Vulnerability of Computer Systems
Computer security, also known as cybersecurity or information technology security, focuses on the protection of computing infrastructure:
Software infrastructure:
1) Databases (DB): a set of structured data belonging to the same context and function, used to electronically manage information in a system. There are currently two DB models:
Relational databases (SQL): it is the most used model nowadays and stores data such as:
The name of each table.
The name of each column.
The data type of each column (numeric or alphabetical).
Register, line, or row of the table.
Non-relational databases (NoSQL): they have flexible schemas to create modern applications. They use a variety of data models, including document, chart, key-value. NoSQL databases use the JSON format (JavaScript Object Notation), the plain text format facilitates data exchange and is independent of the programming language used.
Example: the BDR record of Central University students in JSON format:
Each record in braces {}.
We have five elements separated by commas.
Each element formed by a key: value pair, example “Identity”: 25089.
2) Metadata: data that provide information about other data, they can be:
Descriptive: includes elements such as the title, abstract, author and keywords of the DB.
Structural: They indicate how to order the pages to form chapters.
Others such as administrative, reference, statistical and legal metadata.
Example: when an NFT is created in the Opensea platform, the metadata corresponding to that NFT is included:
3) Computer files: is a resource consisting of one or more data records in a storage device or memory. Example of a relational DB file consisting of three records:
Example of a non-relational DB file consisting of three records:
Hardware infrastructure
Computer networks: a set of equipment, nodes and software connected together by physical devices that send and receive electrical impulses, electromagnetic waves or any other means of data transport, in order to share information, resources and offer services, its most important components are:
Servers: is a computer and with its programs provides services to other computers.
Hub-Switch: A Hub is a network device that connects several computers to a single network, while a Switch connects several devices to a single computer network. A Hub operates at the physical layer, while a Switch operates at the data link layer.
Router: a network device that forwards data packets between physically connected computer network elements. Routers perform the functions of directing traffic on the Internet. Data sent over the Internet, such as a web page or email, is in the form of data packets.
Wi-Fi router: is a device that provides a Wi-Fi or wireless connection via a modem. It sends information from the Internet to personal devices such as computers, phones and tablets.
Client: is a computer or program that accesses a service offered by a server as part of the client-server model. The server is usually (but not always) on another computer system, in which case the client accesses the service over a network.
IT vulnerabilities
Software and hardware infrastructure, as a product of human development, tends to present vulnerabilities that can be exploited by hackers to take advantage of it. Among these vulnerabilities we find:
Buffer overflow.
Race condition.
Format string bugs.
Cross Site Scripting (XSS).
SQL injection.
Denial of Service (DOS).
Tricky windows.
The solution to these vulnerabilities will depend on many technical factors:
From system analysis and design to the selected software development model (Waterfall, spiral, RUP, SCRUM, Kanban).
The experience, skills, commitment and dedication of the development team.
Cryptography: defense tool
Cryptography deals with problems related to the confidential and secure transmission of information, even if the network or medium is unreliable. It also deals with the integrity of data in databases.
Here I will discuss how cryptography, the formal definition of which will be given later, can solve these problems, which we will call generic vulnerabilities. We will classify generic vulnerabilities into:
Integrity: Refers to the message elements, data, documents and other forms of content that have not been modified in transit within the computer network or at rest in the database.
Authenticity: It refers to guaranteeing that the message has been sent by who it claims to be. When the message is sent by node A of the network to node B, B can verify it.
Confidentiality: The ability to keep the content of a message hidden, so that if a third party sees the message, it cannot interpret or read its content.
Conclusion: Any entity that has an information system must evaluate the value of the information it possesses, for this it needs to implement a work plan that allows it to defend the information system. In the following articles we will explain what makes cryptography a widespread protection tool.