Elements of Computer Security Read at least three articles that are no more than

Question

Elements of Computer Security

Read at least three articles that are no more than 12 months old. Apply the content from the articles to the elements of computer security.

The following requirements must be met:

Write between 1,000 – 1,500 words using Microsoft Word in APA 6th edition style.

Use an appropriate number of references to support your position, and defend your arguments. The following are examples of primary and secondary sources that may be used, and non-credible and opinion based sources that may not be used.

Primary sources such as government websites (United States Department of Labor - Bureau of Labor Statistics, United States Census Bureau, The World Bank), peer reviewed and scholarly journals in EBSCOhost (Grantham University Online Library) and Google Scholar.

Secondary and credible sources such as CNN Money, The Wall Street Journal, trade journals, and publications in EBSCOhost (Grantham University Online Library).

Non-credible and opinion based sources such as, Wikis, Yahoo Answers, eHow, blogs, etc. should not be used.

Cite all reference material (data, dates, graphs, quotes, paraphrased statements, information, etc.) in the paper and list each source on a reference page using APA style. An overview of APA 6th edition in-text citations, formatting, reference list, and style is provided here.

Explanation / Answer

Society has already entered an era where computers are a very integrated and important part of our daily lives. Owing to this heavy reliance, the need for a secure ecosystem to facilitate multiple activities has also been an issue; and it has been addressed to a certain extent. In this regard, the need for a discussion on the elements of computer security follows.

The purview of computer security is to be able to detect and prevent attacks along with recovery, if needed. In order to address these factors, the following elements are discussed: confidentiality, integrity and availability. They are together popularly referred to as the “CIA triad”.

Confidentiality

Confidentiality is the concealment of information or resources from unintended entities. This need might arise from many factors such as to limit the audience trying to access the information.

This element is one of the most obvious aspects of computer security but is also the one which is attacked most often. Cryptography and encryption methods are attempts to ensure confidentiality of data transferred from one computer to another.

An example: If Alice sends a piece of encrypted information to Bob, which is intended just for him, and if Chloe somehow gets access to that piece of information, confidentiality of the same is compromised.

Another example: If your bank records are posted on a public website, everyone can know your bank account number, balance, etc., and that information can't be erased from their minds, papers, computers, and other places.

Integrity

Integrity is the ability to ensure that data is an unchanged and accurate representation of the original secure information. In other words, it refers to ensuring the authenticity of information – that information is not altered and that the source of the information is genuine.

A very common type of security attack in this regard is to intercept some important data and make changes to it before sending it on to the intended receiver.

An example: Imagine that you have a website and you sell products on that site. Now imagine that an attacker can shop on your web site and maliciously alter the prices of your products, so that they can buy anything for whatever price they choose. That would be a failure of integrity, because your information - in this case, the price of a product - has been altered and you didn't authorize this alteration.

Another example: when you try to connect to a website and a malicious attacker between you and the website redirects your traffic to a different website. In this case, the site you are directed to is not genuine.

Availability

Availability refers to the ability to access data of a resource when it is needed because information is no good if it is not accessible in the first place.

Denying access to data is a very common attack nowadays.

An example: Imagine you are the owner of an e-commerce website. Let’s say a hacker has compromised your web server and a buyer is not able to access your website. The period for which the server is down incurs a heavy loss on your business.

Another example: By breaking the web site for a particular search engine, a rival may become more popular.

The following real-life cases are instances of such attacks, which have components of confidentiality, integrity and availability integrated together:

As mentioned in the CNN article1, the security flaw, discovered by researcher Mathy Vanhoef of the University of Leuven in Belgium, appears to be affecting Wi-Fi connections. The issue is related to the WPA2 protocol, commonly used in WiFi routers. The flaw, called KRACK (Key Reinstallation Attack), could let a hacker, within range of the device, break encryption and potentially steal and manipulate data. As the researcher quotes, "Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on." The silver lining: No such attack has been reported as of yet.

In another WSJ article2, companies are accidentally leaving their corporate data exposed for all the world to see as they switch to rent out cloud computing services such as Amazon Web Services and others. This is precisely a confidentiality issue as explained before. The article states that the phenomenon is a byproduct of the cloud’s unchecked growth. And the author concludes on the note, “Provisioning is now in the hands of someone sitting in a cubicle who has a credit card and a web browser”.

Yet another different WSJ article3 on computer security deals with the latest craze of cars going digital. As the intro reads, “As cars go increasingly digital—and connected—cybersecurity experts worry that they also are becoming a lot more vulnerable”. Software is replacing features and functionalities of cars that were previously controlled purely by hardware. The article gives a glimpse as to how hackers could gain access to cars connected to the internet. It states how researchers at Trend Micro Inc. disclosed a flaw in almost all cars from the past 30 years that makes any number of safety features—such as anti-lock brakes—vulnerable to attack. It also states that this alarming situation is being addressed by the auto industry and law makers.

A different CNN article4 details the government’s role in addressing these threats. It states how the Department of Homeland Security directed federal agencies to implement better security protocols on government emails and websites. Plans are on to implement a technology that helps prevent email spoofing, or impersonating government agencies via email. It's called DMARC, or Domain-based Message Authentication, Reporting and Conformance. Also, every federal website must be accessible through a secure connection -- that is, HTTPS instead of HTTP.

The take-home message is as follows: Certain steps have been taken to address the security issues that have crept up but it should also be well understood that no system can be truly foolproof. Further research will only delay the time needed to break such systems.

References:

Related Questions

Navigate

• Browse (All)
• Browse E
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.