What is meant by securing systems?

Computer systems or hardware, software, and procedure that are protected from unauthorized access and misuse of data are called securing systems. The securing systems provide the level of reliability and correct operation and they are suited for performing intended functions. The protection of computer systems is provided through software and hardware that prevents unauthorized access or the corruption of data or any data loss. Methods, tools, and personnel used to defend the digital assets of an organization refer to securing systems. The securing system’s goal is to protect these assets, devices, and services from being stolen by unauthorized access or also called threat actors.

Types of security

Few types of securing systems are listed;

• Physical security
• Information security
• Internet security
• Mobile security
• Network security

Physical security

The securing systems that protect people, hardware, software, network information, and another event that can affect the organization and its assets are called physical security. Hardware, software, network information, and data are all protected from physical actions, invasions, and other events that could harm an organization's assets through physical security. Physical security also safeguards the business protecting it from threat actors, accidents, fires, floods, and other severe weather. It could destroy servers, devices, and other utilities in the absence of physical security of computer systems.

Examples of physical security include vandalism and theft. Theft and vandalism are examples of human-caused threats that demand physical security measures. Physical security breaches don't necessarily require technical knowledge, yet they can be equally as dangerous as data breaches.

There are three ways to ensure physical security:

• Access control
• Surveillance
• Testing

By maintaining and updating each of these components, the success of the physical security of an organization can be achieved. The vital part of physical security is controlling access to office buildings, data centers, and other locations. For example, an attacker entering the office can use a USB flash drive to steal the data. The goal is to monitor, record, and limit the number of unauthorized users with confidential physical assets. Walls, locked doors, fences, identification badges, and keycodes are some examples of access control. Some other equipments are also used to monitor the entry the people to the organization's premises. For example, companies and institutions use cameras for monitoring their buildings. Intruders are deterred by cameras, which can also be used to respond to and analyze incidents.

Information security

Information security is also known as infosec. The methods and approaches used to secure personal, private, and sensitive information or data in print, electronic, or any other form against unauthorized access, use, misuse, disclosure, destruction, modification, or disruption are referred to as information security. Information security includes a strategy to manage processes, tools, and policies to protect digital and non-digital assets. The information security system can prevent, detect, and respond to threats when implemented effectively. Infosec is further divided into other categories of security such as application security, cloud security, and endpoint security.

Internet security

Internet security protects software applications, private networks using the internet, and also web browsers. Computer security includes internet security. It covers the Internet, browser security, website security, and network security in general, as well as other applications and operating systems. Its goal is to set guidelines and countermeasures for Internet-based attacks. Internet security uses encryption and decryption techniques to protect data from malware, phishing, and other attacks.

Mobile security

Mobile security is wireless security that protects devices like smartphones, tablets, and laptops. The protection of smartphones, tablets, and laptops from dangers connected with wireless computing is known as mobile security, or more particularly mobile device security. In mobile computing, it has become increasingly crucial. The security of personal and corporate information stored on or accessible from cellphones is of particular importance. Smartphones are increasingly used by individuals and organizations to not just communicate, but also to plan and organize their professional and personal lives. Smartphones collect and store a large amount of sensitive data to which access must be restricted to safeguard both the user's privacy and the company's intellectual property.

Network security

Network security secures the network infrastructure and the devices that are connected to it. Network security secures the devices from threats such as modifications and malicious use. The policies, techniques, and practices used to prevent, detect, and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources are referred to as network security. The authorization of access to data in a network, which is regulated by the network administrator, is referred to as network security. Users are assigned an ID, password, or any other type of authentication that grants them access to information and applications in the network. Assigning a unique name and password to all the users in the network is the most popular and straightforward method of safeguarding the network resources.

Security threats

Malware

Spyware, ransomware, viruses, and worms are examples of malevolent software. When a user clicks on a malicious link or attachment, malware is activated, and harmful software is installed. According to Cisco, once the malware is launched, it can:

• Access to critical network components is restricted (ransomware).
• Install more malicious software.
• Obtain information without being detected by sending data from the hard disc (spyware).
• Individual parts are disrupted, rendering the system inoperable.

Prevention:

Install antivirus software and update the software applications periodically to prevent malware.

Emotet

Emotet is described as "an advanced, modular banking Trojan that primarily works as a downloader or dropper of other banking Trojans" by the Cybersecurity and Infrastructure Security Agency (CISA). Emotet is still one of the most expensive and devastating malware."

Prevention:

Isolate the computer from the interconnected networks to stop emotet spread. Change the username and password for all the login IDs of all accounts.

Man-in-the-middle

When hackers inject themselves into a two-party transaction, it is known as a man-in-the-middle (MITM) attack. The hacker can steal the data shared between the two parties and can also impersonate either of the two parties. MITM attacks are common in an unsecured public Wi-Fi network.

Prevention:

A good encryption mechanism ensures that an intruder cannot enter the network. An attacker can easily brute-force his way into a network and launch a man-in-the-middle attack if the encryption method is poor.

SQL injection

SQL injection(structured query language) is a sort of cyber attack that occurs when malicious code is injected into a SQL server. It's as simple as typing the malicious code into a search field on a susceptible website.

Prevention:

Input validation and parameterized queries with prepared statements are the only surefire ways to prevent SQL Injection attacks. Never use the input directly in your application code. SQL Injection can be used to extract data from your database by exploiting database flaws.

Password attacks

A cyber attacker can gain access to a variety of information with the appropriate password. Data Insider defines social engineering as a "tactic cyber attackers utilize that depends primarily on human interaction and frequently entails luring people into breaching basic security standards." Accessing a password database or guessing a password are two further sorts of password attacks.

Prevention:

• Create strong passwords by following the proper guidelines.
• Change the password periodically.
• Never share the password.

Context and Applications

This topic is important for postgraduate and undergraduate courses, particularly for, 

• Bachelors in Computer Science Engineering.
• Associate of Science in Computer Science.

Practice Problems

Question 1: Which is not an important part of security protection?

1. Scanning unauthorized programs
2. Strong passwords
3. Greater size of RAM
4. None of these

Answer: Option C is correct.

Explanation: The security system depends on a unique and strong password, audit logs periodically, and scanning the threat files.

Question 2: What protects the network from third-party internet access?

1. Firewall
2. Deny user access
3. Antivirus
4. None of these

Answer: Option A is correct.

Explanation: Firewall is used to protect the network from third-party access. The firewall separates the trusted network and the non-trusted network.

Question 3: What is the best feature in the firewall domain?

1. Firewall creates two domain trusted and non-trusted domain
2. Firewall creates strong policies
3. Firewall creates a demilitarized zone
4. None of these

Answer: Option C is correct.

Explanation: Firewall to enhance protection keeps all the live servers and workstations at separate zone than keep it inside and outside.

Question 4: Which of the following is not a type of security?

1. Internet security
2. Network security
3. Personal security
4. Information security

Answer: Option C is correct.

Explanation: Security can be divided into five broad categories, network security, physical security, information security, internet security, and mobile security.

Question 5: What is malware?

1. Malicious code
2. Antivirus
3. Program
4. None of these

Answer: Option A is correct.

Explanation: A malware is a malicious code that intends to damage the data in the system.