Question

Find an article from the internet about Computer security and then write a summary of that article. Include why you were interested in the article, what you learned from it, and how you could use it in your career as a cyber security professional. (minimum 1300 words)

Answer 1

I found information from the Wikipedia about computer security or cyber security.

Summary:

Computer security, cyber security or information technology security (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.  The field is becoming more important due to increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi - Fi, and due to the growth of "smart" devices, including smartphones, televisions, and the various devices that constitute the "Internet of things". Owing to its complexity, both in terms of politics and technology, cyber security is also one of the major challenges in the contemporary world. Topics related to computer security is as follows:

#Vulnerabilities and attacks:

A vulnerability is a weakness in design, implementation, operation or internal control.

1.Backdoor:A backdoor in a computer system, a crypto system or an algorithm, is any secret method of bypassing normal authentication or security controls.

2. Denial of Service Attack (DoS): Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users.

3.Direct-access attacks:An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it.

4.Eavesdropping: Eavesdropping is the act of surreptitiously listening to a private computer "conversation" (communication), typically between hosts on a network. For instance, programs such as Carnivore and NarusInSight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers.

5.Multi-vector, polymorphic attacks: Surfacing in 2017, a new class of multi-vector, polymorphic cyber threats surfaced that combined several types of attacks and changed form to avoid cyber security controls as they spread.

6. Phishing: Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users by deceiving the users.

7.Privilege escalation: Privilege escalation describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level.

8. Social engineering: Social engineering aims to convince a user to disclose secrets such as passwords, card numbers, etc. by, for example, impersonating a bank, a contractor, or a customer.

9. Spoofing: Spoofing is the act of masquerading as a valid entity through falsification of data (such as an IP address or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain.

10. Tampering: Tampering describes a malicious modification of products. So-called "Evil Maid" attacks and security services planting of surveillance capability into routers are examples.

To prevent unauthorized access there are various techniques are as follows for different scenarios:

1. Access Control: It is one type of authentication system which want some specific key to enter in system or gain authorization like password and username.

2. Anti- Key loggers: An anti-key logger (or anti–keystroke logger) is a type of software specifically designed for the detection of keystroke logger software

3. Anti- Malware: Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

4. Anti-spyware: Spyware is a software that aims to gather information about a person or organization, sometimes without their knowledge, and send such information to another entity without the consumer's consent.

5. Anti-sub version software: Software subversion is the process of making software perform unintended actions either by tampering with program code or by altering behavior in another fashion.

6. Anti- Tamper software: Anti-tamper software (or tamper-resistant software) is software which makes it harder for an attacker to modify it.

7. Antivirus Software: Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

8. Cryptographic Software: Encryption software is software that uses cryptography to prevent unauthorized access to digital information.

9. Firewall: In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. There are specifications of port numbers for different application. It allow the application to contact with system only with its recognize port number.

10. Intrusion detection system (IDS): An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations.

11. Log management: Log management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc.).

12. Security information management: Security information management (SIM) is an information security industry term for the collection of data such as log files into a central repository for trend analysis.

I choose this article because it provides various career regarding information about it like what are the different roles in this field as follows:

Security analyst, Security engineer, Security engineer, Security administrator, Chief Information Security Officer (CISO), Chief Security Officer (CSO), Security Consultant/Specialist/Intelligence. Also describe hacker culture& ethic, information about various conference, types of computer crime, various hacking tools, practice sites, and what are the rules and regulation for cyber security in global and for specific countries. It is a article which provides whole information about this field and i can learn what are the steps to make career in field and can learn different courses and its tools as needed.