Chioma Francisca Nwabuaju

Security issues in Computer field: Introduction: Computer security can either be called cyber security or IT security; whereas information is necessary to be kept safe from hardware & software damage, theft, disruption or misdirection. Security may include the control of access to hardware, malware injection, tricked and accidental malpractice by operators. Hence, network security management is the act of building a barrier to prevent an unauthorized entry that compromise networks. Network security is of utmost significance because it enables network designing, planning, building and operating of strong network policies. In order to achieve a secure network, accessibility, confidentiality, authentication, integrity, and non-repudiation must be considered (Intel Corporation, 2019). Networking security plan can’t be developed without security issues, potential attacks, understanding of the needed level of security, factors that can make the network vulnerable. As computer technology advances, new hacking techniques are been utilized to penetrate networks, that’s why network providers are advised to understand security issues and current information related to network security. Wright (2009) relates different types of attacks such as passive, active, distributed, insider, close-in attack, spyware attack, phishing, hijack, spoof, password attack, butter overflow & exploit attack. Description of security problems: Computer security problems started in the 20th century, half of the present computer age with privacy being the most critically violated; since then the maintenance of personal & community information has become a major challenge. A rule of law follows suit to keep records of privacy information, activities and legal collection of data & storage. The legal involvement causes a bridge between legal & social problems; whether legal permission is granted in the record-keeping system and when it becomes a social threat. Recently, we do regards computer security as a procedural & technical measure needed to prevent unauthorized access, illegal modification & use, dissemination of data stored or processed within a computer system. Computer security laws were made to prevent deliberate denial of service and protect the system entirely from physical & virtual harm. However, the need for access control according to (Baran, 1965), will enable time-sharing and multi-programming of multiple users, without other interference. Richard Ruggles (1965), discussed privacy and security problems in the early 1960s using the National Data Bank statistics units in the USA. This privacy issue compromised personal privacy & freedom; with congressional hearings, testimonies and possible societal change in legislation concerning system privacy & security. Security issues: A security issue normally starts as a minor task known as “Passive attack”, whereby unencrypted traffic is monitored for sensitive clear-text password and sensitive information. This traffic analysis or communication channel by unauthorized hacker reveals unprotected communication and capture authenticated information like password & data file of the user. A passive attack is quite different from an active attack because an attacker using the later method will try a bypass or break into a secured system by attempting to compromise protected features using malicious code or steal and modify information. An active attacker can also use a mounted network backbone against the user to exploit information electronically, in turn, to disseminate data files, Dos or modify non-disclosure documents. Trojan horse is sometimes used by distributed attackers as a back-door program, with trusted components or software to modify hardware or software. Most cyber-security issues include the introduction of an insider attack that comes with corporate data from services such as Dropbox and BYOD programs. (Padmavathi, 2009) Most network users have complained about the activities of a close-in attacker, who attempt to use its physical proximity to network to deny access, modify, gather or reveal information. This method of security issue is regarded as a social engineering attack while spyware attack involves the monitoring of online activities or install programs. Different from the mentioned network attacks above, phishing attack enables hackers to create a fake website that looks similar to the original popular sites like PayPal or mobile payment site; in turn to deceive users to click the fake site and make payment into wrong accounts. Social engineering security issues have confessed that hijack attackers are complex & smart enough to hack, divert or discover multiple users in a communication channel. Spoof attack leads to source address modification and sending of packet data to another user and bypassing users' firewalls. (Adeyinka, 2008) advised users to avoid password attacks by using an alphanumeric combination since attackers use three types of password attacks such as dictionary attack, brute-force, and a hybrid attack. The dictionary attack includes word listed files while the brute-force involves possible character combination trials. Buffer overflow security issue enables attackers to gain access to an administrative location using a brute-force attack. When the attacker understands the security problems in the operating system, they tend to exploit it due to its high level of vulnerabilities. Vulnerabilities & attacks: The increase in the development of smart devices, phones, TVs, computers, Bluetooth, wifi and wireless networks makes the common vulnerabilities and exposure database the most popular network group that manages cyclical practice & identification of problems, classifying, remediating and mitigating problems. Such vulnerabilities include backdoor issues whereas cryptosystem or algorithms are made-up by malicious attackers. Denial of service attack is deployed by attackers to make the system unavailable to users and systems are vulnerable if their password is weak or when they use a single IP address; which can be blocked using a botnet.  However, users can also be vulnerable to direct-access attacks that compromise the security of their operating system; causing the installation of worms, key loggers or listening devices. Eavesdropping is an act that makes the computer system vulnerable between hosts on the network and the tapped listener. Private conversation can be legally tapped by the FBI for investigation purposes via an electro-magnetic transmission generated by the hardware.  Tempest is specified as NSA referring to this form of attack. Tampering can also be referred to as an “Evil Maid” attack because of attackers' intention to modify or plant surveillance routers to the system. Most users escalate their privileged usage by causing issues known as “privilege escalation” by having full unrestricted access even when they’re not given such access. Clickjacking according to (Matt, 2004) involves a malicious technique used to trick users to click button or link to another webpage in order to give the attack multiple privileges to gain access. Financial systems are also known to be vulnerable, due to online mobile banking, use of credit card numbers; making it prominent hacking the most targeted hotspot for attackers. The recent boom in purchasing & money transfer has made the payment system black market to thrive with customer’s illegally purchasing customer account data & pins.  Cyber-security issues: Cyber-security implications are relevant in different disciples as security problems standing as threat parameters to individuals & organizations using computing to provide direct services to customers. Cyber-security mainstream relates individual behavior towards information systems in a non-working environment, employee’s behavior towards information security at workplace and organization information system security policy (ISSP).  Cyber-security parameters identify threats, vulnerabilities, and access to risk. Some cyber-security attacks include denial of service attacks (DOS), remote to local attacks (R2L), the user to root attack, probing, attacks detection strategies, signature-based approach, misuse, cyber terrorism, and reconnaissance attacks.  Quist and Valsmith (2007) discussed attackers' involvement in sending packets to the machine over the network to exploit its vulnerability. User to Root attacks involves the initiation of access to moderate user’s account and expands such vulnerabilities. (Sternstein, 2013) states that probing includes network scanning to gather information and discover vulnerabilities to attack the system. Attacks detection strategies enable attackers to use a modernized detection system to monitor host computers and their linked networks.  The mishandling of the signature-based model from the anti-virus software, whereby attackers can analyze and structure attacks using data logs.  Employees are warned by (Chang, 2012) against the misuse of signature recognition which makes the system vulnerable; when discovered by intruders. Reconnaissance attack involves an unauthorized detection or mapping of the system to steal data while cyber terrorism as a 21st-century threat involves national network attacks by military organizations against other nations. Some attackers also attack the MANET and WSN by slowing or stopping the flow of information between the nodes and preventing sensors from detecting or transmitting information through the network.  Technologies that provide security networks in computer fields: Different defense & detection mechanisms as emerged as a counter-protection against the aforementioned security attacks. The cryptographic system is very useful, widely acceptable and involves the use of codes & ciphers to transform information. We are all aware of the use of firewalls as the typical border of protection & control mechanism for blocking illegal traffics. This network protection model has been used as a frontline defense mechanism against intruders, which is implemented with the use of both hardware & software. Firewall sometimes is referred to as a machine to filters IP packet level, TCP session-level & application level to determine its essentiality while blocking the intruding packets.  Most companies are taking security seriously by driving security to the hardware level using multiple platform components, processor, chipset, and network interface controllers. These technologies are expected to offer low-level building blocks that secure high performing network infrastructure and sustain security systems. Such networks include virtualization technology trusted execution technology and quick assist technology. The use of intrusion detection systems (IDS) has enabled the protection of users and computer intrusions; using software & hardware devices.  Network security experts referred to IDS as typical antivirus software that detects intrusion in corporate and government organizational networks. Malware software such as viruses, worms, and Trojan horses are prevented using Anti-malware software and scanner tools; whilst secure socket layer (SSL) suite protocol has a unique standard for creating security between web browsers and a website. SSL provides a secured tunnel or channel for web browser & server to inter-exchange information and also supports the client’s authentication to the server through the use of certificates. This certificate enables the server to recognize the clients and proves its identity. Dynamic endpoint model is another model with quick action taking device, which helps users to detect changes in network; especially flaws & network abnormalities.  Mobile biometric has been implemented in recent times to play a huge role in user authentication to network services. Its dedicated features can be seen in personal technologies such as iPhones and androids finger scans and facial recognition.  Advanced network security policies: Security intelligent networks discussed how to make security in the cloud environment using Intel trust execution technology (Intel TXT) as an example of improved flexibility and efficient IT resource used to control platform against hypervisor, firmware, BIOS, system-level attacks in virtual & cloud computing. This device can enforce integrity checks before launching any software and enforces control over measurement, memory locking and sealing secret data.  Network security organization added Zero- trust segmentation adoption, developed by Forrester research to monitor data possibility to detect file potential threat. This system verifies traffics by inspecting, logging, reviewing and never trusting even the inside operations; because hackers can design systems in & out; it assumes all attempt are vulnerable until trusted interfaces, applications, traffics, networks or users has proven it otherwise by the use of user verification model.  According to (Hondius, 1975)trend micro threat management service delivers micro smart protection to network against recent evolving multi-layered threats by providing real-time protection to the cloud and blocking threats from companies and PCs. It has a micro solution service that is inter-based which checks URLs, emails, files against continuous updates or threats to databases.   Privacy Act of 1974, discloses smart protection networks that work against a global network of intelligence technology threats using sensors to deliver complex protection against such threats, malicious files, spam, phishing, web threats, denial of service attacks, web vulnerabilities & data loss. This micro smart protection network has an incorporated cloud reputation and patent-pending integration which reduces reliance on patterns of file downloads removes delays in system updates and benefits business with its increased network bandwidth, reduced processing power and minimized cost.  Big data as advanced protection against the threat: Big data makes use of specialized technologies and methods to collect, coordinate, summarize, analyze & store massive amounts of data. it stores related data to uncover insights and leverage data information for security purposes. Cloud Security Alliance in Big Data Analytics foresees the future of big data analytics in improving information security and situational awareness. He confirmed that big data analytics can be utilized to analyze financial transactions, file logs, network traffics to identify anomalies and suspicious activities. Other research proves a correlation between multiple sources of information and how data are drivers for security detection of fraud in the bank, healthcare, insurance, etc.  Cyber-ethics: (Seamus,2004) defined cyber ethics as the conduct of code of the internet for practicing correct protection and prevention and making use of the system legitimately.  The first ethic is to communicate and interact with people, family, friends, and members of a community or nation, without malicious practice. The second is to see the internet as a measured source of leading world library with diverse topics, which must be used properly and legally. Thirdly, is to enable people to operate personal information with care, correct use of passwords and avoid a deliberate personal user data breach. Fourthly, is to avoid the practice of sending malware to other systems and practice of fraudulent or damage to users or computer systems. Fifth ethics warns users to avoid the share of personal details to another individual or opportunist behavior. The sixth ethic is to avoid impersonation or fake account creation and lastly is to adhere to copyright information, in regards to maintaining data, downloading of games, videos, and other permissible documents.  Conclusion: With more diverse technologies and IoT trending in recent times, security has become the overall concern of users and experts, who view it as an important topic; due to an alarming increase in the security breach, risk, and network issues and data compromise. The key to success in building a secured network depends on hardware or software which time and usage determine the success of its implementation. With time, everything that goes through the network may be due for compromise and respect for a policy depends on legal actions willing to be taken by the affected party. In the scenarios where the identity of the offender remains undisclosed, the security attack policies may fall behind. Though there are hops that different built systems and upcoming network protocols may help to minimize threats and technology advancement using the trending micro security mechanisms and big data will subdue penetration.    Reference: Adeyinka, O., "Internet Attack Methods and Internet Security Technology," Modeling & Simulation, 2008.AICMS 08. Second Asia International Conference on, vol., no., pp.77‐82, 13‐15 May 2008. Bishop, Matt (2004). Introduction to Computer Security. Addison Wesley Professional. ISBN- Chang, L. Y. C. (2012). Cybercrime in the Greater China Region: Regulatory responses and crime prevention across the Taiwan Strait . Cheltenham: Edward Elgar Publishing. D. Quist and Valsmith “Covert Debugging Circumventing Software Armoring Techniques, ”Presented at Black Hat USA 2007. Dr. G. Padmavathi, Mrs. D. Shanmugapriya, ―A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks ‖, (IJCSIS) International Journal of Computer Science and Information Security, Vol. 4, No. 1 & 2, 2009. F. W. Hondius, Emerging Data Protection in Europe, North-Holland Publishing Company, Amsterdam, 1975. P. Baran, Communications, Computers and People, The Rand Corporation, Santa Monica, California, P-3822, Aprill 1968. Privacy Act of 1974, Title 5, US Code, Section 1681. Seamus O Clardhuanin , An Extended Model of Cybercrime Investigations, International Journal of Digital Evidence, Summer 2004, Vol 3, Issue 1. 2004. Sternstein, “Pentagon Disconnects iPhone, Android Security Service, Forcing a Return to BlackBerry for Some,” Presented at NextGov, Dec. 3, 2013. Wright, Joe; Jim Harmening (2009) "15" Computer and Information Security Handbook Morgan Kaufmann Publications Elsevier Inc p. 257. Links: Predictions and Trends for Information, Computer and Network Security [Online] available: http://www.sans.edu/research/security-laboratory/article/2140 A White Paper, ―Securing the Intelligent Network‖, powered by Intel Corporation, Network Security [Online] available: http://en.wikipedia.org/wiki/Network_security. Securing the Intelligent Network [Online] available: http://www.trendmicro.co.in/cloud-content/us/pdfs/security-intelligence/white-papers/wp_idc_network-overwatch-layer_threat-mngmt.pdf Network security needs big data [Online] available:http://www.computerworld.com/article/-/network-security-needs-big-data.html. Trend Micro™ Smart Protection Network™ Security Made Smarter [Online] available: http://la.trendmicro.com/media/wp/smart-protection-network-whitepaper-en.pdf.