Computer security

From Pulsed Media Wiki

Computer security, cybersecurity, or information security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

The field is of growing importance due to the increasing reliance on computer systems in most societies, including online services, mobile devices, and the Internet of Things. Computer security encompasses various domains, including network security, application security, information security, operational security, and disaster recovery.

Overview

The fundamental goals of computer security are often summarized by the CIA triad:

  • Confidentiality: Ensuring that information is accessible only to those authorized to have access.
  • Integrity: Safeguarding the accuracy and completeness of data and preventing unauthorized modification.
  • Availability: Ensuring that systems and data are accessible and usable when needed by authorized users.

Achieving these goals involves implementing various technical controls, policies, and procedures to mitigate risks.

Threats

Threats to computer security are diverse and constantly evolving. Common types include:

  • Malware: Malicious software such as viruses, Trojan horses, ransomware, and spyware that can damage systems, steal data, or disrupt operations.
  • Phishing: Fraudulent attempts to obtain sensitive information (like usernames, passwords) by impersonating a trustworthy entity in electronic communication.
  • Denial-of-service attack|Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: Attacks designed to make a computer system or network resource unavailable to its intended users by overwhelming it with traffic.
  • Unauthorized Access: Gaining entry to systems or data without permission, often through weak passwords, exploited vulnerabilities, or social engineering.
  • Data Breaches: The unauthorized access and retrieval of sensitive data.
  • Insider Threats: Security risks originating from within the organization or system by people with authorized access.

Vulnerabilities

A vulnerability is a weakness in a system's design, implementation, operation, or management that could be exploited by a threat. Common vulnerabilities include:

  • Software Bugs: Errors in programming that can be exploited.
  • Weak Passwords: Easily guessable passwords or lack of multi-factor authentication.
  • Unpatched Software: Running outdated software with known security flaws.
  • Misconfigurations: Systems or applications set up insecurely.
  • Lack of Encryption: Transmitting or storing sensitive data in plain text.
  • Insufficient Training: Users unaware of security best practices (e.g., recognizing phishing).

Countermeasures and Principles

Protecting computer systems involves a layered approach combining multiple countermeasures:

  • Access Control: Implementing access controls (e.g., usernames, passwords, multi-factor authentication, permissions) to ensure only authorized individuals can access specific resources.
  • Encryption: Converting data into a coded format to protect its confidentiality, both when stored (encryption at rest) and when transmitted (encryption in transit, e.g., HTTPS).
  • Firewalls: Devices or software that monitor and control incoming and outgoing network traffic based on predefined security rules.
  • Security Software: Using antivirus programs, intrusion detection/prevention systems (IDS/IPS), etc.
  • Regular Updates and Patching: Applying software and operating system updates promptly to fix known vulnerabilities.
  • Backups and Disaster Recovery: Regularly backing up critical data and having a plan to restore systems in case of failure or attack (ensuring availability).
  • Security Policies and User Education: Establishing clear security guidelines and training users to recognize threats and follow secure practices.

Firewall Setup on Linux (CLI Tutorial)

A firewall is a fundamental component of computer security, controlling what network traffic is allowed to enter or leave your system. This tutorial focuses on setting up `ufw` (Uncomplicated Firewall), a user-friendly command-line interface for managing iptables rules, commonly used on Debian and Ubuntu systems.

Prerequisites:

  • A Linux system (like Ubuntu, Debian, Linux Mint).
  • Command-line access.
  • sudo privileges.
  • If connecting remotely via SSH, ensure you allow SSH traffic *before* enabling the firewall to avoid being locked out.

Steps:

  1. Install ufw (if not already installed):

Most Debian-based systems come with `ufw`, but you can install it if necessary: 

 sudo apt update  
 sudo apt install ufw


  1. Check the status of ufw:

Before making changes, check the current state. 

 sudo ufw status verbose

Initially, it's likely inactive.

  1. Set Default Policies:

It's generally recommended to deny incoming traffic by default and allow outgoing traffic. 

 sudo ufw default deny incoming  
 sudo ufw default allow outgoing

This means unless you specifically allow a type of incoming traffic, it will be blocked.

  1. Allow Essential Services:

You need to explicitly allow traffic for services you want to be accessible. If you are connected via SSH, **this step is critical to avoid being locked out.**

  • Allow SSH (default port 22):
 sudo ufw allow ssh

You can also specify the port explicitly: 

 sudo ufw allow 22/tcp
  • Allow HTTP (web traffic, default port 80):
 sudo ufw allow http

Or by port: 

 sudo ufw allow 80/tcp
  • Allow HTTPS (secure web traffic, default port 443):
 sudo ufw allow https

Or by port: 

 sudo ufw allow 443/tcp

Allow any other services your system needs to provide (e.g., a different SSH port, a database port).

  1. Enable the Firewall:

Once you have allowed essential services (especially SSH if remote), enable the firewall. 

 sudo ufw enable

You will be warned that the operation may disrupt existing SSH connections. Type `y` and press Enter to proceed. The firewall is now active.

  1. Check the status again:

Verify that the firewall is active and review the rules you've set. 

 sudo ufw status verbose


  1. Disabling the Firewall (if needed):

To turn the firewall off completely (e.g., for troubleshooting): 

 sudo ufw disable

This will deactivate the rules but preserves your configuration.

Further ufw commands:

  • Deny a specific port: `sudo ufw deny 5432/tcp`
  • Delete a rule: `sudo ufw delete allow http` or delete by rule number shown in `sudo ufw status numbered`.
  • Allow from a specific IP: `sudo ufw allow from 192.168.1.100`
  • Allow a specific port from a specific IP: `sudo ufw allow from 192.168.1.100 to any port 22`

Conclusion

Computer security is a dynamic and essential field aimed at protecting digital assets and systems. Implementing strong access controls, utilizing encryption, deploying firewalls, maintaining current software, and educating users are key practices in building a robust security posture against the ever-present threats in the digital landscape.

See also


External links

Retrieved from "https://wiki.pulsedmedia.com/index.php?title=Computer_security&oldid=1002843"