ISNE101 Dr. Ken Cosh Week 13

This Week Challenges (still) facing Modern IS Reliability Security

Reliability Redundancy is the Key! Spare components Components running in parallel Triple Modular Redundancy Identify unreliable components and arrange back ups. UPS Multiple ISPs

Security Data stored digitally & transmitted through networks == Greater security threats. After all digital data can be copied more easily

Security Threats Tapping Sniffing Message Alteration Theft/Fraud Hacking Vandalism DoS attacks Theft/Copy Data Hardware/Software Failure Unauthorised Access Errors Viruses/Worms Spyware

Malware (Malicious Software): Viruses / Worms / Trojans / Spyware Display message -> destroying data Spread by human action; i.e. sending infected email, or copying a file Worms Don’t need human action; Copy themselves across network on their own. Destroy data / Disrupt network

Malware (Malicious Software): Viruses / Worms / Trojans / Spyware Trojan Horses Software appears benign, but then does something unexpected Doesn’t replicate (so not a virus), but may facilitate viruses Spyware Program installs itself and then serves up advertising Keyloggers record all keystrokes – including passwords / CC numbers etc. Some spyware uses up memory / redirect search requests / reset browser home page

Hackers & Computer Crime Objective: to gain unauthorised access Steal information System damage Cybervandalism Defacing websites

Spoofing / Sniffing Spoofing Sniffing Masquerade as someone else drkencossh@gmail.com Redirect you to similar webpage www.hsbc.net Sniffing Eavesdropping on data passed through a network Legitimately to identify trouble spots / criminal activity But also to steal information V. difficult to detect

DoS Attacks Denial of Service DDoS – Distributed Denial of Service Fake communications / requests submitted simultaneously through network to slow it down and prevent legitimate usages.

Identity Theft Perhaps by Phishing Or Evil Twins Asking users for confidential data through fake emails/websites “Please update your records…” Or Evil Twins I could set up a “trustworthy” wifi network connection in a hotel lobby

Countering the Threats Tight Security Policies Access Control Authentication Password Biometrics Firewalls Anti Virus Encryption

Security Policies Access Control Lists (ACL) Limit which users can do what (e.g. update websites) Signed agreements for service When allowing users onto a network, normally they sign an agreement, regarding terms of use. How about at CMU? Policies could include, Regular password changes Whether personal use of service is permitted Antivirus updates Can help against, external attacks, intrusion, virus / worms

Encryption Encoding the contents of a transmission so it can’t be decrypted on route. Symmetric-key encryption Public / Private key encryption Helps prevent interception.

Symmetric Key Encryption Both sender and receiver use the same ‘code’ to encrypt and then decrypt a message. If I tell you to move each character back two in the alphabet, and then send you this message; Jgnnq Encuu Anyone who intercepts the message gets nothing, but you are able to decrypt it. More interesting patterns can be created to increase security. Substitution Transposition Key: FANCY Message: eatitnihmexnetmgmedt

Decoding