Computer Security: Any item you value needs to be protected and secured. Similar is the case with your computer hardware and software. The protection is required for every valuable thing, no matter it’s physical or visual. We call these items or things as assets of a computer system. Now the question arise is “What should be protected?” The answer seems to be very simple, “valuable assets should be protected”, but difficult to decide about what is valuable?
A computer system is completely useless without a software, even it is a minor calculator or a high level super computer. If it does not have any software installed, it is just combination of some silicon chips placed on a table. Hence, software is identified as one of the most valuable asset in a computer. A software can be an operating system, a user application, a utility, a kernel, a service, an interface etc. A computer can be bought from any shop with best specifications. If any of its hardware fails, you may replace it with a new one. However, the files in a computer or software installed in a computer distinguishes your computer from other’s. Software can be replaceable or irreplaceable. For example, you personal applications are irreplaceable but operating systems, anti-viruses, commercial software are replaceable and you can buy them from market any time.
Hence, An important asset can be a hardware, software or data. All of them are related. A software is nothing without hardware. A hardware is nothing without software. Data is the most important part which makes a software and hardware more valuable. For example, if a pen-drive contains some sensitive data, you will try various methods to secure it. You will keep it near you. You will encrypt its data. You will put password protection on it and so on. If a pen drive has some regular songs recorded from a broadcast of radio, you will not spend time or money in protecting it with password or encrypting data. It means, it’s the data that make an asset more valuable as compared to other. So, in computer security, the first step is to identify the valuable assets.
Some assets are more valuable and some are less. I mean, not all the assets have same priority or importance. Some of the assets requires protection all the time and some don’t. For example, your locker has jewelry. In this case, you will never leave your locker open. As compared to this, another locker or almirah which contains your clothes, can be left open. Hence, the second step is prioritizing the assets for security measures.
What if you leave your locker containing jewelry open? A thief will break in and take advantage of situation. Can you tell what is threat and vulnerability in the above situation?
What is threat? : A threat is a situation which has potential to cause harm and put you in problem.
What is vulnerability? : You can define vulnerability as a weakness of a system that can be exploited.
In the above example, the threat is thief can break in and steal the jewelry. The locker will be secure if you have locked it. The weakness of lock is key with which it can be unlocked. However, if the lock can be opened with any key, it means the lock is vulnerable to key. If the locker can be opened with only its own key, the thief may attack it but he will not succeed in opening the lock. But if you will leave the locker unlocked, but close its door, it will be a vulnerability. The thief will pull the door of locker to exploit this vulnerability.
Now let’s move to the computers, to exploit a vulnerability in a computer system, the attacker will need to use another computer system for attacking. He may attack in various ways. There are many techniques including flooding system, brute force, shutting down system and so on.
For more details, read more articles in “Computer Security” section of this website.