Computer security is all efforts to create a secure information processing platform in order to protect the integrity of information from unauthorized access during the storage and transportation of data or information in electronic environments. In order to achieve this, it is necessary to determine and implement the security policy appropriate to the situation.
WHY IS IT DANGEROUS?
Attacks are increasing at a geometric speed. (1-2-4-8-16-32- ..)
Attacks are getting more complex and more capable.
The number of attackers is increasing. The fact that some attack programs can be found on the internet enables many people who do not have programming knowledge to attack.
The rapid increase in computer use has caused the number of programs to increase rapidly.
As the programs get more complex, security vulnerabilities increase.
Some of the programs we use - other than their normal functions - may do some malicious processes hidden in the background. (Such as sending some information about your computer)
Most companies and people do not attach the necessary importance to security.
The widespread use of the Internet causes viruses and Trojans to become widespread.
WHO IS ATTACKING?
Those who use it as a gateway computer: They disguise themselves by using your system to attack other systems.
Information stealers: By watching the computer, opening some files, internet connection password, mail password, bank account password, etc. they try to get the information.
Attackers for pleasure: People who are generally not very knowledgeable, who try to get passwords by attacking using some programs they find on the internet, or who cause the system to malfunction by deleting some files.
WHY IS IT EASY TO ATTACK?
Every day new security vulnerabilities are detected and published on the internet. Program producers are rapidly producing and releasing patches for these vulnerabilities, but most people do not install them either because they are unaware or difficult to install.
In addition, the fact that some ready-made programs that facilitate attacks using existing vulnerabilities can be found on the internet, enables people who do not have much technical knowledge about security and programming to easily attack.
FREQUENTLY MADE ERRORS AND PRECAUTIONS BY END USERS ABOUT SECURITY
The studies and technical measures taken by the system administrators in order to ensure information security create integrity with the awareness of the end user and thus high efficiency can be obtained in the work carried out. As is known, 80% of the security gaps can be covered with 20% of the total effort to close these gaps. Our aim is to remind the common mistakes of the end user and simple precautions that can be taken, to create a kind of checklist.
1. Server operating systems on desktop computers
Desktop computers for end-user use are generally not designed for server-based jobs. However, one of the common mistakes made by the end user is the idea that the more comprehensive the operating system, the better it will work. Services that are automatically installed and running on server-grade operating systems without the user's knowledge reduce system performance and cause serious security vulnerabilities. It should be ensured that users are made aware of this issue and that they install / use an operating system that is suitable for their needs.
2.Server applications on desktop computers
Although operating systems are clients, users can set up insecure FTP servers or web servers, especially to share files or serve web pages. For example, it is known that the use of Microsoft IIS as a web server has caused serious security vulnerabilities in the past and today, and CodeRed and Nima viruses spread by using the vulnerability of this software. In order to prevent this situation, it should be ensured that these server-qualified services are provided centrally by system administrators through secure software on secure operating systems. For example, users should be able to prepare a web page on UNIX server systems using their own user accounts, and move their files with FTP programs running on server systems.
3.Operating systems updates
One of the common mistakes end users make is that after installing the operating system, they assume that the installation is complete and that there are no vulnerabilities. Updates of operating systems are constantly being released after they are released. These updates replace the drivers and problematic system files with new ones, and more importantly, they close the security gaps in the operating system. Some operating systems automatically install their own updates or can be set up for automatic installation. Viruses often infect and spread the computer using the vulnerabilities of operating systems that are not updated.
4. Application software updates
In addition to operating systems, some application software may cause security vulnerabilities when they are not updated, due to these vulnerabilities, the computer may be affected by viruses and information may be lost. Especially Microsoft Outlook etc. Message programs such as e-mail reading programs, Microsoft Office packages, MSN Messenger and ICQ need to be updated.
5.Administrator rights on desktop
One of the most common mistakes made by desktop computer users is that they want to be the administrator of the computer they use. Administrator rights are not required to use desktop computers. However, system administrators also allow users to manage computers from time to time in order to get rid of unnecessary phones and unnecessary explanations. The installations made or the configuration parameters changed by the end user without realizing it with the administrator rights can cause security vulnerabilities on the computer.
6.Anti virus software and updates
Some users think that antivirus software slows down their computers. Indeed, antivirus software causes a 0.5-2% decrease in system performance. However, this performance loss is incomparably small with the drop in computer performance when the virus affects the computer. For this reason, using antivirus software on desktop computers is one of the first precautions to be taken against viruses. In addition, one of the common mistakes made by users is to think that the computer is safe from viruses after the anti virus software is installed, and the software is not updated. Users should be made aware of how antivirus software works, how it detects newly released viruses, and how to update the virus scan engine and virus pattern files.
While users are sharing their files with other users on the network, they do not realize that these files are seen by everyone. In addition, instead of sharing certain directories, they open the directories with operating system files and programs for sharing, create security vulnerabilities as a result of these shares opened without a password, and on the other hand, they create a suitable ground for viruses spreading over the network. It is necessary to raise the awareness of the users about the risks of file sharing and to offer safer ways to share files.
Users download and run the programs they receive from the computers that they do not recognize and whose reliability is unknown through P2P file sharing programs such as Kazaa, Imesh or messaging programs such as ICQ. These programs can be virus or Trojan horse qualified. Users should be informed about this.
9. Programs that run unconsciously on the web
Unconsciously downloaded programs and plugins from some websites can cause computers to be invaded by viruses or malicious code. In order to prevent this situation, users are required to make security settings in their Internet browser programs, and to approve the questions that arise when a connection is made to web pages only after they understand.
10. Email attachments
The operation of the attachments of the e-mails prepared by the virus, which the user does not know from or which is shown as coming from a well-known user as a work of social engineering, is a common error that causes the virus to affect the computer. In order to prevent viruses spreading via e-mail from affecting the computer, anti-virus software and operating systems should be updated and secure e-mail reading programs should be preferred. (Netscape Messenger, Pine, Mutt etc. instead of Microsoft Outlook).
11. Security Standards (Security Baseline) and Usage Policies
prepared by system administrators and determined policies are generally deemed unnecessary by end users, and security settings suggested in these are not made. Users need to be informed so that they understand the importance of these standards.