Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
9 views4 pages

Computer Security Notes

Computer Security, or Cybersecurity, focuses on protecting systems and data from unauthorized access and attacks, guided by the CIA Triad: Confidentiality, Integrity, and Availability. Key threats include malware, phishing, and denial-of-service attacks, with various defense mechanisms such as authentication, encryption, and firewalls. Best practices for security involve using strong passwords, enabling multi-factor authentication, and conducting regular security audits.

Uploaded by

online school
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views4 pages

Computer Security Notes

Computer Security, or Cybersecurity, focuses on protecting systems and data from unauthorized access and attacks, guided by the CIA Triad: Confidentiality, Integrity, and Availability. Key threats include malware, phishing, and denial-of-service attacks, with various defense mechanisms such as authentication, encryption, and firewalls. Best practices for security involve using strong passwords, enabling multi-factor authentication, and conducting regular security audits.

Uploaded by

online school
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Computer Security Notes

1. Introduction to Computer Security


Computer Security (Cybersecurity) refers to protecting computer systems,
networks, and data from unauthorized access, attacks, and damage.

Key Objectives (CIA Triad):

 Confidentiality – Ensuring only authorized users can access data.


 Integrity – Preventing unauthorized modification of data.
 Availability – Ensuring systems and data are accessible when needed.

Types of Threats:

 Malware (Viruses, Worms, Trojans, Ransomware)


 Phishing & Social Engineering
 Denial-of-Service (DoS/DDoS) Attacks
 Man-in-the-Middle (MITM) Attacks
 SQL Injection & Cross-Site Scripting (XSS)
 Zero-Day Exploits

2. Security Principles & Mechanisms


A. Authentication vs. Authorization

Authentication Authorization

Verifies identity (e.g., passwords, biometrics) Determines access rights (e.g., user roles)

B. Encryption

 Symmetric Encryption (Same key for encryption & decryption, e.g., AES)
 Asymmetric Encryption (Public & private keys, e.g., RSA)

C. Firewalls & IDS/IPS


 Firewall – Blocks unauthorized network traffic.
 Intrusion Detection System (IDS) – Monitors for suspicious activity.
 Intrusion Prevention System (IPS) – Blocks detected threats.

D. Access Control Models

 Discretionary Access Control (DAC) – Owner decides access.


 Mandatory Access Control (MAC) – System-enforced access (e.g., military).
 Role-Based Access Control (RBAC) – Access based on user roles.

3. Common Cyber Attacks & Defenses


A. Malware Attacks

Type Description Prevention

Virus Attaches to files & spreads Antivirus, regular scans

Worm Self-replicating malware Patch management

Trojan Disguised as legitimate software Avoid untrusted downloads

Ransomware Encrypts files for ransom Backup data, update systems

B. Phishing & Social Engineering

 Phishing – Fake emails/websites tricking users into revealing data.


 Spear Phishing – Targeted phishing attack.
 Prevention: Email filtering, user awareness training.

C. Denial-of-Service (DoS/DDoS)

 Overwhelms a system with traffic to make it unavailable.


 Defense: Traffic filtering, cloud-based DDoS protection.

D. SQL Injection & XSS

 SQL Injection – Exploits database queries via input fields.


 Cross-Site Scripting (XSS) – Injects malicious scripts into web pages.
 Prevention: Input validation, parameterized queries.

4. Network Security
A. Secure Protocols

Protocol Use Case Security Feature

HTTPS Secure web browsing SSL/TLS encryption

SSH Secure remote login Encrypted communication

VPN Secure remote access Encrypted tunnel

B. Wireless Security

 WEP (Weak, avoid)


 WPA/WPA2 (Better security)
 WPA3 (Most secure)

C. Network Hardening

 Disable unused ports & services.


 Use strong passwords & multi-factor authentication (MFA).
 Regularly update firmware & software.

5. Best Practices for Security


A. For Users:

✔ Use strong, unique passwords & a password manager.


✔ Enable Multi-Factor Authentication (MFA).
✔ Avoid clicking suspicious links/downloads.
✔ Regularly update software & OS.

B. For Organizations:

✔ Conduct security audits & penetration testing.


✔ Implement firewalls, IDS/IPS, and endpoint protection.
✔ Train employees on security awareness.
✔ Maintain regular backups (3-2-1 rule: 3 copies, 2 media types, 1 offsite).

6. Emerging Security Trends


 Zero Trust Security – "Never trust, always verify."
 AI in Cybersecurity – Detecting threats using machine learning.
 Quantum Cryptography – Future-proof encryption against quantum attacks.

Conclusion

Computer security is essential to protect data and systems from evolving threats. By
following best practices, using encryption, and staying updated on threats,
individuals and organizations can reduce risks significantly.

� Stay Secure! �

You might also like