StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Principles of Computer Security - Coursework Example

Cite this document
Summary
The paper "Principles of Computer Security" traces concepts and terms related to cryptography, intrusion detection systems, standards and protocols, public and private keys, and hardening of the network. Hence, suitable methods to overcome hackers' challenges become a part of computer security…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.6% of users find it useful
Principles of Computer Security
Read Text Preview

Extract of sample "Principles of Computer Security"

Principles of Computer Security October 31, Table of Contents Introduction 5 Introduction 5 2. Cryptography 5 2. Cryptography 5 3. Public Key Infrastructure 7 3. Public Key Infrastructure 7 4. Standards and Protocols 9 4. Standards and Protocols 9 5. Network Fundamentals 9 5. Network Fundamentals 9 6. Infrastructure Security 11 6. Infrastructure Security 11 7. Remote Access 13 7. Remote Access 13 8. Wireless and Instant Messaging 13 8. Wireless and Instant Messaging 13 9. Intrusion Detection Systems 13 9. Intrusion Detection Systems 13 10. Security Baselines 15 10. Security Baselines 15 11. Conclusions 17 11. Conclusions 17 References 17 References 17 1. Introduction With increased use of computers and the Internet to manage our lives, cyber crimes have become a common term of use. Criminals have managed to adapt the traditional method breaking into a house to breaking into computer systems. Cybercrime is defined as "use of the Internet, computers and related technologies in the commission of a crime" (Maras, p. 2). Included in such crimes are technologically specific crimes that cannot be possible without using computers and traditional crimes and combining both methods. This paper discusses important principles of computer security and different components and systems that are used for the computer security. 2. Cryptography Cryptography is the process used in computer engineering used for providing secure communication to avoid interception of the message by unauthorised parties. A number of tools and devices are available and these are discussed as below (Schneier, p. 45-49). Algorithms: These instances of logic are coded to consider certain inputs and provide the desired outputs. These are useful in cryptography that enables a communication to be coded. Hashing: In cryptography, hash function is an algorithm that picks up a data block, and in return gives a bit string of a fixed size called the hash value. This means that any attempt to change or crack the hash code will not succeed. Symmetric Encryption: Also called the private key, this is a type of cryptography algorithm that identical keys to encrypt and decrypt. The party that sends the message has the same key and the party that wants to decrypt the message must have the same key. Asymmetric Encryption: This requires to different keys one public and the other secret to unlock the message. One key is used for encryption and other for decryption. 3. Public Key Infrastructure Public-key infrastructure - PKI refers to the infrastructure made of software, policies hardware, procedure and other assets that are used to create, distribute and manage digital certificate. It binds public keys with specified user identities by using the certificate authority (Bosworth and Kabay, p. 34-38). Certification Authority - CA refers to the issuing authority for digital certificates. These certify the ownership of a public key for a person so that other parties can use the signatures to form a trusted relationship. Registration Authorities - RA are the agency that maintains the set of international standard codes and issues new ones for parties that register with them. For Internet applications, it is the Internet Assigned Numbers Authority. Certificate Repositories - CR Are archives and databases where different digital certificates are placed. Authorised agencies request a digital certificate from the CR Trust and Certificate Verification is used to verify the authenticity of digital certificates that are offered by a party. Crypto API are used to verify if a party that offers a certificate is really the owner and if the certificate is authentic or forged. Digital Certificates also called as public key certificate is used for authentication. It is a digital document and it binds the public key to an entity by using a digital signature Private Key Protection are protected on a users computer by storing it is the root directory of documents, settings, user name, application data, Microsoft, crypto, rsa folder. A 128-bit encryption is used for the protection. 4. Standards and Protocols A protocol refers to a set of steps that must be followed to complete the required tasks. When multiple users and computers are present, protocols help and specify the manner in which these computers and software application communicate with each other. An example is the Internet. Cryptography and security protocols specify the set of steps that computers must follow when they connect to any Internet server. If a user takes any step that is different from the protocol, then it means there is a threat. Standards are used to specify the syntax and other rules used in the programming language for cryptographic tools. By using similar standards, it is possible for computers to speak to each other without any syntax errors (Bosworth and Kabay, p. 53). 5. Network Fundamentals These are basic instruction and descriptions of various components that make up a network. A number of components are present and these are discussed as below. These are very important in computer network security since they tell us the assets to be protected and the location (Schneier, p. 76). Network Architectures refers to the designs used in computer communication networks. It specifies physical and virtual elements in the network such as computers, servers, bus details along with data formats that are used. Network Topology refers to the manner in which the network elements are arranged. The representation can be physical where the different nodes are shown along with the location and cable installation. Logical topology refers to the data flow in a network and the placement as per the information flow. Network Protocols are the set of rules that define the manner in which computer communicate in a network. Some common protocols are Ethernet, local talk, token ring, Fibre Distributed Data Interface, Asynchronous Transfer Mode, Gigabit Ethernet and others. Packet Delivery refers to the delivery of the formatted and encrypted unit of data. Data is usually broken down into small bits, encrypted and delivered along with private keys and public keys. 6. Infrastructure Security IT Infrastructure Security refers to the process and methods used to protect the whole network of an organisation. All assets in the network and this include devices such as workstations, servers, NICs, hubs, bridges and switches must be protected from external and internal threat. Hackers gain backdoor entry through a single and often unguarded port. Hence, the security program should consider the topology and prepare a binding set of procedures and policies that help in the implementation of the plan. There is also a need to carry out security checks and awareness, test the existing system for vulnerabilities and then create the policies. 7. Remote Access This is a process where a user accesses a database or a network from a location outside the network topology. The Internet is used for web applications while a dedicated network is used for banks and ATM machines. This process is often risky since a hacker can gain access to the authentication and passwords that a person uses. Therefore, authentication must be very robust and secure when using applications such as online booking, online banking and shopping where the credit card numbers are often used. Hackers usually try to intercept the exchange of passwords so that they know the details and they can then use the information to steal money or make fraudulent purchases (Bosworth and Kabay, p. 74). 8. Wireless and Instant Messaging Instant messaging using the computer, Internet chat rooms and mobile phones have become very common. These use different protocols such as WAP, IMPS and WTLS, 802.11 and others. These applications have increased the ease of affordable communication but they can also be used to hack into networks, banks and mobile phones of other users. When mobile phones are used for shopping and banking very strong authentication systems are used (Schneier, p. 101). 9. Intrusion Detection Systems IDS are special software applications and devices that monitor a network, the home computer or the server and detect any suspicious activity. Different types are explained as below (Bosworth and Kabay, p. 87-93). A host-based intrusion detection system - HIDS analyses and monitors traffic in the internals of a computing system and the network interfaces. All dynamic behaviour of the computer is monitored and compared with the protocols and standards. Network Based - NIDS - is based in a network and monitors the incoming and outgoing traffic for any malicious activity. The traffic is compared with protocols and routines and when a hacker attempts to connect to an unauthorised port, the activity is detected and blocked. Other terms of relevance are signatures, False Positives and Negatives and these refer to the protocols, messages and alerts raised when an intrusion is detected. 10. Security Baselines These fundamental activities are performed to protect the computer and users. Password selection refers to selecting a password that is not easy to guess. The methods include using capitals in the password along with special characters such as $ or #. Hardening of the operating and network system means using higher levels of authentication and passwords along with firewalls. These elements make it difficult for a hacker to enter a system. Network and application hardening is done by securing unguarded ports and installing intrusion detection systems. In other cases, security patches are used and unnecessary applications are blocked. Special systems are available for different operating systems and applications. A banking application will be highly secure since it deals with money while a Internet browsing session from a public computer may not be excessively hardened ((Schneier, p. 127). 11. Conclusions The paper has discussed briefly important concepts and terms used in computer security. Various terms related to cryptography, intrusion detection systems, standards and protocols, public and private keys and hardening of the network were discussed. It can be seen that the subject of computer security is very vast and complex. Hackers can use a number of methods and processes to gain entry to a network. Hence, suitable methods to overcome these challenges become a part of computer security. References Bosworth, Sam., and Kabay. Meer., Computer Security Handbook, 4th edition. NY: Wiley Publications, 2010 Maras, Marie-Helen. Computer Forensics: Cybercriminals, Laws, and Evidence. Sudbury, MA: Jones & Bartlett Learning, 2012 Schneier. Ben. Secrets and Lies: Digital Security in a Networked World, 2nd edition. NY: Wiley Publication, 2007 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Principles of Computer Security Coursework Example | Topics and Well Written Essays - 1500 words, n.d.)
Principles of Computer Security Coursework Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/1785749-principles-of-computer-security
(Principles of Computer Security Coursework Example | Topics and Well Written Essays - 1500 Words)
Principles of Computer Security Coursework Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1785749-principles-of-computer-security.
“Principles of Computer Security Coursework Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1785749-principles-of-computer-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Principles of Computer Security

SENSORY PROCESSING

Video cameras and other security systems are able to pick up facial features of people depending on the clarity of the camera... Merging Man and Machine So far in the world, there is no computer system as complex as the human brain.... The organic processing of the human brain, which we use every second of our lives from conception to death, is capable of multi-tasking complex physiological responses, learning, memory, and many other processes simultaneously....
5 Pages (1250 words) Research Paper

Ten Commandments of Computer Ethics

Computer Ethics The “Ten Commandments of computer Ethics” were put forward by the Computer Ethics institute in 1992 and acts as a starting point in specifying the general principles one must follow when one uses computers.... In my view, the 1st Commandment which says that “Thou shalt not use a computer to harm people” is a reasonable one.... Harming someone is generally disallowed either morally or legally, whether one uses a computer to do it or not....
3 Pages (750 words) Essay

Health information research project

Otherwise, it will violate the principles of informed consent and patient confidentiality (www.... Otherwise, it will violate the principles of patient confidentiality and informed consent.... security measures like password protection, encoding of information etc are required to control unauthorized access to the medical data according to AMA's policy.... The AMA's policy on confidentiality of computers mentions many security measures for controlling unauthorized access to a patients computerized data, among which encryption of information is one(www....
2 Pages (500 words) Essay

Definition of security in info. sys

The information thus obtained is either stored for future use Definition of security in Information Systems With the advancement of Information technology, more corporations in the world today employ informationsystems to perform basic functions such as input, processing, storage and output of data to convert it into useful information.... This is called as security of information system.... Increased interconnectivity amongst various information systems has raised new issues and threats for the security of information systems....
2 Pages (500 words) Essay

New Technology in the Medical Field

Rogerson (2000) states that in healthcare, privacy and security range from physical security for the patients to patient records and organization's confidential information.... With the increased… option of information technologies (ITs) there has been increased efficiency in the operation of healthcare organizations as well as privacy and security risks related to the use of IT.... According to Computer Science and Telecommunications Board, National Research Council (1997), New Technology in the Medical Field Privacy and security is very important in all areas including healthcare settings....
2 Pages (500 words) Essay

The LZ Encoding

The compiler can be said to be a program used in the translation of computer language (Layton, 2007).... ohn Von Neumann remains one of the notable figures in the development of computer.... "principles of Information Systems Security: text and cases", New York: John Wiley & Sons.... n the case of Sunil, information security is an essential aspect of his operations.... An advanced security system would be essential as it can allow him to retrieve information contained in faulty equipment....
2 Pages (500 words) Coursework

Neuromorphic Computing Technology

(2011) silicon neurons are made by combining the principles of silicon engineering with the neuron physiological principle.... The silicon neurons are put on a computer chip from where they are able to In this prototype that was built by the scientists, the neurons are linked together in a way that makes them appear and operate like the brain cells....
5 Pages (1250 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us