Computer Security Authentication

• Passwords

Passwords are the easiest and most common authentication process that are used, not only on desktop computers but also at the network level. However certain rules should be followed when setting a password for your computer or network. Do not use easily predictable words for your passwords; they don't even require a hacker to access the system through your account. Use passwords that are unpredictable. Set long passwords and use numbers and special characters when setting your password. Remember your passwords; don't write it down anywhere. Hackers use various tools to know your passwords, but a long password with a number of special characters, indeed gives them a lot of trouble.

• Digital Certificates

Using a certain algorithm, computer administrator combine your personal details with other user credentials to generate a public key. This public key or digital certificate is used for the authentication purpose in the network.

• Smart Cards

Smart Cards are among the very few hardware authentication processes in which a simple card with an embedded circuitry is used for accessing the network. Each valid card for a particular network, when inserted into the circuitry it has been made for, gives an output which decides whether you will be allowed to enter into the network or not. The programming logic inserted into each card is different and it is one of the safest methods of authentication.

• Fingerprint detection

Almost available in all laptops that are manufactured today; fingerprint detection is another safe method of computer security authentication. Everyone knows that even the iris pattern of two people may even match, but fingerprints can never match.

• Face recognition systems

Face recognition system, may amuse you, but of late many people working in the field of security have questioned its user-friendly nature and the security it can provide. A simple dimension calculation of the face is done by the computer and the logic used in doing so, has been often found to be prone to errors.

• Biometrics

Biometrics is often considered as a far more secure way of authentication than passwords or digital certificates. It is even safer than smart cards, which may be misplaced. The physical and behavioral traits of a person are taken into consideration in this type of authentication.

• Captcha Keys

This is the process of authentication that is used to verify whether a human or a computer bot has logged into the system. Captcha keys are randomly generated alphabets and numericals presented in such a form, that only a human can recognize.

The Biggest Cyber security Threats of 2013 by Forbes Magazine

Threat #1: Social Engineering

This begins with focusing on a tried-and-true blackhat tactic in both the physical and digital worlds. Now social engineering has moved onto social networks, including Facebook and LinkedIn. Attackers are increasing their use of social engineering, which goes beyond calling targeted employees and trying to trick them into giving up information.


Threat #2: APTs

Advanced Persistent Threats (APTs) are highly sophisticated and carefully constructed. It can be the precursor for a sophisticated attack meant to breach the wall of an organization. They are targeting both corporations and governments. The intention behind APT attacks is to gain access to a network and steal information quietly.


Threat #3: Internal Threats

Some of the most dangerous attacks come from the inside. These attacks can be the most devastating, due to the amount of damage a privileged user can do and the data they can access.


Threat #4: BYOD

The issue of trust comes into play in the mobile world as well, with many businesses struggling to come up with the right mix of technologies and policies to hop aboard the bring-your-own-device (BYOD) trend. Users are increasingly using their devices as they would their PCs, and by doing so are opening themselves up to web-based attacks the same as they would if they were operating a desktop computer. All this means that the flood of iPhones, Google Android phones and other devices making their way into the workplace are opening up another potential gateway for attackers that needs to be secured.


Threat #5: Cloud Security

With more companies putting more information in public cloud services, those services become juicy targets, and can represent a single point of failure for the enterprise. For businesses, this means that security must continue to be an important part of the conversation they have with cloud providers, and the needs of the business should be made clear.


Threat #6: HTML5

Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. HTML5′s cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality.


Threat #7: Botnets

But even though the arms race between researchers and attackers favors innovation, expect cybercriminals to spend a lot of time perfecting what they know best, such as making sure their botnets have high availability and are distributed. While the legal takedowns being launched by companies such as Microsoft succeeded in temporarily disrupting spam and malware operations, it is naïve to assume attackers aren’t taking what they have learned from those takedowns and using it to shore up their operations. Botnets are here to stay.



Threat #8: Precision Targeted Malware

Attackers are also learning from the steps researchers are taking to analyze their malware, and techniques were recently demonstrated that can help render analysis ineffective by designing malware that will fail to execute correctly on any environment other than the one originally targeted.


read more on The Biggest Cybersecurity Threats of 2013

Differences between Virus, Worms and Trojan Horse

Virus

• a code fragment that copies itself into a larger program, and modifying that program
• may infect memory, floppy disk, a tape, or any other type of storage.
• virus are spread by the human action
• it need host to run

Worms

• an independent program so does not need human action to spread
• it produces by copying itself from one computer to another usually over a network
• doesn't modify program but it duplicate itself and effect the memory and the system of the computer

Trojan Horse

• a code fragment that hides inside a program and performs a disguised function
• it appear as a legitimate software also perform that function
• however it actually the program perfoms some other unauthorized operation