This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Information security also known as InfoSec means basically keeping your information under your direct control: that no one can access your information without your permission -- and that you know what risks you take when you allow someone to access the information you own.
It is essential to understand that you do not want everyone to have access to all your information. For most people it is clear that they want to keep their private and sensitive information like passwords and credit card information away from the hands of other people. Many of them don't understand though, that even some pieces of information, that might seem meaningless to them may be very valuable to some other people, especially when combined together with other pieces of information. For instance a corporation could want your demographic information for marketing purposes -- so badly, that they would be happy to buy it from a person, who gathers this information by accessing your computer illegally.
It is also important to understand, that even if you don't give any of your information to anyone on the Internet, someone may access your computer system to get the information they need.
2. Vulnerabilities of the Internet
Internet is vulnerable to flaws and weaknesses in the network defence. Vulnerabilities may result from bugs or design flaws in the system. Some vulnerabilities are caused by un-sanitized user input, often allowing the direct execution of commands or SQL statements. Sometimes the programmer fails to check the size of data buffers, which can overflow and cause corruption of the stack or heap areas of memory.
Vulnerability usually allows an attacker to trick the application into bypassing access control checks or executing commands on the system hosting the application.
There are a number of vulnerabilities that your computer and network may be subjected to. Some of the most common ones are input validation errors like format string bugs, improperly handling of shell metacharacters so they are interpreted, SQL injection and in web applications cross-site scripting. Also stack smashing and other buffer overflows as well as symlink races are common vulnerabilities.
Vulnerabilities might exist in all major operating systems like Windows, Mac OS, Linux, OpenVMS, and others. The vulnerability of your network and servers can be tested by vulnerability scans. They test your servers, web pages, firewall and others for possible vulnerability. Vulnerability scans can be downloaded from the Internet.
3. Security problems
The security problem occurs when an unauthorised attacker; a hacker, virus or other type of malware breaks into the system.
Browsers are the most common targets of Internet security breaches. They are often merely an annoyance as the browser might slow down and crash at regular intervals, the data could become inaccessible and at worse cases the confidentiality of user's personal information could be violated.
If there are bugs or misconfiguration problems in the Web server they might allow unauthorized remote users to gain access to confidential documents containing personal information or to obtain information about the server's host machine that will allow a break into the system. They can also execute commands on the server host machine, allowing them to modify the system and to launch denial-of-service attacks, rendering the machine temporarily unusable. Denial-of-service attacks, also known as DoS, will target the computer's network bandwidth or connectivity. A distributed denial-of-services attack, DDoS, will use a number of computers the perpetrator has taken over, to attack against one or more targets. Typically a DDoS master program is installed on one computer using a stolen account.
The spying on interception of network data moving between the server and the browser can be made possible if the vulnerability of the network or the server is left open to it.
A hacker is a person who creates and modifies computer software and computer hardware. The term hacker has negative connotations as it's a term used for a person who exploits a system and gains unauthorized access to systems and often performs tasks that are not recommended or often legal. However the term can also relate to a person who simply uses his or hers skills to for example create computer programming, administration and security-related items.
The most common security issue concerning individual users as well as companies, are viruses. Computer virus is an unsolicited program that insert copies of itself on the computer programs. Computer viruses are one type of malicious software or malware. Other types of malware are so called worms, trojan horses, adware and spyware.
Malware can be a mere nuisance by affecting the useability of your computer by slowing it down, making the computer crash at regular intervals and also affecting the various programs and documents you might want to access. More seriously malware can become a security risk by acquiring personal information about you from your emails and other data stored on your computer.
Adware and spyware are most annoying as they keep the unwanted advertising popping up on your screen. Spyware also collects your personal information and provides commercial interests with your details.
You can protect your computer and yourself by using appropriate software to combat unwanted and possibly destructive malware. (See How to protect your computer against viruses for more information.)
Phishing is a term used for an identity theft. Phishing is a criminal activity where a person or a business is approached fraudulently usually by an email claiming to be from a legitimate organization and requesting personal information, like bank account details, passwords and credit card details, from the receiver of the email. The information is used to access Internet bank accounts and other organizations where personal details are needed to access the site.
Anti-phishing software attempts to expose the true identity of the sender of the email or the website. But the personal vigilance is the best protection from phishing: no reputable bank or legitimate organization would ask for your personal details on an email.
It is also good to remember, that email has no guarantee of privacy: it is as private as a postcard. On its way to the recipient your email travels through a lot of servers, where it can be accessed by those who manage the system as well as those who have illegally intruded it. The only way to be relatively sure for the privacy of your email is to use encryption. See more below..