IT Security or Cybersecurity

Today’s world is increasingly dependent on computers, computer networks, and the data stored and transmitted over the network. Computer systems comprise of a very wide variety of "smart" devices, including smartphones, televisions and several tiny devices which are mostly live online. Also, networks include not only the Internet and private data networks, but also Wi-Fi, Bluetooth and numerous other wireless networks. Hence, it remains very vital to safeguard them against several vulnerabilities. Computer security, also known as cybersecurity or IT security are different forms of digital security applied to safeguard computers, computer networks and most importantly - the data stored and transmitted with their usage. Computer security shields all the processes and tools by which digital equipment, information and services are protected from unwanted or unauthorized access or destruction. It also includes the process of deploying effective security measures to guarantee confidentiality, integrity, and accessibility of data both in transit or otherwise.

User Activity Monitoring

IT Security & Cyber Security
  • User Activity Monitoring Solutions
  • Identify & Reduce Veulerabilities
  • VeriatoSoft & SoftActivity Software

Details

Anti-Virus

Computer Virus Detection
  • Bitdefender Antivirus Solutions
  • Cloud Based Enterprise Protection
  • Virus & Malicious Software Detection

Details

Computing Vulnerabilities
Vulnerability in computing language is a system exposure or defect by which a cyber-exploitation is made possible. An exploitable vulnerability is one for which at least one functioning attack or exploiter exists.

To understand the techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it. We have listed below several of such threats, typically classified into one of the following categories.

Direct-access attacks
An unapproved user gaining physical access to a computer is usually able to compromise its security by making several operating system modifications, installing software which works as worms, keyloggers, or covert listening devices. They may be able to easily access & download data. Even when the system is protected by standard security measures, these may be able to be by passed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption & Trusted Platform Module (TPM) are aimed at preventing such attacks.

Backdoors
A backdoor in a computer system, an algorithm or a cryptosystem, is any secret method of evading normal authentication methods or security controls deployed on the computer.

Denial-of-service attack
Denial of service attacks are intended to make a computer or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked out. They may even overload the capabilities of a computer, server or network to block all users together at once.

An attack from a single IP address can be blocked by adding a new firewall rule. However, many forms of Distributed denial of service (DDoS) attacks are probable, where the attack comes from a large number of points, making defense much more difficult. Such attacks can originate from the zombie computers of a botnet, but a range of other techniques are possible including reflection and amplification assaults, where innocent systems are tricked into sending traffic or data to the victim.

Spoofing
Spoofing of user identity describes a situation in which one person or program successfully pretends as another user by falsifying identification data & information.

Tampering
Tampering describes a malicious modification of products. Examples of tampering include "Evil Maid" attacks & security services planting of surveillance capability into routers and other network switching devices.

Eavesdropping
Eavesdropping is the act of sneakily listening to a private conversation, typically between hosts over a network. For example, programs such as Carnivore, NarusInsight etc. have been used by the cyber intelligence agencies to snoop on the systems of internet service providers. Even machines that operate as a closed network (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware.

Data Leak
Privacy breach or data leak & similar information disclosure describes a situation where information, thought to be secure, is disclosed in an untrusted environment.

Computer Exploits
An exploit is a software tool designed to gain from a flaw in a computer or network system. This often includes gaining control of a computer system, allowing privilege acceleration, or creating a denial of service attack. The code from exploits is frequently reused in Trojan horses and computer viruses. In some cases, vulnerability can lie in certain programs' processing of a specific file type, such as a non-executable media file.

Privilege escalation
Privilege escalation describes a situation where attackers obtain higher privileges or access to resources that were once restricted to them.

Social engineering and Trojans
Social engineering are forms of cryptographic attacks that aim to convince a user to disclose secrets such as passwords, bank card numbers, etc. by, for example, impersonating a bank, a customer or a contractor.

Repudiation
Repudiation describes a condition in which the legitimacy of a signature is being challenged.

Indirect attacks
An indirect attack is a planned and systematic attack launched by a third-party’s computer which helps to mask the actual attacker. By using someone else's computer to launch an attack, it becomes far more difficult to trace the actual attacker. There have also been instances where attackers took advantage of public anonymizing systems, to launch indirect or masked attacks.

Computer crime
Computer crime refers to any crime that is carried out involving a computer and a network.

Financial systems
Web sites that accept or store credit card numbers and bank account information always remain prominent hacking targets, due to the potential for immediate financial gain from transferring money, making purchases, or selling the information on the black market. In-store or retail payment systems and ATMs have also been tampered with in order to gather customer account data and PINs.

Countermeasures against Vulnerabilities
In computer security, a countermeasure is an action, procedure, device or method that moderates a threat, vulnerability, or an attack by eliminating or preventing it and by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.

Some of the usual countermeasures are listed below:

Reducing vulnerabilities
Computer code is a form of mathematics. In theory, it is possible to demonstrate the correctness of certain classes of computer programs, though the feasibility of actually achieving this in large-scale practical systems is usually small.

It is also possible to protect messages in transmission by means of cryptography. One method of encryption—the one-time pad—is unbreakable when correctly used. The method uses a matching pair of key-codes, securely distributed, which are used only once to encode and decode a single message. The same code cannot be reused. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually difficult to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext, at either end of the transmission, or some other extra cryptanalytic data.

Two factor authentications are gaining much interests and practice today. It is a method for alleviating unauthorized access to a system or sensitive data. It requires “something you know” to perform a two factor authentication. This can be a password or PIN, and “something you have”; a dongle, a card, cellphone, or other piece of hardware. This upturns security as an unauthorized person needs both of these to gain access.

Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly controlled environment, such as in military establishments, social engineering attacks can still be difficult to predict and prevent.

Trusting computer program code to behave securely has been trailed for years. It has proven difficult to regulate what code 'will never do.' Mathematical proofs are deceptive in part because it is so difficult to define secure behavior even theoretically, let alone mathematically. In practice, only a small fraction of computer program code is mathematically proven, or even goes through wide-ranging information technology audits or economical but extremely valuable computer security audits, so it is usually possible for a determined hacker to read, copy, alter or destroy data in well secured computers, although at the cost of great time and resources. Few attackers would audit applications for vulnerabilities just to attack a single specific system. It is possible to reduce an attacker's chances by keeping systems up to date, following the right industry guidelines, privileged user activity monitoring, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.

Computer and IT Security
A state of computer "security" is the abstract ideal, attained by the use of the three methods: threat detection, prevention, and counter response. These processes are based on various policies and system components, which include the following:

User account access controls and cryptography can protect systems files and data, respectively.

Firewalls are by far the most common prevention systems from a network security perspective. With proper configuration, they can shield access to internal network services, and block certain kinds of cyber-attacks through packet filtering. Firewalls may be both hardware and software based.

Intrusion Detection System (IDS) products are designed to detect live network attacks and provide vital assistance in post-attack forensics. User activity audit trails and logs serve a parallel function for individual systems.

Response is essentially defined by the evaluated security requirements of an individual system and may cover the range from simple upgrade of protections to notification of legal authorities, counter-attacks, etc. In some cases, a complete destruction of the compromised system is preferred, as it may happen that not all the compromised resources are identified.

Difficulty with response
Responding forcefully to attempted security is often very difficult for a variety of reasons:

Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to breach. The attackers always operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other anonymizing procedures that render back-tracking a difficult task. If they are successful with security breach, they are often able to delete logs to remove their tracks. The sheer number of attempted attacks is so large that organizations cannot spend time pursuing each attacker. Most of the sheer bulks of these attacks are thru by automated vulnerability scanners and computer worms.

Alternate Security by Design
Security by design, or alternately secure by design, means that the software has been designed from the scratch up to be secure. In this case, security is considered as a main feature.

Some of the techniques in the alternative security by design approach include:

The principle of least privilege, where each part of the system has limited privileges that are needed for its particular function. That way even if an attacker gains access to any part, they will not have access to the whole system.

Automated algorithm to prove the correctness of crucial software subsystems. Code reviews and unit testing, approaches to make modules more secure where formal correctness proofs are not possible.

Defense in depth, where the design is such that more than one subsystem needs to be violated to compromise the reliability of the system and the information it contains.

Default secure settings, and design to "fail secure" rather than "fail insecure". Ideally, a secure system should require a cautious, conscious, expert and free decision on the part of legitimate authorities in order to make it insecure.

Audit trails tracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be added to, can keep intruders from covering their tracks.

Full disclosure of all weaknesses, to ensure that the "window of vulnerability" is kept as short as possible when bugs are discovered.

Architecture for IT Security

The Open Security Architecture organization outlines IT security planning as "the design methods that describe how the security controls are deployed effectively, and how they blend with the overall information technology architecture. These controls serve the purpose to maintain the system's quality elements: confidentiality, integrity, availability, accountability and assurance services.

Key attributes of security architecture:

  • The relationship of different computer & networked components and how they rely on each other.
  • The determination of controls based on risk assessment, good practice, contingency plans, finances, and legal protections.
  • The standardization of controls.

Hardware protection mechanisms
While hardware may be a source of insecurity, such as with microchip weaknesses maliciously hosted during the manufacturing process itself, hardware-based or assisted computer security also offers a substitute to software-only computer security. Using devices & security measures such as dongles, disabling USB ports, trusted platform modules, intrusion-aware cases, drive locks, and mobile-enabled access may be considered more secure due to the physical access needed to be compromised. Each of these is described in more detail below.

USB dongles are typically used in software licensing schemes to unlock software capabilities, but they can also be seen as a way to prevent unauthorized access to a computer. The dongle, or key, essentially creates a secure encrypted tunnel between the software application and the key itself. The principle is of an encryption scheme on the dongle; such as Advanced Encryption Standard (AES) provides a stronger measure of security, since it is harder to hack and replicate the dongle than to simply copy the native software to another machine to use it. Another security application for dongles is to use them for accessing web-based content such as cloud software or Virtual Private Networks. Also, a USB dongle can be configured to lock or unlock a computer system.

Trusted platform modules (TPMs) secure devices by integrating cryptographic capabilities onto access devices, through the use of microprocessors, or so-called computers-on-a-chip. TPMs used in conjunction with server-side software offer a way to detect and authenticate hardware devices, preventing unauthorized network and data access.

Computer case intrusion detection refers to a push-button switch which is triggered when a computer case is opened. The firmware or BIOS is programmed to show an alert to the operator when the computer is booted up the next time.

Drive locks are essentially software tools to encrypt hard drives, making them inaccessible to thieves. Tools exist specifically for encrypting external drives as well.

Disabling USB ports is a good security option for avoiding unauthorized and malicious access to any secure computer. Infected USB dongles connected to a network from a computer inside the firewall are considered by Network World as the most common hardware threat facing computer networks.

Mobile-enabled access devices are growing in popularity due to the global nature of cell phones. Built-in capabilities such as Bluetooth, the newer Bluetooth low energy (LE), Near field communication (NFC) on non-iOS devices and biometric validation such as thumb print readers, as well as QR code reader software designed for mobile devices, offer new, secure ways for mobile phones to connect to access control systems. These control systems provide computer security and can also be used for controlling access to secure buildings.

Secure operating systems
Ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. Such strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented appropriately, can confirm the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.Secure operating systems designed this way are used mostly to protect national security information, military secrets, and the data of international financial institutions. These are very powerful security tools and very few secure operating systems have been certified at the highest level, to operate over the range of "Top Secret" to "unclassified". The assurance of security depends not only on the reliability of the design policy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security functionality and assurance level (such as EAL levels), and these are specified in a Protection Profile for requirements and a Security Target for product descriptions. None of these ultra-high assurances secure general purpose operating systems have been produced for decades or certified under Common Criteria.

Secure coding
If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a 'low security' category because they trust on features not supported by secure operating systems. In low security operating environs, applications must be trusted on to participate in their own shield. There are 'best effort' secure coding practices that can be followed to make an application more resistant to malicious subversion.

In commercial environments, the majority of software subversion weaknesses result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. These defects can be used to cause the target system to execute putative data. However, the "data" contain executable instructions, allowing the attacker to gain control of the processor.

Some common languages such as C and C++ are vulnerable to all of these. Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.

Another bad coding practice occurs when an object is deleted during normal operation yet the program neglects to update any of the associated memory pointers, potentially causing system variability when that location is referenced again. This is called dangling.

Capabilities and access control lists
Within computer systems, two of many security models capable of enforcing privilege separation are access control lists (ACLs) and capability-based security. Using ACLs to confine programs has been proven to be uncertain in many circumstances, such as if the host computer can be tricked into ultimately allowing restricted file access, an issue known as the confused deputy problem. It has also been shown that the promise of ACLs of giving access to an object to only one person can never be guaranteed in practice. Both of these problems are resolved by capabilities. This does not mean practical flaws exist in all ACL-based systems, but only that the designers of certain utilities must take responsibility to ensure that they do not present flaws.

Capabilities have been mostly restricted to research operating systems, while commercial OSs still uses ACLs. Capabilities can, however, also be implemented at the language level, leading to a style of programming that is essentially a refinement of standard object-oriented design.

The most secure computers are those not connected to the Internet and shielded from any intrusion. In the real world, the most secure systems are operating systems where security is not an add-on.