security incidents that occur every year, have generated increased interest in this area.
Computer Security can be defined as any measure that prevents the execution of unauthorized operations on a computer system or network. These measures must prevent damage to information, compromise its confidentiality, authenticity or integrity, reduce the performance of computers or block access to the system by authorized users.
In addition, it is crucial to consider other aspects related to Computer Security:
- Compliance with the legal regulations applicable to each sector or type of organization, according to the legal framework of each country.
- Control of access to the services offered and the information stored in a computer system.
- Control of access to and use of files protected by law, such as copyrighted digital content and files with personal data.
- Identification of the authors of the information or messages.
- Record of the use of the services of a computer system, among others.
From a broader perspective, ISO/IEC 17799 defines Information Security as the preservation of its confidentiality, integrity, and availability. These measures are known by the acronym “CIA”: Confidentiality, Integrity, Availability.dencialidad, integridad y disponibilidad. Estas medidas se conocen por el acrónimo “CIA” en inglés: Confidentiality (confidencialidad), Integrity (integridad), Availability (disponibilidad).
Depending on the type of information an organization handles and the processes it performs, it may place more importance on ensuring the confidentiality, integrity, or availability of its information assets.
On the other hand, ISO 7498 describes Computer Security as a set of mechanisms designed to minimize the vulnerability of assets and resources within an organization.
Task to be performed
Imagine that you are responsible for information security in a financial consulting company. The company handles highly confidential information of its clients, including financial data, investment strategies, and other sensitive information.
Answer the following questions considering the principles of confidentiality, integrity, and availability:
to. Confidentiality:
– What are the main security risks that could compromise the confidentiality of information in your company? Provide at least three measures you would implement to ensure the confidentiality of the information.
b. Integrity:
– How would you ensure the integrity of your customers’ critical financial data? Explain how you would detect and handle a possible unauthorized alteration of the information.
c. Availability:
– What are the possible events or situations that could affect the availability of information in your company? List at least three strategies you would implement to ensure the availability of information at all times.
OBJECTIVES OF COMPUTER SECURITY
Among the main objectives of Computer Security are:
- Reduce and manage risks, as well as identify potential security issues and threats.
- Ensure proper use of system resources and applications.
- Limit losses and ensure proper recovery of the system in the event of a security incident.
- Comply with the legal framework and the requirements established by customers in their contracts.
To achieve these objectives, an organization must consider four areas of action:
- Technical: covering both the physical and logical levels.
- Legal: In some countries, the law requires the implementation of security measures in certain sectors, such as finance and healthcare in the United States, and the protection of personal data in all European Union member states, among others.
- Human: includes the awareness and training of employees and managers, as well as the definition of roles and responsibilities of staff.
- Organizational: refers to the definition and implementation of security policies, plans, standards, procedures and good practices.
INFORMATION SECURITY SERVICES
To achieve the goals mentioned above, the IT security management process must include several information security services or functions:
- Confidentiality: This service ensures that every message transmitted or stored on a computer system can only be read by its legitimate recipient. If the message falls into the hands of third parties, they will not be able to access its original content. Therefore, this service ensures the confidentiality of data stored on a computer, on backup devices and/or on data transmitted over communications networks.
- Authentication: Authentication ensures that the identity of the creator of a message or document is legitimate, allowing the recipient to be sure that the sender is who they say they are. Likewise, you can talk about the authenticity of a computer that connects to a network or tries to access a service. Authentication can be unilateral, guaranteeing only the identity of the computer (user or terminal that connects to the network), or mutual, in which both the network or server and the computer, user or terminal that establishes the connection authenticate each other.
- Integrity: This feature ensures that a message or file has not been altered since its creation or during transmission over a computer network. In this way, it is possible to detect if any data has been added or deleted in a message or file stored, processed or transmitted by a computer system or network.
- Non-Repudiation: This security service aims to implement a testing mechanism that allows the authorship and sending of a specific message to be demonstrated, so that the user who has created and sent it cannot later deny having done so. This feature also applies to the recipient of the message. It is especially important in commercial transactions, providing legal certainty to buyers and sellers. In a computer system, a distinction is made between non-repudiation of origin and non-repudiation of destination.
- Availability: The availability of a computer system is crucial to meet its objectives, as it must be robust enough against attacks and interference to ensure its proper functioning. This ensures that the system is always available to users who need to access its services. In addition, availability includes the system’s ability to recover from security incidents, as well as natural or intentional disasters (fires, floods, sabotage, etc.). Importantly, the other security services are useless if the system is not available to its legitimate users and owners.
- Authorization (control of access to computers and services): The authorization service controls user access to the different computers and services of the computer system, once each user has passed the authentication process. To do this, Access Control Lists (ACLs) are defined that relate users and groups of users with their respective permissions to access system resources.
- Replication protection: This security service focuses on preventing “replay attacks” by malicious users, which consist of intercepting and forwarding messages to trick the system and cause unwanted operations, such as executing the same banking transaction multiple times. To do this, sequence numbers or temporary stamps are used on all messages and documents that need protection, so that repetitions of messages already received by the recipient can be detected and deleted.
- Confirmation of the provision of a service or execution of a transaction: This security service allows you to confirm that an operation or transaction has been carried out, indicating the users or entities that have participated in it.
- Time reference (date certification): This security service demonstrates the exact time when a message was sent or a specific operation was performed, usually using a UTC (Universal Time Clock) reference. To do this, a temporary stamp is applied to the message or document in question.
- Certification by trusted third parties: Conducting transactions through electronic means requires new security requirements to ensure the authentication of the parties involved, the integrity and content of messages, and confirmation of the operation or communication at a specific time. To offer these security services, “Trusted Third Parties” are used, bodies that certify the execution and content of the operations and guarantee the identity of the participants, thus providing greater legal certainty to electronic transactions.
CONSEQUENCES OF LACK OF SECURITY
When examining the potential consequences of a lack or inadequacy of IT security measures, assessing the full impact on an organization can be complex. In addition to the damage that may be suffered by stored information and network equipment, it is crucial to consider other significant damages to the entity:
- Time spent on repairs and reconfiguration: A considerable number of hours are required to correct faults and restore the operation of systems and networks.
- Economic losses due to the unavailability of applications and services: Lack of access to these resources carries a significant opportunity cost.
- Theft and disclosure of confidential information: Sensitive data such as formulas, designs, business strategies, and computer programs can be exposed to unauthorized third parties.
- Personal data breach: The disclosure of employee, customer, supplier and candidate information may result in penalties for non-compliance with data protection legislation, in force in the European Union and other countries.
- Negative impact on corporate image: Loss of credibility and damaged reputation can affect the trust of customers and suppliers.
- Production delays and loss of opportunities: Disruption in processes can lead to delays, lost orders, and affect service quality.
- Risks to people’s health and safety: In extreme cases, security incidents can put human life at risk.
- Compensation costs and legal liabilities: The organization could face financial and legal penalties, as well as the risk of facing civil and criminal penalties for breaches related to privacy and copyright protections.
Task to be performed
Organizations that fail to implement adequate computer security measures could face serious consequences under various laws and court decisions.
Visit Mailinator.com:
1.Explore the Mailinator website (https://www.mailinator.com/) and understand how this disposable email service works.
2. Add a common name in English such as John, Peter, Charles and access that mailbox
3.Send an email to the address created in Mailinator.
4. Notice how Mailinator handles incoming emails and how they can be accessed without registration.
Use VirusTotal.com:
- Go to the VirusTotal (https://www.virustotal.com/) website and explore its features.
- Upload a suspicious or unknown file to VirusTotal to scan for potential threats from viruses, malware, or other types of malware.
- Examine the results of the scans provided by VirusTotal and understand how to interpret them.
- Research how VirusTotal uses multiple antivirus engines to scan files and determine their safety.
PRINCIPLE OF “DEFENSE IN DEPTH” INFORMATION SECURITY MANAGEMENT
The principle of “Defense in Depth” is based on establishing multiple layers of security in an organization’s computer system. This means that if an attacker manages to overcome one of these “barriers,” there are additional measures to complicate and delay their access to sensitive information or control of critical system resources. These layers of security include:
- Perimeter Security: Such as firewalls, proxies, and other devices that form the first line of defense.
- Server Security: Specific measures to protect servers.
- Audits and Monitoring: Continuous tracking and analysis of security events.
By implementing this strategy, the number of potential attackers is also significantly reduced, as less experienced attackers and script kiddies tend to attack more vulnerable and accessible systems, avoiding those with multiple layers of protection.istemas más vulnerables y accesibles, evitando aquellos con múltiples capas de protección.