CH # 6 Securing Information Systems “66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot (2005)

Topics to be discussed 1.The meaning of “Information System Security” term. 2.Primary Threats to Information Systems Security. 3.How IS(s) are often compromised? 4.Technological and human- based safeguards. 5.Q:How to Better manage IS Security? 6.The State of System Security Management Today. (self study p. 256) Intro. to ISs © 2008,I. Sarah Al-Bakry2

“Information System Security “ term All systems connected to a network are at risk – Internal threats – External threats Information systems security definition: – Precautions to keep all aspects of IS safe from unauthorized access and use (all HW, SW, Network, equipment and Data) Increased need for good computer security with increased use of the Internet Intro. to ISs © 2008,I. Sarah Al-Bakry3

Primary Threats to Information Systems Security 1. Accidents and natural disasters Power outages, cats walking across keyboards 2. Employees and consultants 3. Links to outside business contacts Travel between business partners 4. Outsiders (Hackers, Crackers, Viruses) Intro. to ISs © 2008,I. Sarah Al-Bakry4

HW Check the difference between: Hackers, Crackers, Viruses From the glossary

IS(s) are often compromised by one or more of the following: Unauthorize d Access Information Modification Denial of Service Attack Computer Viruses SpywareSpam Phishing Cookies Intro. to ISs © 2008,I. Sarah Al-Bakry6

Unauthorized Access Unauthorized people – Look through electronic data – Peek (steal a look) at monitors – Intercept (cut off) electronic communication Unauthorized access may be achieved : - Theft of computers or storage media. - Get an administrator status. Intro. to ISs © 2008,I. Sarah Al-Bakry7

Gaining Access to a Password Brute force – Try combinations until a match is found Protection: – Wait time requirements after unsuccessful login attempt. – CAPTCHA Completely Automated Public Tuning Test to tell computers and Humans Apart Intro. to ISs © 2008,I. Sarah Al-Bakry8

Information Modification User accesses electronic information User changes information – Employee gives himself a raise. – Crackers hack government computers and change info. Intro. to ISs © 2008,I. Sarah Al-Bakry9

Denial of Service Attack Attackers prevent legitimate users from accessing services Zombie computers – Created by viruses or worms – Attack Web sites. – Look for the definition of “Zombie computer” in the glossary. Intro. to ISs © 2008,I. Sarah Al-Bakry10

Computer Viruses Corrupt and destroy data Destructive code can – Erase a hard drive – Seize(get hold of) control of a computer Worms – Variation of a virus – Replicate endlessly across the Internet – Servers crash My Doom attack on Microsoft’s Web site Intro. to ISs © 2008,I. Sarah Al-Bakry11

HW Check the difference between: Viruses, Worms, Trojan Hours From the glossary

Spyware Within freeware or shareware Within a Web site Gathers information about a user – Credit card information – Behavior tracking for marketing purposes Eats up computer’s memory and network bandwidth Adware – special kind of spyware – Collects information for banner ad customization Intro. to ISs © 2008,I. Sarah Al-Bakry13

Spam Electronic junk mail Advertisements of products and services Eats up storage space Compromises network bandwidth Spim – Spam over IM Intro. to ISs © 2008,I. Sarah Al-Bakry14

Protection Against Spam Barracuda Spam Firewall 600 – Filters spam and other threats – Decreases amount of spam processed by the central server – Handles 3,000 – 10,000 active users – Spam messages blocked or quarantines Intro. to ISs © 2008,I. Sarah Al-Bakry15

Phishing Attempts to trick users into giving away credit card numbers Phony messages Duplicates of legitimate Web sites E.g., eBay, PayPal have been used Intro. to ISs © 2008,I. Sarah Al-Bakry16

Cookies Messages passed to a Web browser from a Web server Used for Web site customization Cookies may contain sensitive information Cookie management and cookie killer software Internet Explorer Web browser settings Intro. to ISs © 2008,I. Sarah Al-Bakry17

Other Threats to IS Security 1. Employees writing passwords on paper 2. No installation of antivirus software 3. Use of default network passwords 4. Letting outsiders view monitors Intro. to ISs © 2008,I. Sarah Al-Bakry18

Other Threats to IS Security (II) 5. Organizations fail to limit access to some files 6. Organizations fail to install firewalls 7. Not doing proper background checks 8. Lack of employee monitoring 9. Fired employees who are resentful Intro. to ISs © 2008,I. Sarah Al-Bakry19

Technological safeguards 1. Physical access restrictions – Authentication Use of passwords Photo ID cards, smart cards Keys to unlock a computer Combination Authentication limited to o Something you have o Something you know o Something you are Intro. to ISs © 2008,I. Sarah Al-Bakry20

Biometrics الإحصائيات البيولوجية )) Form of authentication – Fingerprints – Retinal patterns ( أنماط الشبكية ) – 35 لمزيد من التفاصيل شريحة رقم – Body weight – Etc. Fast authentication High security Intro. to ISs © 2008,I. Sarah Al-Bakry21

Access-Control Software Access only to files required for work Read-only access Certain time periods for allowed access Business systems applications – Built-in access control capabilities Intro. to ISs © 2008,I. Sarah Al-Bakry22

Wireless LAN Control Wireless LAN cheap and easy to install Use on the rise Signal transmitted through the air – at risk to being intercepted – Drive-by hacking Intro. to ISs © 2008,I. Sarah Al-Bakry23

Technological safeguards 2. Firewalls: System designed to detect intrusion and prevent unauthorized access. Implementation – Hardware, software, mixed Intro. to ISs © 2008,I. Sarah Al-Bakry24

Technological safeguards 3. Encryption Message encoded before sending Message decoded when received – Public key technology Each individual has a pair of keys – Public key – freely distributed – Private key – kept secret Intro. to ISs © 2008,I. Sarah Al-Bakry25

Encryption for Websites Certificate Authority – Third party – trusted middleman Verifies trustworthiness of a Web site Checks for identity of a computer Provides public keys Secure Sockets Layer (SSL) – Developed by Netscape Intro. to ISs © 2008,I. Sarah Al-Bakry26

Technological safeguards 4. Recommended Virus Precautions Purchase and install antivirus software – Update frequently Do not download data from unknown sources – Flash drives, disks, Web sites Delete (without opening) from unknown source Warn people if you get a virus – Your department – People on list Intro. to ISs © 2008,I. Sarah Al-Bakry27

Technological safeguards 5. Audit Control Software Keeps track of computer activity Spots suspicious action Audit trail – Record of users – Record of activities IT department needs to monitor this activity Intro. to ISs © 2008,I. Sarah Al-Bakry28

Other Technological Safeguards Backups – Secondary storage devices – Regular intervals Closed-circuit television (CCTV) – Monitoring for physical intruders – Video cameras display and record all activity – Digital video recording Uninterruptible power supply (UPS) – Protection against power off. Intro. to ISs © 2008,I. Sarah Al-Bakry29

Human Safeguards Use of federal and state laws as well as ethics Intro. to ISs © 2008,I. Sarah Al-Bakry30

Q:How to Better manage IS Security? Answer: By developing an Information Systems Security Plan Ongoing five-step process 1. Risk analysis. 2.Policies and procedures. 3. Implementation. 4. Training – organization’s personnel. 5. Auditing. Intro. to ISs © 2008,I. Sarah Al-Bakry31

The State of System Security Management Today Self Study p. 256 (The Points only) Intro. to ISs © 2008,I. Sarah Al-Bakry32

THE END of the chapter Intro. to ISs © 2008,I. Sarah Al-Bakry33

الشرائح التالية للإطلاع Intro. to ISs © 2008,I. Sarah Al-Bakry34

Retinal Pattern شبكية العين البشرية هي غشاء رقيق يتكون من أنسجة الخلايا العصبية التي تقع في جزء لاحق من العين. بسبب البنية المعقدة للشعريات الدموية التي تزود الشبكية بالدم ، كل شخص لديه شبكية فريدة من نوعها. شبكة الأوعية الدموية في شبكية العين معقدة لدرجة بحيث حتى التوائم المتماثلة ، ليس لها نمط متماثل. على الرغم من تغير أنماط شبكية العين أحياناً بسبب بعض الأمراض مثل في حالات السكري الا أن الشبكية بالعادة لا تتغير منذ الولادة حتى الموت. ولطبيعتها الفريدة والثابتة ، فإنها تستخدم كإحدى وسائل الموثوقية البيولوجية. Source: Intro. to ISs © 2008,I. Sarah Al-Bakry35

Cookies تضع معظم مواقع الويب، عندما يتم زياراتها ملفاً صغيراً على القرص الصلب الخاص بجهاز الزائر ( المتصفح ) ، هذا الملف يسمى " كوكي " ، وملفات الكوكيز هي عبارة عن ملفات نصية، اذ أنها ليست برامج أو شفرات برمجية ويهدف هذا الكوكي إلى جمع بعض المعلومات عنك، وهو مفيد أحياناً، خاصة إذا كان الموقع يتطلب منك إدخال كلمة مرور تخولك بزيارته. ففي هذه الحالة لن تضطر في كل زيارة لإدخال تلك الكلمة، إذ سيتمكن الموقع من اكتشافها بنفسه عن طريق " الكوكي " ، الذي تم وضعه على القرص الصلب في الجهاز وذلك من اول زيارة بمعنى أخر تحتوي هذه الملفات النصية ( الكوكيز ) على معلومات تتيح للموقع الذي أودعها أن يسترجعها عند الحاجة، أي عند زيارتكم المقبلة للموقع. Intro. to ISs © 2008,I. Sarah Al-Bakry36

Cookies ولكن من الممكن ان يتم استغلال الكوكيز في انتهاك خصوصية المستخدمين وجمع معلومات عنهم خلال تصفحهم للمواقع. إذا كنتم لا ترغبون أن يسجل الآخرون " كوكيز " على القرص الصلب في جهازكم، بهدف جمع بعض المعلومات عنكم، فبإلامكان تجهيز المتصفح الذي نستخدمه بحيث يطلب الموافقة قبل أن يحفظ أي " كوكي " ، على القرص الصلب. Intro. to ISs © 2008,I. Sarah Al-Bakry37

Mydoom (computer worm) From Wikipedia, the free encyclopedia Mydoom, also known as watson postmortem debugger, Novarg, Mimail.R and Shimgapi, is a computer virus affecting Microsoft Windows. It was first sighted on January 26, It became the fastest-spreading worm ever (as of January 2004 [update] ), exceeding previous records set by the Sobig worm. [1] computer virusMicrosoft Windows January [update] Sobig worm [1] Mydoom appears to have been commissioned by spammers so as to send junk through infected computers. [2] The worm contains the text message “andy; I'm just doing my job, nothing personal, sorry,” leading many to believe that the worm's creator was paid to do so. Early on, several security firms published their belief that the worm originated from a professional underground programmer in Russia. [3] The actual author of the worm is unknown.spammers [2] [3] Intro. to ISs © 2008,I. Sarah Al-Bakry38

Sobig (computer worm) From Wikipedia, the free encyclopedia The Sobig Worm was a computer worm that infected millions of Internet- connected, Microsoft Windows computers in August 2003.computer wormInternetMicrosoft Windows2003 Although there were indications that tests of the worm were carried out as early as August 2002, Sobig.A was first found in the wild in January Sobig.B was released on May It was first called Palyh, but was later renamed to Sobig.B after anti-virus experts discovered it was a new generation of Sobig. Sobig.C was released May 31 and fixed the timing bug in Sobig.B. Sobig.D came a couple of weeks later followed by Sobig.E in June 25. On August 19, Sobig.F became known and set a record in sheer volume of s anti-virusMay 31 June 25August 19 The worm was most widespread in its "Sobig.F" variant. Sobig is a computer worm in the sense that it replicates by itself, but also a Trojan horse in that it masquerades as something other than malware. The Sobig worm will appear as an electronic mail with one of the following subjects:computer worm Trojan horsemalwareelectronic mail Intro. to ISs © 2008,I. Sarah Al-Bakry39

Sobig (computer worm) Re: Approved Re: Details Re: Re: My details Re: Thank you! Re: That movie Re: Wicked screensaver Re: Your application Thank you! Your details Intro. to ISs © 2008,I. Sarah Al-Bakry40

Sobig (computer worm) It will contain the text: "See the attached file for details" or "Please see the attached file for details." It also contains an attachment by one of the following names: application.pif details.pif document_9446.pif document_all.pif movie0045.pif thank_you.pif your_details.pif your_document.pif wicked_scr.scr Intro. to ISs © 2008,I. Sarah Al-Bakry41