To Prevent Violations Using Hardware And Software:
Since the information is an asset that adds value to the company, and now most of the information is stored on computer media, each organization must be able to guarantee the security of their data, in a context where the risks caused by breaches of computer security systems are constantly increasing.
For this there are, out of business, specific requirements for privacy, including that of a specific policy document drawn up annually on security. It was also agreed at the international level, the new ISO 27001:2005 Standard aims to standardize the conditions appropriate to protect data and information from threats of all types to ensure the integrity, confidentiality and availability. The standard specifies the requirements for a proper system of management of information security (ISMS) for sound data management company. An essential step of any security planning is the assessment of risk and risk management. The CLUSIT is the national association that promotes knowledge in companies.
The problem of security programs are sending and receiving confidential information protected, it was brought to the attention of software developers as a result of sharply increased use of computer tools and the Internet. As for the production of software “protected” we can start by defining the concept of security as the absence of conflicting capable of producing fatal or irreparable damage to a system. In the design of software is therefore essential to achieve the most practical compromise between the efficiency of use of this program and its ability to “survive” to outside attacks and errors more or less critical.
Two key features does the application security concept:
- Safety (Security): a series of devices capable of eliminating the production of irreparable damage within the system;
- Reliability (reliability): prevention by events that can lead to damage of any severity to the system.
Software (or program) is more secure than the lower probability of success of a fault and the seriousness of the damage caused by the fault itself. We can now see, in ascending order, the possible effects of failures in which software may incur:
- No effect
- Negligible risk
- Significant risk
- High risk
- Catastrophic Risk
Checking The Safety Of A Program
Once the software product shall verify its behavior, so as to perform an extended search of defects present, then move on to their eventual elimination. There are different security models for control of programs based on two different methods:
- Semantic-based security model (security models based on semantics): the safety of the program checked is examined in terms of program behavior
- Security-typed language (security models based on language): the types of variables that are followed by policies adopted for the use of typed data.
To be effective, a program must be controlled in its specifications and be free from defects in the code for this purpose is performed an audit of program specifications and performance related to reliability, second is analyzed every piece of code and function system.
The IEEE (Institute of Electrical and Electronics Engineers) has cataloged the errors in the software in three different voices depending on the nature of the errors themselves. They are:
- Error is a human error occurred during the process of interpretation of the specifications or during the use of a method or in an attempt to solve a problem
- Failure: is an incongruous and unexpected behavior of software from specifications of the program
- Fault: a defect in the source code.
Program errors are not harmful, such as spyware and buffer overflows have the characteristic not to modify the system files, and they also do not harm the characteristics of the system. Find listed below a series of errors and attacks the software to different entities.
Main Techniques Of Attack
- Buffer overflow
- Port scanning
- Computer viruses
- Social engineering
- CMD Through Browser