Cryptography and Computer Security - Report Example

? Cryptography and Computer Security Cryptography and Computer Security Security in the general context refers to protect anything from getting stolen or damaged. Likewise computer security refers to the security and protection of the computer data and information. The first example of computer security can be seen when the computerized switchboard was introduced to protect hardware from external damage in 1976. Then security was developed to protect remote computing and this was done by developing the modem. In the 1980’s another problem arose when personal computers were designed, this also brought introduction to the internal problem i.e. virus from which the computer needed protection. Issues continued to arise but the most serious problem came with the introduction of internet. Internet gave birth to many problems because the internet gave rise to many virtual access points. Access points are an entrance to every sort of information and along with the information that enters virus and other malwares can easily enter. This opened a gateway to many virus and unwanted material into the computer. In order to protect the computer from such threats many techniques and methods were adopted and up till now new techniques and soft wares are being developed to protect the computer. One such method of protecting data is cryptography. It was used to convert understandable data into data that cannot be understood. In the earlier years cryptography was used to protect and secure information and messages between important personnel but gradually cryptography began to be used for the protection and safety of all sorts of communication and safe computing. CRYPTOGRAPGY Cryptography has generally been used widely and there are some keys that are written for public and the major reason is to protect the data that is being transferred that is why it usually remains a secret or a matter of confidentiality between the receiver and the sender. It is a matter of great concern for the government and especially the law enforcing agencies when the data is encrypted as they need to be better equipped with programs and software so as to be counter the encrypted data and be able to read it. This is the sole reason that previously there was such a hue and cry with relations to the matter of privacy. It was discovered that there was no mail or communication that was hidden from them. They had super software and super computers to help them decode the algorithms and be able to decipher it. Earlier in 2009 there a series of very serious attacks on various organizations like Yahoo, Google, Morgan Stanley, Juniper Networks, Symantec, Dow Chemical and the Adobe Systems. It was an attempt to get hold and manipulate the SCM of these organizations. The SCMs were wide open for access and the organizations never thought of protecting them as they felt that it was safe. The SCMs are quite an important part of any programs as they help when the person is looking to restructure the programs or rewrite them for any changes that are required. The main reason for the attack was to modify the SCM and then re modify the programs to their own motives. This attack showed how vulnerable the SCMs were. The result of this attack was to encrypt the SCM so that even if anyone got hold of them they would not be able to modify it. The encryption codified the programming and thus it was useless until the person was an expert in the algorithms. The attack basically modified the file path and turned normal usable software into malwares. It was at first discovered by the Google blog and then as a result they put forward an ultimatum that this originated in china and if it is not taken care of Google would close its franchise in China. There were further algorithms that were released from time to time just to exploit the loopholes that existed in various very commonly used software and this was done by random programmers. Encryption helps prevent such attacks (Stallings, 2011). With the advent of technology, many things that were earlier out of reach are all today within reach. But like everything today there is negative side to it as well. With passing time as the systems are advancing, the ability of people to find loopholes in the existing systems is also increasing which is causing quite a stir in the IT sector of every small and big business. The constant development has also accelerated the level of protection to increase in the world, but even the increased protection has not reached the level that any system is safe from malicious software. Earlier the threats were in a very limited form, but as the technology evolved the harmful programs became more discreet, harmful and undetectable, which has resulted in many harmful things happening to many organizations. The harmful substances, programs or software can today creep into your systems and can have access to all your private information without even you knowing it. This sort of programs is very harmful for an individual user and they therefore are also extremely disastrous for the organizations. The need to keep some sort of information as a secret is very necessary for some organization; the data is very sensitive and therefore needs protection. Earlier this sort of information were being kept under lock and key, but as the world advances the need to revolutionize the system also came up causing the sensitive info to be stored in the digital form (Hamel, 2010). The Threats: VIRUSES: They are one of the most common forms of infections that appear in the system. They had earlier become common thorough floppies but now newer sophisticated means have been found and developed. Today they can enter the system through the use of internet. They are usually in the form of an executable file, that when run copies itself over and over again and infects the programs. The virus is also transmitted through flash drives and through e–mails as well (Hamel, 2010). PREVENTION: The system can easily be protected by using an antivirus program that has an active database of viruses this way the virus can be detected as soon as it enters. The easiest solutions for viruses are the antivirus software. For example: Norton Antivirus, Avira Antivirus and etc. Also, being careful in using the flash drives unprotected can also cause the virus to expand. WORMS : They are also a variation in the kind of virus. Viruses usually come from some external source, but the worms are transmitted through a network. Once transmitted the worms exploit the security holes that might exist in the network and load the system process by running as a separate process. This way the extra burden on the processor causes the system to crash (Hamel, 2010). PREVENTION: The best way to protect the system from worms is to update the system with the security patches; this way the worm will not have a chance to attack the system. Also antivirus and antimalware software help but they are not very effective in preventing the attacks. TROJAN: Trojan is a program that looks desirable and entices the user to install it, once installed it releases worms and viruses which infect the files and data stored on the system. They are usually deceptive downloads that the user unknowingly downloads, also many a times spywares are attached with Trojans who then lodge themselves into the system making the system malfunction (Hamel, 2010). PREVNTION: To have anti spyware software installed in the system prevents the advent of Trojans and also being careful while downloading unlicensed software can help prevent the invasion by Trojans. ROOTKITS: Root kits are kind of software that are very difficult to be located by any kind of fishing software. They run as legitimate system process and our very difficult to be found out (Hamel, 2010). PREVENTION: By knowing the proceeds that are currently running, a user can identify the root kit and get rid of it. But the only other way is to reinstall the operating software. PREVENTION STRATEGEY: Since the system is always vulnerable to these many threats as mentioned above therefore there is always the need to play very safe. Just installing millions of different anti viruses will never help the computer system. Since the organization has 8 branches and there is always very heavy data traffic therefore without some serious protection it would be really difficult for the system to maintain itself. The best solution is to have one centrally managed antivirus software installed for the whole organization. Having such software will help in maintaining a clean system throughout the organization and therefore preventing any loss of data or some other kind of information. There are many advantages with regards to having a centrally installed antivirus. By having a centrally installed antivirus we are preventing the other computers in the network from creating a whole in the network and thus preventing the risk that we might face by having too many open holes which might make the network vulnerable (Peter, 2005) (John, 2006). Also the virus definition files are not much heavy for one pc but if we have to download them to all the PCs in the organization that it might take up a lot of time of the technicians and would bear the same result that is obtained by having them installed them on one PC and then later that Pc can act as the server an transfer the file to other PCs. Having the software installed in one pc can also reduce the time that technicians need to spend on each and every computer, and also prevents the risk, by making the updating of antivirus run in the back as the user continues to work. Many a times it has been seen that users cancel the setup which causes wastage of time. Also if the organization leaves the updating of antivirus software on the users themselves then the organization will be running a high risk, because of this as some users might not activate and update the software and thus they will invite a number of malicious programs which can later transmit worms over the network (Ed, Lenny,2003) (John,2006). There are of course some disadvantages, and a major one is that if we use the server setup to update the antivirus programs on all the terminals, then there of course will be a fixed day when that updating takes place. Now if in between these updates if a new virus is found the whole system will remain unprotected until the next updating. Another disadvantage is that if the server goes down then the whole network goes down, and the PCs remain unprotected until the server is revived (Ralph, 1991) (Skoudis, Zeltser, 2003). What I suggest is that the best thing would be to have one main server at the head office, and 8 sub servers. This way the main server would install the updates and notify the 8 sub servers, who then will install the updates in their respective areas. There might be a concern regarding the main server going down, but a backup program can be used which will continue the process even if the main server breaks down. With regards to the next updating and the system remaining unprotected till then, it can be solved by simply using a real time update. Through this way the system will always be checking for updates and will install them when required (Ralph, 1991) (Hamel, 2010). Another major thing is to have precautionary measures; these should be taught to all employees by having a proper training session. Users should not be installing any kind of software themselves. Also to prevent this, the easier way is to deny the access to the employees, they can request the program they require to the IT people who will install it for them. Having anti-spyware and anti-adware software can also help. And a strong firewall setup in combination can keep the system protected to near about 90% (Hamel, 2010). Conclusion By taking precautions along with the necessary software can prevent the system from malicious software and can also help to reduce the chances of any serious data loss. Training the employees in using the system carefully can also contribute to the prevention of any kind of technical hazards. References Skoudis Ed, Zeltser Lenny. (2003). MALWARE: Fighting Malicious Code. 1st Edition. Prentice Hall. eHOW/ http://www.ehow.com / Gregory Hamel. (2010, March). Virus Protection Tips. Retrieved May, 26, 2011 from http://www.ehow.com/way_5434703_virus-protection-tips.html Aycock John. (2006). Computer Viruses and Malware. 1st edition. Springer. Szor Peter. (2005). The Art of Computer Virus Research and Defense. Addison-Wesley Professional Burger Ralph. (1991). Computer Viruses and Data Protection. Abacus Software Inc. Stallings, W. (2011). Cryptography and network security: Principles and practice. Boston: Prentice Hall. Read More