Computer security software: Difference between revisions
→Types of Software to Secure Computers or Data: retitle section: Types |
start to clean up a bit, drop off-topic content and original examples |
||
| Line 11: | Line 11: | ||
Below follow a series of software patterns and groups from the perspective of a host system interacting with users and attempting to secure itself or its assets against their interactions. |
Below follow a series of software patterns and groups from the perspective of a host system interacting with users and attempting to secure itself or its assets against their interactions. |
||
===Prevent |
===Prevent access=== |
||
The primary purpose of these types of systems is to restrict and often to completely prevent access to computers or data except to a very limited set of users. |
The primary purpose of these types of systems is to restrict and often to completely prevent access to computers or data except to a very limited set of users. The theory is often that if a key, credential, or token is unavailable then access should be impossible. This often involves taking valuable information and then either reducing it to apparent noise or hiding it within another source of information in such a way that it is unrecoverable. |
||
* [[Cryptography]] and [[Encryption software]] |
* [[Cryptography]] and [[Encryption software]] |
||
* [[Steganography]] and [[Steganography tools]] |
* [[Steganography]] and [[Steganography tools]] |
||
=== |
===Regulate access=== |
||
The purpose of these types of systems is usually to restrict access to computers or data while still allowing interaction. Often this involves monitoring or checking credential, separating systems from access and view based on importance, and quarantining or isolating perceived dangers. A physical comparison is often made to a shield. A form of protection whose use is heavily dependent on the system owners preferences and perceived threats. Large numbers of users may be allowed relatively low-level access with limited security checks, yet significant opposition will then be applied toward users attempting to move toward critical areas. |
The purpose of these types of systems is usually to restrict access to computers or data while still allowing interaction. Often this involves monitoring or checking credential, separating systems from access and view based on importance, and quarantining or isolating perceived dangers. A physical comparison is often made to a shield. A form of protection whose use is heavily dependent on the system owners preferences and perceived threats. Large numbers of users may be allowed relatively low-level access with limited security checks, yet significant opposition will then be applied toward users attempting to move toward critical areas. |
||
* [[Access control]] |
* [[Access control]] |
||
| Line 22: | Line 22: | ||
* [[Sandbox (computer security)|Sandbox]] |
* [[Sandbox (computer security)|Sandbox]] |
||
===Monitor |
===Monitor access=== |
||
The purpose of these types of software systems is to monitor access to computers systems and data while reporting or logging the behavior. Often this is composed of large quantities of low priority data records / logs, coupled with high priority notices for unusual or suspicious behavior. |
The purpose of these types of software systems is to monitor access to computers systems and data while reporting or logging the behavior. Often this is composed of large quantities of low priority data records / logs, coupled with high priority notices for unusual or suspicious behavior. |
||
* [[Diagnostic program]] |
* [[Diagnostic program]] |
||
* [[Intrusion detection system]] (IDS) |
* [[Intrusion detection system]] (IDS) |
||
| Line 54: | Line 55: | ||
Note that several instant messaging programs such as [[ICQ]] (founded by "former" members of Unit 8200), or [[WeChat]] and [[QQ]] (rumored 3PLA/4PLA connections<ref>{{cite news |last1=O'Neill |first1=Patrick Howell |title=Under tough surveillance, China's cybercriminals find creative ways to chat |url=https://www.cyberscoop.com/chinese-cybercriminals-speak-in-code-to-hide-from-government-surveillance/ |access-date=22 October 2020 |agency=cyberscoop |publisher=SNG |date=3 May 2017}}</ref><ref>{{cite news |last1=Dasgupta |first1=Binayak |title=Mass surveillance risk real with Chinese apps: Experts |url=https://www.hindustantimes.com/india-news/mass-surveillance-threat-real-with-chinese-apps-says-cybersecurity-experts/story-HphmVO6k2D8kiRMqoD4NgI.html |access-date=22 October 2020 |publisher=Hindustan Times, New Delhi |date=1 July 2020}}</ref>) may represent extensions of these observation apparati. |
Note that several instant messaging programs such as [[ICQ]] (founded by "former" members of Unit 8200), or [[WeChat]] and [[QQ]] (rumored 3PLA/4PLA connections<ref>{{cite news |last1=O'Neill |first1=Patrick Howell |title=Under tough surveillance, China's cybercriminals find creative ways to chat |url=https://www.cyberscoop.com/chinese-cybercriminals-speak-in-code-to-hide-from-government-surveillance/ |access-date=22 October 2020 |agency=cyberscoop |publisher=SNG |date=3 May 2017}}</ref><ref>{{cite news |last1=Dasgupta |first1=Binayak |title=Mass surveillance risk real with Chinese apps: Experts |url=https://www.hindustantimes.com/india-news/mass-surveillance-threat-real-with-chinese-apps-says-cybersecurity-experts/story-HphmVO6k2D8kiRMqoD4NgI.html |access-date=22 October 2020 |publisher=Hindustan Times, New Delhi |date=1 July 2020}}</ref>) may represent extensions of these observation apparati. |
||
=== |
===Block or remove malware=== |
||
The purpose of these types of software is to remove malicious or harmful forms of software that may compromise the security of a computer system. These types of software are often closely linked with software for computer regulation and monitoring. A physical comparison to a doctor, scrubbing, or cleaning ideas is often made, usually with an "anti-" style naming scheme related to a particular threat type. Threats and unusual behavior are identified by a system such as a firewall or an intrusion detection system, and then the following types of software are used to remove them. These types of software often require extensive research into their potential foes to achieve complete success, similar to the way that complete eradication of bacteria or viral threats does in the physical world. Occasionally this also represents defeating an attackers encryption, such as in the case of data tracing, or hardened threat removal. |
The purpose of these types of software is to remove malicious or harmful forms of software that may compromise the security of a computer system. These types of software are often closely linked with software for computer regulation and monitoring. A physical comparison to a doctor, scrubbing, or cleaning ideas is often made, usually with an "anti-" style naming scheme related to a particular threat type. Threats and unusual behavior are identified by a system such as a firewall or an intrusion detection system, and then the following types of software are used to remove them. These types of software often require extensive research into their potential foes to achieve complete success, similar to the way that complete eradication of bacteria or viral threats does in the physical world. Occasionally this also represents defeating an attackers encryption, such as in the case of data tracing, or hardened threat removal. |
||
* [[Anti-keylogger]]s |
* [[Anti-keylogger]]s |
||
| Line 62: | Line 63: | ||
* [[Anti-tamper software]] |
* [[Anti-tamper software]] |
||
* [[Antivirus software]] |
* [[Antivirus software]] |
||
* [[Cryptanalysis]] |
|||
==Software run on computers to secure other systems== |
|||
These types of software are programs run on computers that are primarily intended to secure systems other than themselves. This is usually achieved by providing interactions with physical world systems or by evaluating data that may not be "directly" related to computer security. |
|||
* [[Computer Aided Dispatch]] (CAD) |
|||
* [[Fraud Detection]] |
|||
==See also== |
==See also== |
||
Revision as of 07:28, 15 June 2021
Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.
The defense of computers against intrusion and unauthorized use of resources is called computer security. Similarly, the defense of computer networks is called network security.
The subversion of computers or their unauthorized use is referred to using the terms cyberwarfare, cybercrime, or security hacking (later shortened to hacking for further references in this article due to issues with hacker, hacker culture and differences in white/grey/black 'hat' color identification).
Types
Below follow a series of software patterns and groups from the perspective of a host system interacting with users and attempting to secure itself or its assets against their interactions.
Prevent access
The primary purpose of these types of systems is to restrict and often to completely prevent access to computers or data except to a very limited set of users. The theory is often that if a key, credential, or token is unavailable then access should be impossible. This often involves taking valuable information and then either reducing it to apparent noise or hiding it within another source of information in such a way that it is unrecoverable.
Regulate access
The purpose of these types of systems is usually to restrict access to computers or data while still allowing interaction. Often this involves monitoring or checking credential, separating systems from access and view based on importance, and quarantining or isolating perceived dangers. A physical comparison is often made to a shield. A form of protection whose use is heavily dependent on the system owners preferences and perceived threats. Large numbers of users may be allowed relatively low-level access with limited security checks, yet significant opposition will then be applied toward users attempting to move toward critical areas.
Monitor access
The purpose of these types of software systems is to monitor access to computers systems and data while reporting or logging the behavior. Often this is composed of large quantities of low priority data records / logs, coupled with high priority notices for unusual or suspicious behavior.
- Diagnostic program
- Intrusion detection system (IDS)
- Intrusion prevention system (IPS)
- Log management software
- Records Management
- Security information management
- Security event management
- SIEM
Surveillance monitor
These programs use algorithms either stolen from, or provided by, the police and military internet observation organizations to provide the equivalent of a police Radio scanner. Most of these systems are born out of mass surveillance concepts for internet traffic, cell phone communication, and physical systems like CCTV. In a global perspective they are related to the fields of SIGINT and ELINT and approach GEOINT in the global information monitoring perspective. Sources for such information and the organizations that provide them, in the year 2020, within their particular jurisdictions, include (although may not be exclusive to):
- NSA with BOUNDLESSINFORMANT/BULLRUN/MAINWAY/MYSTIC/PRISM (United States)
- Spetssvyaz/FSO/FSB with SORM (Russian NSA equivalents from FAPSI)
- 3PLA(SIGINT)/4PLA (ELINT)/MPS/MSS (China)
- Unit 8200/Aman (Israel)
- VAJA (Iran)
- FROSTING with TRANSIENT and ECHELON (Five Eyes (FVEY))
- SatCen/INTCEN/EEAS with SIS and SIRENE[1] (European Union)
- GCHQ with MTI (United Kingdom)
- ASD (Australia)
- BfV (Germany)
- DGSE (France)
- MIVD (Netherlands)
- CSE (Canada)
- TERM/NIA using CMS (India)
- ISI/FIA/JSIB[2] with NADRA[3] (Pakistan)
- FIS/PSTS with Onyx (Switzerland)
- FRA with TTD (Sweden)
Note that several instant messaging programs such as ICQ (founded by "former" members of Unit 8200), or WeChat and QQ (rumored 3PLA/4PLA connections[4][5]) may represent extensions of these observation apparati.
Block or remove malware
The purpose of these types of software is to remove malicious or harmful forms of software that may compromise the security of a computer system. These types of software are often closely linked with software for computer regulation and monitoring. A physical comparison to a doctor, scrubbing, or cleaning ideas is often made, usually with an "anti-" style naming scheme related to a particular threat type. Threats and unusual behavior are identified by a system such as a firewall or an intrusion detection system, and then the following types of software are used to remove them. These types of software often require extensive research into their potential foes to achieve complete success, similar to the way that complete eradication of bacteria or viral threats does in the physical world. Occasionally this also represents defeating an attackers encryption, such as in the case of data tracing, or hardened threat removal.
- Anti-keyloggers
- Anti-malware
- Anti-spyware
- Anti-subversion software
- Anti-tamper software
- Antivirus software
See also
References
- ^ Lua error in Module:Citation/CS1/Configuration at line 2058: attempt to index a boolean value.
- ^ Lua error in Module:Citation/CS1/Configuration at line 2058: attempt to index a boolean value.
- ^ Lua error in Module:Citation/CS1/Configuration at line 2058: attempt to index a boolean value.
- ^ Lua error in Module:Citation/CS1/Configuration at line 2058: attempt to index a boolean value.
- ^ Lua error in Module:Citation/CS1/Configuration at line 2058: attempt to index a boolean value.