Today, even regular users should be careful and obsessive about security issues so that they can protect their information security on different devices and their privacy. In this article, we will focus on different aspects of security issues. So, we first examine the security requirements, and then we will go over what we need to protect against whom and by what methods.
Security goals and requirements
All security measures try to protect your information with four primary goals: Confidentiality, Integrity, availability, and Authenticity.
- Confidentiality: Contrary to what is sometimes in the minds of users, information must remain hidden unless one or more users have to access them. In other words, the data should be confidential unless the owner of the information wants to allow certain people to view or edit them for some reason. As a result, the data will only be accessible to specific users, thus protecting information from unauthorized persons.
- Integrity: Information should be immune from any unauthorized manipulation. In other words, no unauthorized user should be able to edit and change the content of the information. Editing the data involves changing the content of the data, deleting it, moving it, or adding false data to the original content.
- Availability: Information should always be available for people who are authorized to access it. Various security measures are trying to prevent actions that disrupt access to information or make data unusable. In this way, unauthorized users can't interfere with the function of the system, so that it refuses to deliver proper service to authorized users (Denial of Service).
- Authenticity: In the area of information security, the credibility of the information itself as well as the users who are trying to access them, is measured. The authenticity of the information indicates that data hasn't been exposed to unauthorized manipulation or change when transmitting between different parts of a system. On the other hand, users also prove their authenticity by providing credentials (usually a username and password).
In the security topics, anyone who is trying to access other information unauthorizedly is known as an attacker or intruder. The motive of this person can vary from simple issues such as humor or sly to the level of international crime and extortion. A group of these attackers only try to eavesdropping and reading the information, while another group is trying to change the data in a way. The most common attempts to infiltrate are:
- Random attempts by non-technical users: In this case, people who do not have a specific technical skill, try to view other people's information simply by using a random situation like using shared devices.
- Internal users threats: In this case, people who work within an organization and have access to systems, by relying on their skills, try to access sections that are not normally accessible to them. These efforts are often carried out for the sake of curiosity or as a challenge to prove their skills. However, in some cases, there are also motivations such as spying on information, sabotage or retaliation in this regard.
- Efforts to earn money: In this case, the attackers are trying to access funds in various ways (such as bank accounts) and steal money. Also, in another common method, the attackers put their victims under pressure in various ways (such as encryption of victim information) and force the victim to pay a ransom.
- Political attempts to attack military or government information: This includes attempts by hostile governments against each other and follows entirely political motives.
Methods of protection against threats
As with the real world, the general rule "better prevention than treatment," also applies to information protection. In short, the best way to protect information security is to prevent unauthorized access to them or penetration of various security threats to the system. Still, as in the real world, prevention is not always successful, and sometimes threats succeed in trying to penetrate the system. Three security approaches must be implemented in each system so that it can neutralize any threat that has entered the system for any reason:
- Detection: The ability of the system to determine if there is a threat or infection inside the system.
- Identification: Precise recognition of threats and infections with the aim of neutralizing their effects and also cleaning them.
- Removal: Clearing and removing all threats from the system in such a way that they no longer can perform their intended task or spread to other systems.
In order to implement the abovementioned measures in the most effective way possible, it is advisable to design security in multiple layers. In this way, if a layer fails to neutralize the threat, next layer will still have the chance of success and protect the information. In the security design, the following components are implemented in the defense layers. Each of these components can be implemented as a hardware, software, or function in a software application:
- Firewall: A hardware or software tool that monitors the flow of information to and from your system (or your network). If a packet conflicts with the filters defined in each of the input or output streams, the firewall will drop it.
- Intrusion Detection System: The task of this system is to collect and analyze a system or network information to identify external or internal security breaches.
- Antiviruses: If for any reason, defense systems fail to prevent the intrusion of threats and infections to the system, the antivirus will take the responsibility of identifying and removing them. Regular updates of antiviruses are one of the essential requirements for their use in order to protect the information against the latest identified threats.