IT security is basically the protection of computer systems from theft or damage of the hardware, software or the data stored in them, and from disruption of the services the computer systems provide.
IT security includes monitoring physical access to the hardware, and safeguarding against threats which come through network access, data and code injection. Also, the computer systems are protected from malpractices caused by users, which at times are forced to deviate from secure procedures.
Vulnerabilities and attacks
Vulnerability is a system’s weakness or fault. Most of these weaknesses are recorded in the common vulnerabilities and exposures database. An exploitable vulnerability is one where at least one working attack or exploit exists.
To safeguard a computer system, you must understand the potential threats that can be made against it. The common threats include:
A backdoor is a secret method of bypassing normal verification or security controls. These threats can be added by authorized parties for legitimate reasons or an attacker for malicious reasons. Backdoors usually create vulnerabilities for computer systems.
Distributed Denial-of-service attacks (DDoS)
These attacks are meant to make computer or system resources unavailable to their intended users. Attackers can deny services to users by deliberately entering wrong passwords enough times to make the account to be locked or overloading the capabilities of a computer network and blocking all the users at once.
This is the attempt to acquire sensitive information like passwords, usernames, and credit card details directly from the users. This attack is usually carried out through instant messaging or email spoofing. It makes users to enter their details in a fake account, which is usually identical to the legitimate one.
Here, the user is convinced to disclose secrets like passwords and credit card details by a person impersonating a bank, contractor or a customer. Common attacks include fake CEO emails send to accounting and finance departments.