Computer security software: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 06:05, 15 June 2021 edit Beland (talk \| contribs) Autopatrolled, Administrators 259,155 edits →Types of Software to Secure Computers or Data: retitle section: Types ← Previous edit		Latest revision as of 02:52, 17 July 2025 edit undo Citation bot (talk \| contribs) Bots 5,866,970 edits Removed URL that duplicated identifier. Removed access-date with no URL. Removed parameters. \| Use this bot. Report bugs. \| #UCB_CommandLine
(30 intermediate revisions by 20 users not shown)
Line 1: {{short description\|Computer program for information security}} {{Computer security}}▼ '''Computer security software''' or '''cybersecurity software''' is any [[computer program]] designed to influence [[information security]]. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense. Line 7 ⟶ 6: The subversion of [[computer]]s or their unauthorized use is referred to using the terms ''[[cyberwarfare]]'', ''[[cybercrime]]'', or ''[[Security hacker\|security hacking]]'' (later shortened to ''hacking'' for further references in this article due to issues with ''[[hacker]]'', ''[[hacker culture]]'' and differences in [[White hat (computer security)\|white]]/[[Grey hat\|grey]]/[[Black hat (computer security)\|black]] 'hat' color identification). The computer security software products industry was launched in the second half of the 1970s when computer firms and new IT startups chose alternative paths to offer commercial access control systems to organizational mainframe computer users. These developments were led by [[IBM]]'s [[Resource Access Control Facility]] and SKK's Access Control Facility 2.<ref>{{Cite journal \|title=The Origin and Early History of the Computer Security Software Products Industry \|journal=IEEE Annals of the History of Computing\|date=2015 \|doi=10.1109/MAHC.2015.21 \|last1=Yost \|first1=Jeffrey R. \|volume=37 \|issue=2 \|pages=46–58 }}</ref> ==Types== Below, various software implementations of Cybersecurity patterns and groups outlining ways a host system attempts to secure itself and its assets from malicious interactions, this includes tools to deter both [[Passive attack\|passive]] and active [[threat (computer)\|security threats]]. Although both security and usability are desired, today it is widely considered in computer security software that with higher security comes decreased usability, and with higher usability comes decreased security.<ref>{{Cite book\|last=Barragán\|first=Claudio Casado\|title=Information Technology - New Generations\|publisher=Springer International Publishing\|year=2017\|isbn=9783319549774\|pages=395–398}}</ref> ~~Below follow a series of software patterns and groups from the perspective of a host system interacting with users and attempting to secure itself or its assets against their interactions.~~ ===Prevent ~~Access~~access=== The primary purpose of these types of systems is to restrict and often to completely prevent access to computers or data except to a very limited set of users. The theory is often that if a key, credential, or token is unavailable then access should be impossible. ~~A physical comparison is often made to a fortress, armor, or jamming. A shell that even if abandoned would still present a significant challenge for computer access.~~ This often involves taking valuable information and then either reducing it to apparent noise or hiding it within another source of information in such a way that it is unrecoverable. * [[Cryptography]] and [[Encryption software]] * [[Steganography]] and [[Steganography tools]] A critical tool used in developing software that prevents malicious access is ''Threat Modeling''.<ref>{{Cite journal\|last1=Bodeau\|first1=Deborah J.\|last2=McCollum\|first2=Catherine D.\|last3=Fox\|first3=David B.\|date=2018-04-07\|title=Cyber Threat Modeling: Survey, Assessment, and Representative Framework\|url=https://apps.dtic.mil/sti/citations/AD1108051\|archive-url=https://web.archive.org/web/20210929040958/https://apps.dtic.mil/sti/citations/AD1108051\|url-status=live\|archive-date=September 29, 2021\|language=en}}</ref> Threat modeling is the process of creating and applying mock situations where an attacker could be trying to maliciously access data in [[cyberspace]]. By doing this, various profiles of potential attackers are created, including their intentions, and a catalog of potential vulnerabilities are created for the respective organization to fix before a real threat arises.<ref>{{Cite web\|title=Threat Modeling: 12 Available Methods\|url=https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/\|access-date=2021-10-04\|website=SEI Blog\|date=2 December 2018 \|language=en}}</ref> Threat modeling covers a wide aspect of cyberspace, including devices, applications, systems, networks, or enterprises. Cyber threat modeling can inform organizations with their efforts pertaining to cybersecurity in the following ways:<ref>{{Cite book\|last=Jones\|first=Andy\|title=Risk management for computer security : Protecting your network and information assets\|date=2005\|publisher=Elsevier Butterworth-Heinemann\|others=Debi Ashenden\|isbn=978-0-08-049155-4\|___location=Amsterdam, Netherlands\|oclc=159937634}}</ref> ===Isolate / Regulate Access===▼ * Risk Management * Profiling of current cybersecurity applications * Considerations for future security implementations ▲===~~Isolate /~~ Regulate ~~Access~~access=== The purpose of these types of systems is usually to restrict access to computers or data while still allowing interaction. Often this involves monitoring or checking credential, separating systems from access and view based on importance, and quarantining or isolating perceived dangers. A physical comparison is often made to a shield. A form of protection whose use is heavily dependent on the system owners preferences and perceived threats. Large numbers of users may be allowed relatively low-level access with limited security checks, yet significant opposition will then be applied toward users attempting to move toward critical areas. * [[Access control]] Line 22 ⟶ 29: * [[Sandbox (computer security)\|Sandbox]] ===Monitor ~~Access~~access=== The purpose of these types of software systems is to monitor access to computers systems and data while reporting or logging the behavior. Often this is composed of large quantities of low priority data records / logs, coupled with high priority notices for unusual or suspicious behavior~~. A physical comparison to eyes, goggles, scanning, or spying is often made. Observing user's behavior, often with the secondary goal of remaining hidden themselves~~. * [[Diagnostic program]] * [[Intrusion detection system]] (IDS) Line 31 ⟶ 39: * [[Security information management]] * [[Security event manager\|Security event management]] * [[Security information and event management]] (SIEM) * [[SIEM]] ====Surveillance monitor==== These programs use algorithms either stolen from, or provided by, the police and military internet observation organizations to provide the equivalent of a police [[Radio scanner]]. Most of these systems are born out of [[mass surveillance]] concepts for internet traffic, cell phone communication, and physical systems like [[CCTV]]. In a global perspective they are related to the fields of [[SIGINT]] and [[ELINT]] and approach [[Geospatial intelligence\|GEOINT]] in the global information monitoring perspective. ~~Sources~~Several ~~for~~instant messaging programs such ~~information~~as [[ICQ]] (founded by "former" members of [[Unit 8200]]), or [[WeChat]] and ~~the~~[[QQ]] ~~organizations~~(rumored ~~that~~[[3PLA]]/[[4PLA]] ~~provide~~connections<ref>{{cite ~~them~~news \|last1=O'Neill \|first1=Patrick Howell \|title=Under tough surveillance, China's cybercriminals find creative ways to chat \|url=https://www.cyberscoop.com/chinese-cybercriminals-speak-in-code-to-hide-from-government-surveillance/ ~~the~~\|access-date=22 ~~year~~October 2020, ~~within~~\|agency=cyberscoop ~~their~~\|publisher=SNG ~~particular~~\|date=3 ~~jurisdictions~~May 2017}}</ref><ref>{{cite news \|last1=Dasgupta \|first1=Binayak \|title=Mass surveillance risk real with Chinese apps: Experts \|url=https://www.hindustantimes.com/india-news/mass-surveillance-threat-real-with-chinese-apps-says-cybersecurity-experts/story-HphmVO6k2D8kiRMqoD4NgI.html \|access-date=22 October 2020 \|publisher=Hindustan Times, ~~include~~New ~~(although~~Delhi \|date=1 July 2020}}</ref>) may ~~not~~represent beextensions ~~exclusive~~of ~~to):~~these observation apparati. * [[National Security Agency\|NSA]] with [[Boundless Informant\|BOUNDLESSINFORMANT]]/[[Bullrun (decryption program)\|BULLRUN]]/[[MAINWAY]]/[[MYSTIC (surveillance program)\|MYSTIC]]/[[PRISM (surveillance program)\|PRISM]] ([[United States]]) * [[Special Communications Service of Russia\|Spetssvyaz]]/[[Federal Protective Service (Russia)\|FSO]]/[[Federal Security Service\|FSB]] with [[SORM]] ([[Russia]]n NSA equivalents from [[FAPSI]]) * [[People's Liberation Army#Third Department\|3PLA]](SIGINT)/[[Fourth Department of the General Staff Headquarters Department\|4PLA]] (ELINT)/[[Ministry of Public Security (China)\|MPS]]/[[Ministry of State Security (China)\|MSS]] ([[China]]) * [[Unit 8200]]/[[Military Intelligence Directorate (Israel)\|Aman]] ([[Israel]]) * [[Ministry of Intelligence (Iran)\|VAJA]] ([[Iran]]) * [[Signals intelligence by alliances, nations and industries#Confirmation of ECHELON\|FROSTING]] with [[Signals intelligence by alliances, nations and industries#Confirmation of ECHELON\|TRANSIENT]] and [[ECHELON]] ([[Five Eyes\|Five Eyes (FVEY)]]) * [[European Union Satellite Centre\|SatCen]]/[[European Union Intelligence and Situation Centre\|INTCEN]]/[[European External Action Service\|EEAS]] with [[Schengen Information System\|SIS]] and SIRENE<ref name="SIRENE cooperation">{{cite web \|title=SIRENE cooperation \|url=https://ec.europa.eu/home-affairs/what-we-do/policies/borders-and-visas/schengen-information-system/sirene-cooperation_en \|website=European Commission, official website \|publisher=European Commission \|access-date=22 October 2020}}</ref> ([[European Union]]) * [[GCHQ]] with [[Mastering the Internet\|MTI]] ([[United Kingdom]]) * [[Australian Signals Directorate\|ASD]] ([[Australia]]) * [[BfV]] ([[Germany]]) * [[DGSE]] ([[France]]) * [[Dutch Military Intelligence and Security Service\|MIVD]] ([[Netherlands]]) * [[Communications Security Establishment\|CSE]] ([[Canada]]) * [[Telecom Enforcement Resource and Monitoring\|TERM]]/[[National Investigation Agency\|NIA]] using [[Central Monitoring System\|CMS]] ([[India]]) * [[Inter-Services_Intelligence\|ISI]]/[[Federal_Investigation_Agency\|FIA]]/[[Inter-Services_Intelligence#Departments\|JSIB]]<ref>{{cite web\|url=https://fas.org/irp/world/pakistan/isi/ \|title=Directorate for Inter-Services Intelligence \|publisher=[[Federation of American Scientists]] \|author=Pike, John \|date=25 July 2002 \|access-date=13 December 2008 \|archive-url=https://web.archive.org/web/20080515131913/http://www.fas.org/irp/world/pakistan/isi/ \|archive-date=15 May 2008 \|url-status=dead \|df=dmy }}</ref> with [[National_Database_%26_Registration_Authority\|NADRA]]<ref>{{cite web \|title=Tipping the scales: Security & surveillance in Pakistan \|url=https://privacyinternational.org/sites/default/files/2018-08/PAKISTAN%20REPORT%20HIGH%20RES%2020150721_0.pdf \|website=Privacy International \|publisher=Privacy International \|access-date=31 May 2021}}</ref> ([[Pakistan]]) * [[Swiss intelligence agencies\|FIS]]/[[Swiss intelligence agencies#Postal Service and Telecommunications Surveillance\|PSTS]] with [[Onyx (interception system)\|Onyx]] ([[Switzerland]]) * [[National Defence Radio Establishment\|FRA]] with [[Titan traffic database\|TTD]] ([[Sweden]]) Note that several instant messaging programs such as [[ICQ]] (founded by "former" members of Unit 8200), or [[WeChat]] and [[QQ]] (rumored 3PLA/4PLA connections<ref>{{cite news \|last1=O'Neill \|first1=Patrick Howell \|title=Under tough surveillance, China's cybercriminals find creative ways to chat \|url=https://www.cyberscoop.com/chinese-cybercriminals-speak-in-code-to-hide-from-government-surveillance/ \|access-date=22 October 2020 \|agency=cyberscoop \|publisher=SNG \|date=3 May 2017}}</ref><ref>{{cite news \|last1=Dasgupta \|first1=Binayak \|title=Mass surveillance risk real with Chinese apps: Experts \|url=https://www.hindustantimes.com/india-news/mass-surveillance-threat-real-with-chinese-apps-says-cybersecurity-experts/story-HphmVO6k2D8kiRMqoD4NgI.html \|access-date=22 October 2020 \|publisher=Hindustan Times, New Delhi \|date=1 July 2020}}</ref>) may represent extensions of these observation apparati. ===~~Remove Programs~~Block or ~~Malicious~~remove ~~Code~~malware=== The purpose of these types of software is to remove malicious or harmful forms of software that may compromise the security of a computer system. These types of software are often closely linked with software for computer regulation and monitoring. A physical comparison to a doctor, scrubbing, or cleaning ideas is often made, usually with an "anti-" style naming scheme related to a particular threat type. Threats and unusual behavior are identified by a system such as a firewall or an intrusion detection system, and then the following types of software are used to remove them. These types of software often require extensive research into their potential foes to achieve complete success, similar to the way that complete eradication of bacteria or viral threats does in the physical world. Occasionally this also represents defeating an attackers encryption, such as in the case of data tracing, or hardened threat removal. * [[Anti-keylogger]]s Line 62 ⟶ 52: * [[Anti-tamper software]] * [[Antivirus software]] * [[Cryptanalysis]] ~~==Software run on computers to secure other systems==~~ These types of software are programs run on computers that are primarily intended to secure systems other than themselves. This is usually achieved by providing interactions with physical world systems or by evaluating data that may not be "directly" related to computer security. * [[Computer Aided Dispatch]] (CAD)▼ * [[Fraud Detection]] ==See also== Line 73 ⟶ 57: * [[Data security]] * [[Emergency management software]] * [[Cloud Workload Protection Platforms]] ▲* [[Computer ~~Aided~~Antivirus ~~Dispatch~~Software]] ~~(CAD)~~ ==References== {{reflist}} ▲{{Computer security}} [[Category:Computer security software\| ]]