The paper explores the role of Pass word, Anti virus & information encryption in computer security. It's been discussed that passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only permit a person or group to pass if they knew the password. In modern times, user names & passwords are commonly used by people during a log in system that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. Information encryption refers to mathematical calculations & algorithmic schemes that transform plaintext in to cyphertext, a form that is non-readable to unauthorized parties. The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt the information, transforming it to the original plaintext version.

Finally the paper discusses another important computer security application, computer virus which is a computer program that can copy itself & infect a computer without the permission or knowledge of the owner. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware, & spyware programs that do not have the reproductive ability. A true virus can only spread from two computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Web, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.

MAIN BODY

A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (Example: An access code is a type of password). The password must be kept secret from those not allowed access.

The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only permit a person or group to pass if they knew the password. In modern times, user names & passwords are commonly used by people during a log in system that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may need passwords for plenty of purposes: logging in to computer accounts, retrieving e-mail from servers, accessing programs, databases, networks, web-sites, & even reading the morning newspaper online.

Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words may be harder to guess, a desirable property. Some passwords are formed from multiple words & may more accurately be called a passphrase. The term passcode is sometimes used when the secret information is purely numeric, such as the personal identification number (PIN) commonly used for ATM access. Passwords are generally short to be easily memorized & typed.

A password is “something you know.” This information is understood to be known by a single individual. Two-factor authentication systems add in another factor, “something you have”, electronic card key, electronic token, dongle, fob or some other physical item you keep in a secure place when not in use. A common stand in replacement for this second factor when higher levels of security are needed is “something you are”. A biological fingerprint, retina pattern, person’s weight, specific vital signs or a combination of these items is used in lieu of the electronic tool. The biological factor for authentication & authorization has been found to be unreliable, but not in that it permits those that should not be allowed when used properly, but because there is a tendency for it to deny legitimate users access due to disease, physical body changes, or other physical impairments.

For the purposes of more compellingly authenticating the identity of two computing tool to another, passwords have significant disadvantages (they may be stolen, spoofed, forgotten, etc.) over authentications systems relying on cryptographic protocols which are more difficult to circumvent. The original password concept has been proven to be insecure. There's been cases where passwords have been compromised without a users knowledge, through coersion, or because they were conned in to revealing it. The core problem with legacy passwords is that it is impossible or impossible for an administrator or a computer system to differentiate between a legitimate user & illegitimate user gaining access through the same password. Because of this inherent flaw in the original password system, Four Factor Authentication was invented.

There's four common methods of authentication when users use electronic components for two-factor authentication, response-only, & challenge-response systems.

Response-only systems need a user to present your electronic tool to an electronic reading system, or for you to enter information displayed on the electronic tool without user input. The user must provide a username or pin that is not known to outsiders, & then enter specific credential information generated by the electronic tool when prompted. In plenty of cases, this mechanism returns the user back to a single factor authentication, where the user does not need to know something, but posseses the item in query. An example of this is the standard electronic card key used to enter a facility or building perimiter. The user need not provide any other factor to prove their identity.

Both the response-only & challenge-response systems can be defeated if the user both reveals the private information they keep secret, such as their username or pin code, & the attacker takes ownership of the electronic tool. Due to this weakness, the bioligcal factor was invented.

Challenge-response systems need the user to enter a specific passphrase or pin in to the electronic tool first, before the tool responds with the proper access credentials information. This varient is always thought about two-factor authentication, since the user must provide both “something they know” (the pin), & use “something they have” (the electronic tool).

Biological factors have been in use for several decades, & have proven to be reliable & secure ways to prevent unauthorized users from gaining access to secure systems or environments, regardless of the privacy of their passwords used. Systems monitor fingerprints, eye retina patterns, weight, ambient temperature, & other biological signs to select the authenticity of the user requesting access. Movies have been touting methods of defeating these systems by cutting off body parts, using retinal masks, or forcing legitimate users in to bypassing the authentication mechanisms for the attacker. These are largely Hollywood schemes & never work in the real world. In most cases where this level of security is necessary, local or remote monitoring of entry points through cameras & security personnell is common. Deadlock portals, remote activated magnetically controlled entranceways, & visual idenfitication are the norm.

Plenty of simple methods have been devised to defeat weakly designed biological factor systems, so be sure you thoroughly check the security measures you plan to put in place before implementation.

However, asking users to recall a password consisting of a “mix of uppercase & lowercase characters” is like asking them to recall a sequence of bits: hard to recall, & only a small bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user basically capitalises the first letter). Asking users to use “both letters & digits” will often lead to easy-to-guess substitutions such as ‘E’ –> ‘3′ & ‘I’ –> ‘1′, substitutions which are widely known to crackers. Similarly typing the password two keyboard row higher is a common trick known to crackers.

The not as hard a password is for the owner to recall generally means it will be easy for a hacker to guess. Passwords which are difficult to recall will reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets & (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. “have a mix of uppercase & lowercase letters & digits” or “change it monthly”, the greater the degree to which users will subvert the systemIn Jeff Yan et al. examine the effect of advice given to users about a lovely choice of password. They find that passwords based on thinking of a phrase & taking the first letter of each word, are as memorable as naively selected passwords, & as hard to crack as randomly generated passwords. Combining four unrelated words is another lovely system. Having a personally designed “algorithm” for generating obscure passwords is another lovely system.

The security of a password-protected system depends on several factors. The overall system must, of coursework, be designed for sound security, with protection against computer viruses, man-in-the-middle attacks & the like. Physical security issues are as well as a concern, from deterring shoulder surfing to more sophisticated physical threats such as video cameras & keyboard sniffers. &, of coursework, passwords should be selected so that they are hard for an attacker to guess & hard for an attacker to discover using any (& all) of the available automatic attack schemes. See password strength, computer security, & computer insecurity.

Factors in the security of a password system

Effective access control provisions may force extreme measures on criminals seeking to acquire a password or biometric token. Less extreme measures include extortion, rubber hose cryptanalysis, side channel attack,

DATA ENCRYPTION

Before the world wide web, information encryption was never used by the public as it was more of a military security tool. With the prevalence of online shopping, banking & other services, even basic home users are now aware of information encryption.

Information encryption refers to mathematical calculations & algorithmic schemes that transform plaintext in to cyphertext, a form that is non-readable to unauthorized parties. The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt the information, transforming it to the original plaintext version.

Today’s web browsers automatically encrypt text when making a connection to a secure server. This prevents intruders from listening in on private communications. Even if they can capture the message, encryption lets them only view scrambled text or what plenty of call unreadable gibberish. On arrival, the information is decrypted, allowing the intended recipient to view the message in its original form.

Types of Information Encryption

There's plenty of different types of information encryption, but not all are reliable. In the beginning, 64-bit encryption was thought to be strong, but was proven wrong with the introduction of 128-bit solutions. AES (Advanced Encryption Standard) is the new standard & permits a maximum of 256-bits. In general, the stronger the computer, the better chance it's at breaking a information encryption system.

Information encryption schemes generally fall in four categories: symmetric & asymmetric. AES, DES & Blowfish use symmetric key algorithms. Each system uses a key which is shared among the sender & the recipient. This key has the ability to encrypt & decrypt the information. With asymmetric encryption such as Diffie-Hellman & RSA, a pair of keys is created & assigned: a private key as well as a public key. The public key can be known by someone & used to encrypt information that will be sent to the owner. Two times the message is encrypted, it can only be decrypted by the owner of the private key. Asymmetric encryption is said to be more secure than symmetric encryption as the private key is not to be shared.

Strong encryption like SSL (Secure Sockets Layer) & TLS (Transport Layer Security) will keep information private, but cannot always ensure security. Web-sites using this type of information encryption can be verified by checking the digital signature on their certificate, which should be validated by an approved CA (Certificate Authority).

Encryption with a variable key

An elderly, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious

A more advanced system is the use of simple encryption to encipher the virus. In this case, the virus consists of a little decrypting module & an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the finish. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn’t necessary, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.

A computer virus is a computer program that can copy itself & infect a computer without the permission or knowledge of the owner. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware, & spyware programs that do not have the reproductive ability. A true virus can only spread from two computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Web, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. ( Fred Cohen) The term “computer virus” is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, & other malicious & unwanted application), including true viruses. Viruses are sometimes confused with computer worms & Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, as well as a Trojan horse is a program that appears harmless but has a hidden agenda. Worms

COMPUTER VIRUS

Methods to keep away from detection

In order to keep away from detection by users, some viruses employ different kinds of deception. Some elderly viruses, on the MS-DOS platform