Fundamentals of Computer Security

Prepared by: Computer Security Section, WSCSD ITMS

www.itms.pnp.gov.ph
 COMPUTER SECURITY
ESSENTIAL TERMINOLOGIES
THREAT EXPLOIT VULNERABILITY
An action or event that Existence of a weakness,
has the potential to A defined way to design or implementation
compromise and/or breach the security of error that can lead to an
violate security an IT system through unexpected, undesirable
vulnerability event compromising the
security of a system

CRACKER, ATTACKER, or ATTACK DATA THEFT

INTRUDER
Any action derived
An individual who from intelligent threats Any action of stealing
breaks into computer to violate the security the information from
systems in order to of the system the users’ systems
steal, change, or
destroy information
www.itms.pnp.gov.ph
 ABOUT COMPUTER SECURITY

Computer Users should

Security is a security refers to focus on various
state of well- the protection of security threats
being of computer and
information and systems and the countermeasures
infrastructure information a in order to protect
user stores or their information
processes assets

www.itms.pnp.gov.ph
 Why Computer Security?
Computer Security is important for protecting the
confidentiality, integrity, and availability of computer systems
and their resources.

Computer administration and management have become more

complex which produces more attack avenues.

Evolution of technology has focused on the ease of

use while the skill level needed for exploits has
decreased.

Network environments and network-based

applications provide more attack paths.

www.itms.pnp.gov.ph
 Potential Losses Due to
Computer Security Attacks

Misuse of computer
resources Financial loss

Data loss/theft Unavailability of

resources

Loss of trust Identity theft

www.itms.pnp.gov.ph
 ELEMENTS OF SECURITY
Authenticity is “the
identification and
assurance of the origin of
information”
Availability is “ensuring that the
information is accessible to authorized
persons when required without delay”

Non-
Confidentiality Authenticity Integrity Availability
repudiation

Confidentiality is Integrity is “ensuring Non-repudiation is “ensuring

“ensuring that information that the information is that a party to a contract or a
is accessible only to accurate, complete, communication cannot deny
those authorized to have reliable, and is in its the authenticity of their
access” (ISO-17799) original form” signature on a document”

www.itms.pnp.gov.ph
 THE SECURITY, FUNCTIONALITY, AND
EASE OF USE TRIANGLE
• Applications/software products by default are preconfigured for ease of use, which
makes the user vulnerable to various security flaws
• Similarly, increased functionality (features) in an application make it difficult to use in
addition to being less secure

Security
Moving the ball toward security
means moving away from the (Restrictions)
functionality and ease of use

Functionality
Ease of Use
(Features)
www.itms.pnp.gov.ph
 Fundamental Concepts of
Computer Security
PRECAUTION

Adhering to the preventive measures while using computer system

and applications

MAINTENANCE

Managing all the changes in the computer applications and keeping

them up to date

REACTION

Acting timely when security incidents occur

www.itms.pnp.gov.ph
 LAYERS OF COMPUTER SECURITY
Ensures that a valid user is logged in and that the
LAYER 5:
logged-in user is allowed to use an
User Security application/program
Covers the use of software, hardware and
LAYER 4:
procedural methods to protect applications from
Application Security external threats
LAYER 3: Protects the system and its information from theft,
System Security corruption, unauthorized access, or misuse

LAYER 2: Protects the networks and their services from

Network Security unauthorized modification, destruction, or disclosure

LAYER 1: Safeguards the personnel, hardware, programs,

Physical Security networks, and data from physical threats

www.itms.pnp.gov.ph
 Computer Security Risks to Home Users
• Home computers are prone to various cyber attacks as they provide attackers easy
targets due to a low level of security awareness
• Security risk to home users arise from various computer attacks and accidents
causing physical damage to computer systems

Computer Attacks
• Malware attacks
Computer Accidents • Email attacks
• Mobile code (Java/JavaScript/ActiveX)
attacks
• Hard disk or other component failures
• Denial of service and cross-site scripting
• Power failure and surges attacks
• Identity theft and computer frauds
• Theft of a computing device
• Packet sniffing
• Being an intermediary for another attack
(zombies)
www.itms.pnp.gov.ph
 WHAT TO SECURE IN RELATION
TO COMPUTER SECURITY?

INFORMATION
HARDWARE
Personal
Laptops, Desktop identification such
PCs, CPU, hard as Social Security
disk, storage Number (SSN),
devices, cables, etc SOFTWARE passwords, credit
card numbers, etc
Operating COMMUNICATIONS
system and Emails, instant
software messengers, and
applications browsing activities

www.itms.pnp.gov.ph
 WHAT MAKES A HOME COMPUTER VULNERABLE??

LOW LEVEL OF INCREASING

SECURITY ONLINE
AWARENESS ACTIVITIES

NONE OR VERY NOT FOLLOWING

LITTLE ANY STANDARD
INVESTMENT IN SECURITY
SECURITY DEFAULT POLICIES OR
SYSTEMS COMPUTER GUIDELINES
AND
APPLICATION
SETTINGS

www.itms.pnp.gov.ph
 WHAT MAKES A COMPUTER
SYSTEM SECURE?
SYSTEM ACCESS DATA ACCESS CONTROLS
CONTROLS • Monitor system activities such as who
is accessing the data and for what
• Ensure that unauthorized users do not get
purpose
into the system
• Define access rules based on the
• Force legal users to be conscious about
system security levels
security

SYSTEM AND SECURITY SYSTEM DESIGN

ADMINISTRATION
• Deploy various security characteristics in
• Perform regular system and security system hardware and software design such
administration tasks such as configuring as memory segmentation, privilege
system settings, implementing security isolation, etc.
policies, monitoring system state, etc.
www.itms.pnp.gov.ph
 BENEFITS OF COMPUTER
SECURITY AWARENESS

Computer Security It helps users to protect It helps users minimize

Awareness helps sensitive information losses in case of an
minimize the and computing accident that causes
chance of resources from physical damage to
computer attacks. unauthorized access computer systems

It helps prevent the It helps users to prevent

loss of information cybercriminals from using
stored on the their systems in order to
systems launch attacks on the
other computer systems

www.itms.pnp.gov.ph
 COMPUTER SECURITY THINGS
TO REMEMBER
• Security is a state of well-being of information and infrastructures

• Computer security is the protection of computing systems and the

data that they store or access

• Confidentiality, integrity, non-repudiation, authenticity, and availability

are the elements of security

• Security risk to home users arise from various computer attacks and
accidents causing physical damage to computer systems

• Computer security awareness helps minimize the chances of

computer attacks and prevent the loss of information stored on the
systems

www.itms.pnp.gov.ph
 BASIC COMPUTER
SECURITY CHECKLIST
 Use of strong passwords
 Use of anti-virus systems
 Regular update of operating system and other installed applications
 Regular backup of important files
 Use of encryption techniques and digital signatures
 Use of firewall and intrusion detection systems
 Following standard guidelines for internet activities
 Physical security of computing infrastructure
 Awareness of current security scenario and attack techniques

www.itms.pnp.gov.ph
 ITMS WSCSD
7230404 loc 4225
wscsditms@pnp.gov.ph

www.itms.pnp.gov.ph