TECHNICAL SCIENCES
CURRENT ASPECTS OF CYBER SECURITY
Melnyk O.
3rd-year student, SOCIE Department, INHA University in Tashkent, Uzbekistan
ORCID: https://orcid.org/0000-0002-0130-6031
Abstract
The article discusses topical issues of cybersecurity, terminology, dangers that await users in cyberspace, and ways to prevent them.
Keywords: cybersecurity, cyberspace, malware, information, computer virus.
Introduction
Numerous cyber incidents recorded in recent years clearly show that cyber security has become part of the international agenda. Several international organizations have taken initiatives in cyberspace governance, notably the United Nations and the European Union. The UN and the EU aim to play a leading role in cyber resilience policy. However, these initiatives have not yet resulted in the creation of proper regulations [3].
The lack of consensus in international law regarding terminology is a negative factor in building relations between states [1,2,3].
Terminology. Dangers awaiting users in cyberspace. Mechanisms for combating cybercrime.
Wikipedia, the free encyclopedia distributed on the Internet, defines cyberspace as "a metaphorical abstraction used in philosophy and in computer technology and is a virtual reality, the second world both "inside" computers and "inside" computer networks.
Cybersecurity is the state of protection of information in electronic form and the environment for its processing, storage, transmission (electronic information resources, information systems, and information and communication infrastructure) from external and internal threats. Its main task is to fight and counter various forms of cybercrime.
Currently, cybersecurity issues are particularly relevant due to the fact that cyberspace is becoming increasingly important both for the functioning of states and for the provision of public services to citizens. Cyber-attacks cause economic damage, undermine public confidence in online services, and cause real harm to citizens, their property, and privacy. They occur mainly due to human negligence and irresponsibility: weak passwords, disclosure of personal data, etc.
The classical model of information security is based on the provision of three attributes that are significant for information security: confidentiality, integrity, and availability.
Confidentiality of information means that only a strictly limited circle of persons, determined by its owner, can get acquainted with it.
Information integrity is the ability of information to remain intact. Unauthorized and not provided for by the owner of information changes (as a result of an operator error or a deliberate action by an unauthorized person) lead to a violation of integrity.
The availability of information is determined by the ability of the information system to provide timely
unhindered access to information to subjects with the appropriate authority. Destroying or blocking information (whether by mistake or intentional action) results in a loss of availability.
Cybersecurity is currently facing the following challenges:
•low legal literacy of the population, ICT workers and managers information security organizations;
•violation by state and non-state subjects of informatization and users of services in the field of ICT of established requirements, technical standards, and regulations for the collection, processing, storage, and transmission of information in electronic form;
•unintentional human errors and technological failures that have a negative impact on information systems, software, and other elements of the information and communication infrastructure;
•actions of international criminal groups, communities, and individuals to carry out theft in the financial and banking sector, harmful impact in order to disrupt the operation of automated process control systems in the industry, energy, communications and in the field of information and communication services;
•the activities of political, economic, terrorist structures, intelligence, and special services of foreign states, directed against the interests of the country, by providing intelligence and subversive impact on the information and communication infrastructure.
The most common types of computer threats are: Ransomware is a type of malicious software designed to extort money by blocking access to computer system files until a ransom is received. Listing the ransom does not guarantee the restoration of files or the health of the system.
A DDoS attack is a distributed denial-of-service attack, which is one of the most common and dangerous network attacks. As a result of the attack, the service of legitimate users, networks, systems, and other resources is disrupted or completely blocked. As a result of a server DDoS attack, serving sites are forced to process an excessive amount of false requests and the site becomes inaccessible to a simple user.
Social engineering is a tactic used by attackers to lure a user into disclosing sensitive information.
Phishing is a type of computer fraud, the main purpose of which is to trick the victim into providing the scammer with the necessary information. This is a computer crime that is prosecuted by law.
Hacking a site is when an attacker gains unauthorized access to the site files or to the administration section of the site management system
Malware (malicious software) is a general term used to refer to any software designed specifically to harm an individual computer, server, or computer network. Malware is a broad category of software. They are installed without your permission and affect the operation of your computer. According to the distribution method, the following malicious software is distinguished: exploits, logic bombs, Trojans and spyware, computer viruses, and network worms.
A Trojan is a malicious program used by an attacker to collect information, destroy or modify it, disrupt a computer's performance, or use its resources for unseemly purposes.
A computer virus is a type of computer program that has the ability to replicate. In addition, it can corrupt or completely destroy data controlled by the user under whose name the charged program is running.
A network worm is a kind of self-replicating computer program that spreads in local and global computer networks. Unlike computer viruses, a worm is an independent program.
Spyware is a new variant of malware that tracks and logs actions taken on a computer.
Malicious programs most often enter a computer via the Internet or by e-mail. If you make a mistake in the URL or accidentally click on an unknown link, you can get to dangerous sites with "aggressive" content or malware. P2P networks, where users can transfer files directly from one computer to another, pose a significant risk for malware and adware to infect a computer.
Symptoms of malware infection include pop-ups, slow system performance, or redirection of browser requests to unwanted sites. Malicious programs interfere with normal system operation, which can lead to denial of service, data replacement, and reduced network throughput. In addition, the computer will not be able to be turned off or restarted.
Malware often spreads within the app with other files, so you shouldn't open email attachments sent from unknown sources, you shouldn't accept files from people you don't know, and you should be careful when opening AVI, EXE, or JPG files.
If you suspect that your computer is infected with malware, you must suspend any activity that is associated with the use of logins, passwords, and other confidential information.
To prevent such problems in the future, you should always use anti-virus software to protect your computer system from possible online threats, install anti-virus and anti-spyware programs only from reliable sources. Make sure your antivirus program is always up to date, scans your computer, and removes any programs that it detects as malware.
Cybercriminals are extremely resourceful in their attempts to exploit software vulnerabilities. Therefore, it is necessary to regularly install updates for all software - anti-virus and anti-spyware, operating systems, word processing programs, and other programs, enable automatic software updates when available, remove software that is not used.
Passwords are of particular importance in ensuring cybersecurity. Strong passwords must be at least 8 characters long and contain a combination of letters, numbers, and symbols. It is forbidden to disclose passwords to third parties, use the same password on all sites.
Flash drives should be used with extreme caution. Do not insert unknown drives into your computer and do not open unknown or unnecessary files that it contains. Always scan the drive with an anti-virus program before opening it.
A firewall is a protective screen between the global internet and the local computer network of an organization. It performs the function of checking and filtering data coming from the Internet. Depending on the settings, the firewall may let them through or block them. It is necessary to distinguish between a network firewall (firewall) and a firewall built into the Windows operating system. In the first case, the solution is installed at the edge (physical or logical) of the organization's computer infrastructure and protects all personal computers connected to the local network. It can be both software and software-hardware solution. In the second case, it is a program that works to protect a single user's computer.
Traffic Inspector Next Generation is a universal security gateway with a firewall to control and protect Internet access in corporate computer networks. It provides a secure connection to the Internet and anti-virus protection, prevents access to the corporate network from the outside, blocks harmful sites, keeps a record of network traffic.
Practical recommendations for ensuring cybersecurity.
Thus, ensuring cybersecurity is a multi-component and multi-level process. General recommendations for maintaining maximum protection for your computer can be summarized as follows:
1. Do not save passwords electronically on the desktop, do not store written passwords in public places, do not disclose passwords to third parties.
2. Disclosure of password values is allowed in case of production necessity, after which it is MANDATORY to change the password.
3. Passwords should be at least 8 characters long, should contain at least 1 capital letter and 1 digit, and must be updated quarterly.
4. It is highly not recommended to store electronic digital signatures on a computer.
5. Do not open emails and other suspicious attachments from strangers, especially if they are ar-chives(.zip/.rar) or executable files (.exe). If you think that the letter is important, then you need to contact the sender and clarify the subject of the letter and the reason for sending it.
6. For any suspicious e-mail request, you must use an alternative communication channel (for example, telephone) to confirm the request with the addressee.
7. You must always check the spelling of the address of the sender and recipient (even those with whom you contact on daily basis).
8. Employees of state bodies in the exercise of official correspondence in electronic form in the performance of their official duties should use only departmental e-mail.
9. You must use LICENSED antivirus software. Anti-virus databases must be updated at least once a day
10. Be sure to check any media for viruses when connected to your computer.
11. Scan all files from incoming e-mail for viruses by configuring automatic scanning.
12. It is not recommended to follow links and run programs received by e-mail from an unknown sender.
13. It is highly not recommended to visit malicious sites, as well as sites that contain unrelated information.
14. It is highly not recommended to accept agreements when visiting sites, the meaning of which you do not understand.
15. It is highly not recommended to use passwords for access to the local network in other programs and on sites where registration is required.
16. To avoid threats related to the use of cookies, it is recommended to periodically analyze the saved
cookies in order to determine if they contain valuable confidential information.
17. It is forbidden to leave unattended computers connected to a single transport environment of state bodies and the Internet network in the open. In case of leaving the workplace, it is mandatory to block the computer.
18. It is forbidden to disclose IP addresses and combinations of logins and passwords to third parties.
REFERENCES:
1. Borodakiy Yu.V., Dobrodeev A.Yu., Butusov I.V. (2014) Cybersecurity as the main factor of national and international security of the XXI century (part 1) Cybersecurity issues, (1(2)), 5-12.
2. Zgoba A.I., Markelov D.V., Smirnov P.I. (2014). Cybersecurity: threats, challenges, solutions. Cyber Security Issues, (5(8)), 30-38.
3. Verhelst A., Wouters J. (2020) Filling Global Governance Gaps in Cybersecurity: International and European Legal Perspectives. International Organizations Research Journal, vol. 15, no. 2, pp. 105-124 (in English). DOI: 10.17323/1996-7845-2020-02-07