When we talk about computer security it is important to distinguish between the different types that exist. In this post we will deal with the most relevant (network security, software and hardware). This is very important for companies as they all currently handle the internet in some way, either to sell their products and services, contact the customer or simply to promote themselves. So they must control the security both in network as in their applications (software) and equipment (hardware) to not receive any attack or theft of information that is harmful to the future of the organization.
Computer security is an area of computer science that is in charge of the computational infrastructure and everything related to it, especially the information contained in a computer or the one that circulates through the network.
The three types of computer security of which we will speak are:
Network security is responsible for protecting all information that is accessible through the Internet (documents, images, bank data) and that could be used maliciously. Therefore, this type of security fights against the threats that exist in the network to prohibit access to such data to an unwanted person. The possible threats are: viruses, Trojans, phishing, spyware, data theft, identity theft…
To face these threats there is software and hardware that act on different levels so that nothing fails when it comes to protecting our information. The software must be constantly updated to be able to face new viruses capable of surpassing our defenses if they are not updated.
The mechanisms used by network security are: antivirus and antispyware, firewalls, private networks to ensure secure access to the network and intrusion prevention systems (IPS) to identify threats. In recent years and due to the increase in cyber attacks, companies dedicated to information technology services, such as Viewnext, are creating SOCs (Security Operations Centers) equipped with the latest technology in systems for prevention and detection of intruders, in order to offer companies a comprehensive protection of their infrastructures.
Software security protects applications and software from external threats such as malicious attacks, viruses, etc. The most used mechanism within this type of security are antivirus programs, these programs have a virus file that is updated automatically and is able to find new viruses. The virus search is performed periodically on the computer, also the user can do it manually when you want. Other software that is also used are firewalls, anti-spam filters, software to filter content and against unwanted advertising, etc..
Any application that is going to be used on the Internet today must be protected against attacks as these are becoming more frequent and takes advantage of any security hole in the software to get what you want. The code that is in charge of security is very confusing and complex so it is recommended that you think about security from the first moment you go to create a program or application, as we commented in one of our previous post “Safe Development Model: a shield against cyber attacks.
Hardware security refers to the protection of computers or devices against intrusions or threats. Not only do we need to protect the software but also the hardware we are using in our daily activities is important and requires protection. The most commonly used method is the management of hardware firewalls and proxy servers. There is another method that employs hardware security modules (HSM) that use cryptographic keys for encryption, decryption and authentication in systems. Like software, it is advisable to think about the security of the hardware from the first moment of its manufacture.
Using these three types of computer security in combination we will adequately protect our hardware, software and all our information and data from malicious attacks so that we do not have to complain later, when it is already too late and we can only see by forensic analysis methods what, how and when it has happened.
Necessary skills for the computer security analyst
Before taking action, it is essential that the IT analyst knows how to identify the requirements of regulations, services or software necessary to implement, improve and guarantee the effectiveness of the IT security protocol, guaranteeing the integrity, confidentiality and protection of all the company’s assets at the technological level.
Depending on the company, you may be responsible for defining the network security architecture and its access and control policies. It must manage and ensure the implementation of the company’s security policy, with particular attention to procedures that ensure security and protection at the digital and technological level.
It is important to raise awareness among the rest of the company’s employees in order to strengthen the IT security culture at a global level in the company or institution. It is responsible for responding to and solving possible problems and incidents that arise in the day to day of the company through a plan of action and its report.