Chapter 13 Security Strategies and Systems. Security Issues The Internet has opened up many new frontiers for everyone, including con artists and computer.

Slides:

Advertisements

Similar presentations

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Advertisements

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Crime and Security in the Networked Economy Part 4.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

MIS PROTECTING INFORMATION RESOURCES Biometrics Identity theft

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

© Paradigm Publishing, Inc. 8-1 Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Security, Privacy, and Ethics Online Computer Crimes.

CSA 223 network and web security Chapter one

FIT3105 Security and Identity Management Lecture 1.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Viruses & Destructive Programs

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.

Chapter 11 Security and Privacy: Computers and the Internet.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.

Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.

BUSINESS B1 Information Security.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Prepared by: Dinesh Bajracharya Nepal Security and Control.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

C8- Securing Information Systems

Madison Security Systems. Computer Viruses Types of Viruses  Nuisance Viruses  Data-Destructive Viruses  Espionage Viruses  Hardware-Destructive.

Northland Security Systems. Computer Viruses Types of Viruses  Nuisance viruses  Data-destructive viruses  Espionage viruses  Hardware-destructive.

Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.

CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.

 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.

Chapter 8 Computers and Society, Security, Privacy, and Ethics

Types of Electronic Infection

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

Security Issues and Strategies Chapter 8 – Computers: Understanding Technology (Third edition)

Computer Crime crime accomplished through knowledge or use of computer technology. Computers are tools – we choose how to use / apply the technology.

Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Topic 5: Basic Security.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Computer Skills and Applications Computer Security.

INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.

Any criminal action perpetrated primarily through the use of a computer.

 Nuisance viruses  Data-destructive viruses  Espionage viruses  Hardware-destructive viruses.

Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.

By: Matthew Newsome.  The Internet was created so the US Department of Defense can share information between each other, which took place in the 1960’s.

Information Systems Design and Development Security Precautions Computing Science.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Technical Implementation: Security Risks

Challenge/Response Authentication

– Communication Technology in a Changing World

ISNE101 Dr. Ken Cosh Week 13.

G061 - Network Security.

Presentation transcript:

Chapter 13 Security Strategies and Systems

Security Issues The Internet has opened up many new frontiers for everyone, including con artists and computer users with malicious intent.

Security Issues Network and Internet Security Risks Computer Viruses Hardware and Software Security Risks

Network and Internet Security Risks Unauthorized Access Information Theft Denial of Service (DoS) Attacks

Hackers and Crackers Hackers are individuals who specialize in breaking security systems, motivated by either curiosity or the challenge.

Crackers Crackers tend to be more decidedly criminal in nature, and oftentimes steal information or break the security of a software program on CD by removing the copy protection system.

Hacker Methods Obtaining users’ IDs and passwords Entering through system backdoors left unintentionally by programmers Spoofing Installing spyware A company’s most valuable possession is typically its information stored in databases.

User IDs and Passwords Most hackers focus on gaining entry over the Internet to a secure computer system by finding a working user ID and password combination.

Obtaining User IDs and Passwords Hackers know from experience which passwords are common and they have programs that generate thousands of likely passwords and try them automatically over a period of hours or days.

System Backdoors A system backdoor is a user ID and password that provides the highest level of authorization. The “backdoor” often is created in the early days of system development to allow programmers access to fix problems. People who know about a backdoor can then enter the system, bypassing the security, perhaps years later when the backdoor has been forgotten.

Spoofing Spoofing is the process of fooling another computer by pretending to send packets from a legitimate source. It works by altering the address that the system automatically puts on every message sent. The address is changed to one that the receiving computer is programmed to accept as a trusted source of information.

Spyware A type of software that allows an intruder to spy upon someone else’s computer Takes advantage of loopholes in the Windows security systems and allows a stranger to witness and record another person’s every mouse click and keystroke on the monitor as it occurs. For the spy, it looks as if a ghost is moving the mouse and typing in on his screen.

Spyware For the victim, everything seems normal. The spy can record activities, gain access to passwords and credit card information—or she can just snoop. Software can be installed without victim’s knowledge. Disguised as an e-greeting, for example, the program can operate like a virus that gets the unwary user to install the spyware unknowingly.

Information Theft Information can be a company’s most valuable possession. For example, a sales database lists all of a company’s clients, with contact information and sales history. A competitor who gains access to this information will have a huge advantage. He will know exactly how much to bid to gain a sale, which clients to call, and what products they like to buy.

Industrial Espionage Stealing corporate information, a crime included in the category of industrial espionage, is unfortunately easy to do and difficult to detect. With software, if a cracker breaks into a company network and manages to download the company database from the network onto a disk, nothing seems wrong. The original database is still in place, working the same way it did before.

Industrial Espionage Industrial espionage and other types of information theft carried out via networks pose a serious problem.

Wireless Vulnerability Wireless networks and wireless devices make information theft particularly easy. Wireless devices such as cameras, Web phones, networked computers, PDAs, and input and output peripherals are inherently less secure than wired devices. A normal wired connection, such as a wire between a keyboard and a computer, cannot be as easily intercepted as a wireless radio transmission.

Denial of Service (DoS) Attacks Carried out by organized groups of hackers who run a computer program that repeatedly asks a Web site for information or access. Bombarding the site thousands of times a second means that legitimate users cannot access the site and thus are denied service.

Computer Viruses Computer viruses are software programs designed expressly to “infect” or spread to as many computers as possible and perform some kind of prank. These pranks range from annoyance to the destruction of data and hardware.

Antivirus Software The Internet has made viruses spread more quickly. Antivirus software is available to detect and remove known viruses.

Methods of Virus Operation Macros Boot sector infections Trojan horse method Stealth, polymorphic, or multipartite viruses Logic or time bombs Similar to viruses are software worms, which operate by transmitting and copying themselves. Macros Boot sector infections Trojan horse method Stealth, polymorphic, or multipartite viruses Logic or time bombs Similar to viruses are software worms, which operate by transmitting and copying themselves.

Hardware and Software Security Risks Major systems failures Employee theft Cracking of software protection codes.

Security Strategies Data backups Disaster recovery plans Data encryption Firewalls User IDs and passwords Network sniffers Mini webcams Biometric authentication

Security Strategies Data backups: Create backup files and place them in a safe spot Disaster recovery plans: Data backup procedures, remotely located backup copies, redundant systems

Data Encryption Other security strategies include using data encryption for sensitive transactions

Firewalls Security strategies include setting up firewalls to protect networks

User IDs and Passwords User ID and Password Combination User ID: Known portion Password: Core security element To create a secure, memorable password, use one or two familiar words connected with a number or symbol.

Network Sniffers Network sniffer is a software package that Displays network traffic data Shows which resources employees are using Shows Web sites they are visiting Troubleshoots network connections Improves system performance.

Mini Webcams Webcams were originally designed to sit on top of a user’s monitor and allow for audio/video conversations with others on the Internet. They have been adapted, however, as a security measure and as a tool for voyeurism. The addition of a motion sensor allows them to transmit only when something is happening

Biometric Authentication Biometric identifiers are unique physical attributes that can be used to verify a person’s identity: Hand geometry Facial geometry Facial thermography Retinal patterns Iris patterns Voice patterns

Fingerprint Scanning Systems Fingerprint scanning systems are commonly used for biometric authentication.

Hand Geometry A hand geometry system determines a person’s identity by measuring the dimensions of the hand, which are unique to each individual. This system is touted as harder to fool than a fingerprint scanner, as it is more difficult to create a fake hand than a fake image of a fingerprint.

Computerized Facial Recognition (CFR) systems work in a variety of ways, but the primary goal is to recognize a human face by comparing it to existing scans of photos in a database.

Voice and Signature Verification By measuring the pitch and timbre of a human voice, computers are able to recognize individuals. Scanners are used to verify a person’s signature against a known database of signatures.

Iris and Retinal Recognition Hundreds of details about irises can be measured and compiled as unique patterns stored in iris recognition systems. Iris and retinal recognition systems are used primarily in high-security environments such as military installations and financial institutions.

Keystroke identification is a new area of biometric technology that measures typing rhythms, which are virtually impossible for someone to falsify. On the Horizon This type of system offers the advantages of being unobtrusive, fairly low-tech, inexpensive, and highly effective.

On the Horizon Quantum cryptography is a new attempt to make even the starting encryption keys secret. Using quantum devices to transmit light signals over fiber optic cable, two parties who wish to send a secret message can exchange their unprotected key as normal to start the sequence. If anyone observes the key, the system will be disturbed, and both sides will be aware of the security breach.