Computer Security

TOPIC AREA

What Is Computer Security?

Computer security is the discipline concerned with protecting computing systems, networks, and data from unauthorized access, disclosure, modification, disruption, and destruction. It encompasses the technical, administrative, and physical controls used to ensure the confidentiality, integrity, and availability of information, a triad of properties commonly abbreviated as CIA. The field draws on cryptography, network engineering, operating systems research, and formal verification to design and evaluate protective measures.

The threat environment that computer security addresses includes both opportunistic attacks, such as automated malware campaigns that exploit known vulnerabilities, and targeted intrusions by sophisticated adversaries pursuing specific objectives. Effective security practice combines preventive controls that reduce the attack surface, detective controls that identify when defenses have been bypassed, and response capabilities that limit damage after a breach.

Cryptography

Cryptography provides the mathematical foundation for most computer security mechanisms. Symmetric encryption algorithms, such as AES (Advanced Encryption Standard), use the same key for encryption and decryption and are efficient enough for protecting bulk data. Asymmetric (public-key) algorithms, such as RSA and elliptic curve cryptography, use mathematically related key pairs and enable key exchange and digital signatures without requiring a pre-shared secret. Hash functions such as SHA-256 produce fixed-length digests used for integrity verification and digital signature schemes. The NIST Cryptographic Standards and Guidelines program maintains the authoritative standards for cryptographic algorithms used in federal systems, including AES (FIPS 197) and the SHA-3 family (FIPS 202), and is currently standardizing post-quantum cryptographic algorithms to resist attacks from future quantum computers.

Authentication

Authentication is the process of verifying that an entity (a user, device, or software process) is who or what it claims to be. Authentication mechanisms are categorized by the type of evidence they rely on: something the user knows (passwords and PINs), something the user has (hardware tokens and smart cards), and something the user is (biometric characteristics such as fingerprints and facial geometry). Multi-factor authentication (MFA) combines two or more of these categories, substantially reducing the risk of credential compromise. Passwordless authentication schemes using FIDO2 (Fast Identity Online) and WebAuthn replace shared secrets with public-key cryptography, eliminating the server-side password database that is a frequent target of data breaches. The NIST Digital Identity Guidelines (SP 800-63) define the assurance levels and technical requirements for authentication in systems that serve federal agencies.

Firewalls and Intrusion Detection

A firewall enforces a security policy by inspecting network traffic and permitting or blocking packets based on rules that reference source and destination addresses, port numbers, and protocol types. Stateful firewalls track the state of active connections and can detect packets that do not conform to a legitimate connection sequence. Advanced firewalls add application-layer inspection, allowing policies based on application identity rather than just port numbers. Intrusion detection systems (IDS) monitor network traffic or host activity for signatures of known attacks or anomalies that deviate from established behavioral baselines. An intrusion prevention system (IPS) extends detection to active blocking, terminating or redirecting suspicious traffic in real time. IEEE Transactions on Dependable and Secure Computing publishes research on both the design of detection algorithms and the evaluation of their accuracy under realistic attack distributions.

Malware and Application Security

Malware is software designed to perform actions on a system without the authorization or knowledge of the system's owner. Categories include viruses (which replicate by attaching to other programs), worms (which propagate autonomously across networks), ransomware (which encrypts files and demands payment for the decryption key), and spyware. Application security addresses the vulnerabilities in software that malware and attackers exploit: buffer overflows, injection flaws, insecure deserialization, and broken authentication. Secure development practices, including static analysis, fuzz testing, and manual code review, aim to eliminate vulnerabilities before software reaches production. Cloud computing security extends these principles to virtualized infrastructure, addressing risks specific to multi-tenant environments such as cross-tenant data leakage, insecure APIs, and misconfigured access control policies.

Applications

Computer security has applications in a wide range of disciplines, including:

  • Financial services, through encryption of transaction data, authentication of account holders, and detection of fraudulent activity
  • Healthcare, protecting electronic health records under regulations such as HIPAA using access control and audit logging
  • Critical infrastructure protection, using network segmentation and intrusion detection in power, water, and transportation control systems
  • Cloud services, through identity and access management, encryption key management, and security monitoring of virtualized environments
  • Software development, via secure development lifecycle practices and automated vulnerability scanning in CI/CD pipelines