Introduction
Computers and the internet have become an integral part of modern life and it is hard for a person to go through a day without interacting with these technologies. Due to the numerous advantages gained by using the two technologies, people are relying even more on computers and the internet for personal and commercial purposes.
This increase in usage has led to an increase in the rise in attempts by malicious people to compromise the systems. A number of important security issues have therefore emerged as malicious people seek to exploit vulnerabilities in computer systems and the internet. For most computer users, a number of common threats are likely to be encountered.
Types of Threats
Malware is a set of malicious code that runs on the computer and makes it do something that the attacker wants it to do. An important aspect of malware code is that it is installed in a computer without the consent of the owner of the computer. Balmes and Damsky (2015) of the Check Point Company declare that this malicious code can be designed to do a wide number of activities.
It could delete files from the computer, monitor keystrokes, gather information about a user’s computing habits, and steal personal information saved on the hard drive. Computer systems also faces threats from the worm, which is a self-replicating piece of code that propagates itself through networks. Cisco (2014) declares that worms are unique in that they do not require human interaction to spread through the network.
Worms usually exploit some flaw in a target and conquer it in an automated fashion, without a user doing anything. They are able to use security holes in the operating systems and browsers or as email attachments. The worm affects the system by taking up valuable system resources such as memory and disk space. Eventually, the worms take up too many of the system resources therefore overwhelming the system and causing it to crash.
A different type of threat is the bot, which involves a program being run on a user’s machine to allow the botmaster to control the compromised computer. The term bot is used to refer to both the computer that has been taken over (the zombie) and the malicious program used to control the zombie (Cisco, 2015). The bot program is often installed on the victim’s computer using a Trojan or a worm.
Perpetrates of this form of attack aim to form a botnet, which is a collection of internet-connected, compromised computers. The attacker is able to remotely control the bots through internet communication. Bots can be used for various malicious intentions including carrying out Denial of Service attacks, damaging network infrastructure, and stealing personal information.
Finally, computers face threats from viruses, which are software programs designed to interrupt normal operation of the system. An important attribute of viruses is that they need to be executed before they can perform their disruptive activities. Once executed, most viruses attempt to replicate themselves. Viruses can either be disruptive whereby they interfere with normal operations, or destructive where they destroy data.
Phishing and Spoofing
Attackers can use the internet to carry out phishing and spoofing attacks. Both of these attacks involve the sending of a large number of emails to various user addresses with the intention of baiting some unsuspecting recipients. In spoofing, the attacker aims to trick the user into performing actions that might compromise the security of his/her computer system.
The attacker creates a legitimate looking email and sends it to the user with the aim of fooling him into clicking on a link to download a file. This link downloads a malicious program that can damage the user’s system. Phishing attacks aim to trick the user into providing sensitive information to the attacker. The attacker relies on the trust that the user has for certain reputable organizations such as Amazon, Ebay, and major banks to name but a few.
The user is given a link to a fraudulent website that is often the replica of a legitimate website. When the user fills in personal information in the forms provided in the fake website, the attackers collect this information and use it to engage in criminal activities such as identity theft.
Encryption
When you use the internet, information travels between your computer and a server located at a remote location. The internet is not a secure medium and the information travelling via it can be high jacked. Malicious elements can steal information as it travels through the internet. Traditionally, communication through the World Wide Web made use of the Hypertext Transfer Protocol (HTTP).
Http can be thought of as an agreement made between two communicating parties on how to go about exchanging information over the internet. While this method is very effective, it contains security vulnerabilities since the traffic between the client and the server is sent unencrypted as “clear-text. In the event that someone intercepts the information, they can understand it since it is in clear-text format.
This is of great concern especially if the information is of a sensitive nature. The HTTPS protocol provides better security since it encrypts the traffic between the user and the server. Morell (2013) declares that the use of encryption will increase the protection of data as it moves along the internet.
HTTPS makes use of a security key shared between the communicating entities. This protocol relies on Secure Sockets Layer Certificates to encrypt and decrypt the data being communicated across the network. The SSL certificate contains a public key and is issued out to any computer that needs to communicate with the website.
The SSL certificate is given out by special companies such as VeriSign, Thawte, and Valicert, who only issue them out after verifying the recipient’s identify properly. Recipients with these digital certificates are deemed to be trustworthy.
How to View Certificate Information
As a user you might be interested in looking at the certificate information of a particular website. Most of the popular browsers make it easy for the user to view this information. Using the Safari browser, visit the website and look for a padlock symbol at the left side of the URL. If the website has a lock, it means that it has a security certificate and the user can view it by clicking on the lock symbol.
Clicking will produce a dialog box with a “show certificate” button that when clicked enables the user to view the certificate details. Using the Chrome browser, the user can check the certificates by looking at the lock icon present at the left of the URL. A green lock indicates that the website has a valid certificate. A grey lock with a hazard sign indicates that the connection’s security is questionable.
A grey lock with a red cross indicates that the site does not have a valid security certificate. In the Firefox browser, look for a padlock symbol at the left side of the URL. Clicking on the padlock will produce a drop box which states that the connection to the website is secure and a button for more information is provided. Clicking on this button produces a window that contains technical details about the type of encryption.
A button to view the certificate is provided at the right side of the window. In the Internet Explorer browser, a padlock appearing on the right side of the URL is used to indicate that a website has a security certificate and it encrypts data before transmission while the lack of a padlock demonstrate that no encryption is used when transferring data to the website. Clicking on the lock symbol produces a drop box which has a link to “view certificate”.
Best Security Practices
To decrease the probability of falling victim to the various threats identified, users should follow some best security practices. To begin with, they should ensure that their Operating Systems are regularly updated to ensure that they are not prone to security threats. Most operating systems provide occasional patches that are meant to deal with vulnerabilities that have been identified after the OS was released.
Users should make sure that they apply these patches as soon as possible before attackers exploit the security vulnerabilities. Apple provides software update prompts to its users and every person using this OS should apply the patches without delay. Microsoft also provides patches that can be freely downloaded by users.
Another recommended best practice is to make use of different passwords for different accounts. This approach will help reduce the adverse effects of a phishing attack. Most users use the same password across multiple accounts and this presents a major security risk since a cyber-criminal who acquires the password for one account can access the other accounts.
Raiu (2012) asserts that users should have unique strong passwords for each of their different accounts to ensure that if the password for one account is stolen the other accounts cannot be compromised. Mac OS users benefit from the in-build password manager that Apple provides. They are therefore able to keep track of multiple passwords through this software. For windows users, a password manager software can be downloaded from the internet.
The renowned security company, Norton (2015), recommends obtaining a password management software. Computer users should ensure that they have a good antivirus program installed in their machines. The program must be updated regularly to ensure that its virus definition database contains a list of the latest virus definitions.
Toscano (2015), who is a security expert at Check Point reveals that antivirus software are also able to identify malware and stop it before it affects the computer. Periodic scans for viruses in the computer hard disk should be performed to ensure that the system is clean. Windows 7/8.1 Users are most vulnerable to virus attacks since most malicious entities design viruses to attack the windows platform.
Historically, Mac computers have had less security threats since most malicious entities have concentrated on compromising windows systems. However, this has changed and Mac users today need to invest in antivirus programs to protect their systems from viruses.
Conclusion
Computers and the internet have become an important part of modern life and we all use them for various reasons. Even as we make use of these systems, we should be aware of the security threats that exist. This knowledge will enable us to protect our systems or identify when our systems have been compromised. Users should endeavor to follow best security practices in order to reduce the security risks that computers and the internet are exposed to.
References
Balmes, Y., & Damsky, I. (2015). New Data: Volatile Cedar Malware Campaign. Web.
Cisco (2014). What Is the Difference: Viruses, Worms, Trojans, and Bots? Web.
Cisco (2015). What Is the Difference: Viruses, Worms, Trojans, and Bots? Web.
Morell, M. (2013). Liberty and Security in a Changing World. Web.
Norton (2015). Identity Safe. Web.
Raiu, C. (2012). 10 Simple Tips for Boosting The Security Of Your Mac. Web.
Toscano, J. (2015). Stopping the Next Massive Cyberattack – Step 3: Implement Security Controls. Web.