Below is a copy of an essay I wrote this session regarding computer security. I hope you enjoy it.

It is well known that computer security is not limited to companies or large organizations. Though it is more likely that companies would suffer some sort of attack or security breach with their networked computer resources either internally or externally, however, any computer device that is connected to a network or the internet faces the same risks of attacks or security breaches. It is wise to have all your devices secure and follow proper security protocols to help limit the potential risk of attacks. Potential security threats on a personal computer or internet connected device can include but are not limited to are Viruses, Trojan Horses, Worms (Conklin, White, Williams, Davis, & Cothren, 2010), zero day exploits, ping sweeps (Wikipedia, 2013) (SolarWinds), port scans, and man in the middle attacks.

Although a regular computer connected to the internet may not exhibit the same probability of an attack occurring, the risk is there and the computer user should practice as many security techniques as possible to thwart those attacks on their own computer or internet connected attack. The first technique for anyone who uses a computer on the internet should make sure their device is running the most up to date security patches (Wikipedia, Windows Update, 2014), firewall rules, Anti-virus/anti-malware rules and software patches (Wikipedia, Patch (computing), 2014).

Having your computer up to date and running the appropriate computer software is paramount to being as secure as possible online. Utilizing security patches and software updates helps minimize the risks of Virus’s, Trojan Horses, Worms, zero day exploits, ping sweeps and port scans. These are the first techniques an attacker could employ to gain access to private data on the computer system or network. This is considered the reconnaissance portion of attack where the attacker will try to gather as much information as possible to gain entry into the device or network. Utilizing software on the device can help prevent the attacker from seeing its target or deterring the attacker from continuing on with their attack.

The next technique to help minimize the risk of being attacked would be to employ the appropriate network level security measures. This includes having at minimum a decent network based firewall to help stop threats from outside sources from entering your network (Cisco Systems, 2014). Firewalls not only filter good traffic from bad traffic, depending on the software it is running they can help identify and prevent attacks from happening on the network layer. These types of devices are called intrusion detection systems or intrusion prevention systems (Wikipedia, 2014) which monitor the network traffic and if traffic patterns match a known attack it can stop it right away and notify the user.

These systems are great, however, if the user is not utilizing proper security protocols such as using strong passwords, rotating their passwords every couple of weeks to months and verifying that the resources they are using over the internet are valid, the user may still get their network or device attacked and breached  (Foundation, 2014). If you want to take that one step further, you can save your data on an encrypted hard drive or file system to ensure only select Individuals have access to those files and if you need to transmit them the encrypted form is harder to break than data that is being sent in plain text. This leads to the most common type of attack, where a user is unaware that the resource they are using is not valid, would be a man in the middle attack. (Foundation, 2014). This occurs when the user’s data is redirected to a resource that looks and feels like a valid resource and the data is being examined, spoofed and exchanged for the attacker to get the data they need.

In this case it is helpful to understand how data is transmitted to and from one network to another network and how to test the validity of the resource. If it is a website online, it is best to verify the identity by making sure the site is using HTTPS and verifying that the certificate that is being issued is valid. This is done by utilizing the Public Key Infrastructure system and it helps reduce the risks of Man in the middle attacks (Wikipedia, Public Key Infrastructure, 2014) and helps ensure data is transmitted over a secure line instead of being out in the open.

In summation, it is wise to practice as many security protocols as possible to help minimize the risks of being a target of an attacker. Essentially, knowledge is the best tool to achieve this. Knowing the best practices and how the basic forms of an attack can occur and happen is the best way to help ensure your data is secure. If you are using a company computer, you follow the security policies and procedures the organization is requesting. How about using that knowledge on your own computer and network? It doesn’t cost that much to make sure your computer is fully updated, security software is installed with the appropriate patches and ensuring that your passwords are strong and rotated. Using common sense and the resources available you can greatly minimize the risk.  As Benjamin Franklin said “An ounce of prevention is worth a pound of cure.” This simply means take the time and resources to protect yourself and your data now then for a security attack which can cause headaches and money spent in the future.

Bibliography

Cisco Systems. (2014, July 19). Benefits of Firewalls. Retrieved from Cisco.com: http://www.cisco.com/c/en/us/products/security/firewalls/index.html#~three

Conklin, W. A., White, G., Williams, D., Davis, R., & Cothren, C. (2010). Principles of Computer Security CompTIA Security+ and Beyond 2nd eddition. New York: McGraw Hill.

Foundation, W. (2014, July 8). Man-in-the-middle attack. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Man-in-the-middle_attack

Lyon, G. (n.d.). Free Security Scanner For Network Exploration & Security Audits. Retrieved from Nmap.org: http://nmap.org/

SolarWinds. (n.d.). Engineer’s Toolset (Ping Sweep). Retrieved from SolarWinds: http://www.solarwinds.com/engineers-toolset/ping-sweep.aspx#gotabs

Wikipedia. (2013, November 10). Ping Sweep. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Ping_sweep

Wikipedia. (2014, June 16). Intrustion Prevention System. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Intrusion_prevention_system

Wikipedia. (2014, July 8). Patch (computing). Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Patch_(computing)

Wikipedia. (2014, July 14). Public Key Infrastructure. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Public_key_infrastructure

Wikipedia. (2014, July 19). Windows Update. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Windows_Update