Computer security is the freedom from theft of or damage to hardware, software, or information, and from disruption or misdirection of services.
Protection is the set of mechanisms and policies that guarantee computer security, including the confidentiality, integrity, availability, and authenticity of all data and services.
Common types of compromised computer security
- Information disclosure
- Information modification
- Information destruction (file deletion or hardware destruction)
- Unauthorized use
- Denial of service
- User deception
Attacks may come from inside and organization or from outside. Common inside attacks are:
- Logic Bomb
- Back Door
- Information leaking
- Login spoofing – (if done on the web this is typically called phishing)
Often a computer’s greatest weakness is the user using it. Thus they need to be trained on basic computer security such as not providing login/passwords over email, phone, etc. How to spot a phishing attack, and many other levels of protection.
A buffer overflow attack is a technique that exploits the fact that many programs do not check for array overflow, allowing an attacker to overwrite portions of memory beyond the legitimate scope of an input buffer.
A worm is an unauthorized program, which exploits one or more systems weaknesses to spawn copies of itself on other systems via computer networks.
A sandbox is a small area of memory within which a program may execute and which guarantees that the program cannot access and jump to any location outside of the designated area. This has become a popular technique in modern OSes even for every day applications. It can reduce a program crash taking out a whole system, and protects against some attacks.
Security Goals and Threats was originally found on Access 2 Learn
