Skip to main content
Updated date:

An Overview of IT Security

Dan earned his CompTIA (CIOS) certification in 2010 and worked in the computer repair/networking industry for several years.

an-overview-of-it-security

Movies such as Hackers (1995) and War Games (1983) have done a good job capturing the attention of computer users who were otherwise oblivious to certain issues regarding computer security. Not only have the cult films pricked the curiosity of individuals, but they have enticed a generation of youngsters and various other thrill-seekers who have since ventured out to understand and tinker with computers—some of them just for fun—others, to commit various types of computer-based fraud.

However, illegal computer hacking is not a new concept. It has a relatively long history which should give pause to anybody using a computer for mission-critical tasks such as online banking, storage, and processing of private data—such as patient health care data, or any other task where entered information should be kept private. Where the potential for computer hacking exists, usually there are standards, rules, and guidelines to counteract or mitigate it.

Cybercrime

The definition of cybercrime varies depending on who's asked, but generally, it refers to unauthorized access of computers or networks with the end goal of stealing data (the data-theft industry is lucrative), stealing money, disabling computer systems, or even for political-propaganda purposes.

Sometimes unauthorized access is carried out via the internet. The technicalities of how this is done vary depending on the hacker's goal and security posture of the systems attacked—some systems are much better maintained and secured than others, therefore, the relatively weak security of some systems can and often get referred to by the hacker community as a "joke."

Whatever the case, the more secure systems are, the more time it takes to penetrate and hack them—hackers can and often do weigh the perceived benefits of an attack against the risk and effort required to carry it out.

IT Security Versus Convenience

Generally speaking, the more security there is on a computer, the less user-friendly it is. If, for example, in addition to setting a login password, software-type encryption is added, there would be more latency when in use. This is because the device's CPU usage and RAM memory must be divided among the different tasks being done—encryption and decryption of files use those resources.

Consider now that most computing devices use some form of antivirus software—several processes done on computers are filtered through antivirus software, which also uses the CPU and RAM memory. Furthermore, when surfing the internet, many people use add-ons or extensions in their browsers—such as Firefox, Microsoft Edge, or Safari—for convenience and various tasks. These extensions can not only slow down the internet experience but also open up potential security loopholes for hackers to exploit.

In general, the more software that is installed on a computer, the more susceptible it is to being hacked. When computing devices are "hardened" in order to make them more secure, one of the techniques for doing this is uninstalling unneeded software, even though the software may be convenient in some fashion. There is always a trade-off between security and convenience, and there are many more facets to this subject than mentioned here.

Physical Security in IT

Sitting directly in front of a computer while hacking into it would make a hacker's day. Having direct access to a computer—not over the internet or network—removes several obstacles that hackers must commonly circumvent for a successful attack. For example, if a hacker wanted access to a corporation employee's computer and the opportunity arose for obtaining direct access, the hacker would have the advantage of working around NAT (network address translation), routers, hardware firewall settings, content filters, and miscellaneous operating system network security settings.

Merely having to obtain a password and, perhaps, one other factor of authentication, takes away much of the hacker's burden—and sometimes logging into a computer with physical access isn't necessary—all a hacker must do is find a way to copy files off (or to) the internal data storage device. Therefore, not only are computer/network security settings important but so are physical security implementations such as video surveillance, alarms, door locks, locked closets (where servers may be installed), or security guards.

Common Sense IT Security

Computers are generally designed to be extensions of the way people operate and think. Criminals know this and organize their attacks accordingly. Before the advent of high-speed internet, people received promotional offers for goods and services primarily in the mail.

But now since fast internet makes data transfer and communication easier, cybercriminals masquerading as legitimate businesses or free services can manipulate needful computer users into downloading certain kinds of software—much in the same way that mail scams were (and still are) done.

For example, people using computers want them running smoothly, so hackers commonly set up appealing websites where maintenance or antivirus software is provided. The downloaded software actually has hidden malicious software in it. This type of malicious software is known as a trojan horse—so named because of the appealing horse statue in the mythical Trojan war that brought down the city of Troy.

When the appealing software is installed (the Trojan-horse), malicious software is installed unseen and does whatever the hacker programmed it to do—which can be a variety of things. The key takeaway here is to use common sense—don't accept offers or install software from sources that cannot be verified by trusted third parties or a community of known users.

Carefully choosing which websites to surf on, and running ad blockers, can also serve as threat mitigation. Ad exploitation is perhaps as equally dangerous as inadvertent installation of trojan horse viruses. Computer hackers have the ability to compromise ads—even those displayed on legitimate websites—so that when they are clicked, known security vulnerabilities on the computer accessing the ads are exploited.

Perhaps it's best to do all mission-critical type work on a computer separate from your play computer. Tempting pop-up ads are indeed a danger, but drive-by-downloads are perhaps even more dangerous—taking advantage of vulnerabilities in a computer by the automated installation of malicious software via compromised websites. Mitigation of such a technique can be complex.

Antivirus Suites

These are generally necessary although tend to be over-trusted. Computer users feel secure that reputable virus-fighting software is watching over their systems, but antivirus suites should be considered a back-of-the-line type defense. Although antivirus software has become more advanced and provides more than mere database protection—where the antivirus checks its database against data on the system being checked—there are other necessary security facets that should be considered.

As said, careful vetting of software installed on a device should be carried out as antivirus software is not always effective. In addition, physical security should be carefully weighed and care should be taken about where devices are left—especially mobile devices. More than one password should be used across multiple accounts—for example, never use an e-Mail password as the password for an internet chat forum, or bank account. Lastly, changing passwords should be done on a routine basis, and if accounts are suspected to be compromised.

IT Security Education

There are many internet resources including blogs, articles, and books that teach basic security ideology and industry standards. Subscribing to blog site news feeds can even help keep computer users up-to-date regarding security trends and the latest threats. However, many do not take advantage of the resources.

In fact, they can go for years without incident and become complacent. It's been said that complacency itself is a major security hole. One day a computer is turned on only to find that mission-critical files have been compromised or some other calamity has occurred, such as a ransomware attack.

If a computer network is generally too burdensome to handle, hiring managed service providers can help take the load off. Helpful is available. Go get it.

This content reflects the personal opinions of the author. It is accurate and true to the best of the author’s knowledge and should not be substituted for impartial fact or advice in legal, political, or personal matters.

© 2021 Dan Martino

Related Articles