Presentation is loading. Please wait.

Presentation is loading. Please wait.

CH # 6 Securing Information Systems “66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot (2005)

Published byBlake Stanley Modified over 9 years ago

Similar presentations

Presentation on theme: "CH # 6 Securing Information Systems “66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot (2005)"— Presentation transcript:

1 CH # 6 Securing Information Systems “66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot (2005)

2 Topics to be discussed 1.The meaning of “Information System Security” term. 2.Primary Threats to Information Systems Security. 3.How IS(s) are often compromised? 4.Technological and human- based safeguards. 5.Q:How to Better manage IS Security? 6.The State of System Security Management Today. (self study p. 256) Intro. to ISs © 2008,I. Sarah Al-Bakry2

3 “Information System Security “ term All systems connected to a network are at risk – Internal threats – External threats Information systems security definition: – Precautions to keep all aspects of IS safe from unauthorized access and use (all HW, SW, Network, equipment and Data) Increased need for good computer security with increased use of the Internet Intro. to ISs © 2008,I. Sarah Al-Bakry3

4 Primary Threats to Information Systems Security 1. Accidents and natural disasters Power outages, cats walking across keyboards 2. Employees and consultants 3. Links to outside business contacts Travel between business partners 4. Outsiders (Hackers, Crackers, Viruses) 1 2 3 4 Intro. to ISs © 2008,I. Sarah Al-Bakry4

5 HW Check the difference between: Hackers, Crackers, Viruses From the glossary

6 IS(s) are often compromised by one or more of the following: Unauthorize d Access Information Modification Denial of Service Attack Computer Viruses SpywareSpam Phishing Cookies Intro. to ISs © 2008,I. Sarah Al-Bakry6

7 Unauthorized Access Unauthorized people – Look through electronic data – Peek (steal a look) at monitors – Intercept (cut off) electronic communication Unauthorized access may be achieved : - Theft of computers or storage media. - Get an administrator status. Intro. to ISs © 2008,I. Sarah Al-Bakry7

8 Gaining Access to a Password Brute force – Try combinations until a match is found Protection: – Wait time requirements after unsuccessful login attempt. – CAPTCHA Completely Automated Public Tuning Test to tell computers and Humans Apart Intro. to ISs © 2008,I. Sarah Al-Bakry8

9 Information Modification User accesses electronic information User changes information – Employee gives himself a raise. – Crackers hack government computers and change info. Intro. to ISs © 2008,I. Sarah Al-Bakry9

10 Denial of Service Attack Attackers prevent legitimate users from accessing services Zombie computers – Created by viruses or worms – Attack Web sites. – Look for the definition of “Zombie computer” in the glossary. Intro. to ISs © 2008,I. Sarah Al-Bakry10

11 Computer Viruses Corrupt and destroy data Destructive code can – Erase a hard drive – Seize(get hold of) control of a computer Worms – Variation of a virus – Replicate endlessly across the Internet – Servers crash My Doom attack on Microsoft’s Web site Intro. to ISs © 2008,I. Sarah Al-Bakry11

12 HW Check the difference between: Viruses, Worms, Trojan Hours From the glossary

13 Spyware Within freeware or shareware Within a Web site Gathers information about a user – Credit card information – Behavior tracking for marketing purposes Eats up computer’s memory and network bandwidth Adware – special kind of spyware – Collects information for banner ad customization Intro. to ISs © 2008,I. Sarah Al-Bakry13

14 Spam Electronic junk mail Advertisements of products and services Eats up storage space Compromises network bandwidth Spim – Spam over IM Intro. to ISs © 2008,I. Sarah Al-Bakry14

15 Protection Against Spam Barracuda Spam Firewall 600 – Filters spam and other email threats – Decreases amount of spam processed by the central e-mail server – Handles 3,000 – 10,000 active email users – Spam messages blocked or quarantines Intro. to ISs © 2008,I. Sarah Al-Bakry15

16 Phishing Attempts to trick users into giving away credit card numbers Phony messages Duplicates of legitimate Web sites E.g., eBay, PayPal have been used Intro. to ISs © 2008,I. Sarah Al-Bakry16

17 Cookies Messages passed to a Web browser from a Web server Used for Web site customization Cookies may contain sensitive information Cookie management and cookie killer software Internet Explorer Web browser settings Intro. to ISs © 2008,I. Sarah Al-Bakry17

18 Other Threats to IS Security 1. Employees writing passwords on paper 2. No installation of antivirus software 3. Use of default network passwords 4. Letting outsiders view monitors Intro. to ISs © 2008,I. Sarah Al-Bakry18

19 Other Threats to IS Security (II) 5. Organizations fail to limit access to some files 6. Organizations fail to install firewalls 7. Not doing proper background checks 8. Lack of employee monitoring 9. Fired employees who are resentful Intro. to ISs © 2008,I. Sarah Al-Bakry19

20 Technological safeguards 1. Physical access restrictions – Authentication Use of passwords Photo ID cards, smart cards Keys to unlock a computer Combination Authentication limited to o Something you have o Something you know o Something you are Intro. to ISs © 2008,I. Sarah Al-Bakry20

21 Biometrics الإحصائيات البيولوجية )) Form of authentication – Fingerprints – Retinal patterns ( أنماط الشبكية ) – 35 لمزيد من التفاصيل شريحة رقم – Body weight – Etc. Fast authentication High security Intro. to ISs © 2008,I. Sarah Al-Bakry21

22 Access-Control Software Access only to files required for work Read-only access Certain time periods for allowed access Business systems applications – Built-in access control capabilities Intro. to ISs © 2008,I. Sarah Al-Bakry22

23 Wireless LAN Control Wireless LAN cheap and easy to install Use on the rise Signal transmitted through the air – at risk to being intercepted – Drive-by hacking Intro. to ISs © 2008,I. Sarah Al-Bakry23

24 Technological safeguards 2. Firewalls: System designed to detect intrusion and prevent unauthorized access. Implementation – Hardware, software, mixed Intro. to ISs © 2008,I. Sarah Al-Bakry24

25 Technological safeguards 3. Encryption Message encoded before sending Message decoded when received – Public key technology Each individual has a pair of keys – Public key – freely distributed – Private key – kept secret Intro. to ISs © 2008,I. Sarah Al-Bakry25

26 Encryption for Websites Certificate Authority – Third party – trusted middleman Verifies trustworthiness of a Web site Checks for identity of a computer Provides public keys Secure Sockets Layer (SSL) – Developed by Netscape Intro. to ISs © 2008,I. Sarah Al-Bakry26

27 Technological safeguards 4. Recommended Virus Precautions Purchase and install antivirus software – Update frequently Do not download data from unknown sources – Flash drives, disks, Web sites Delete (without opening) e-mail from unknown source Warn people if you get a virus – Your department – People on e-mail list Intro. to ISs © 2008,I. Sarah Al-Bakry27

28 Technological safeguards 5. Audit Control Software Keeps track of computer activity Spots suspicious action Audit trail – Record of users – Record of activities IT department needs to monitor this activity Intro. to ISs © 2008,I. Sarah Al-Bakry28

29 Other Technological Safeguards Backups – Secondary storage devices – Regular intervals Closed-circuit television (CCTV) – Monitoring for physical intruders – Video cameras display and record all activity – Digital video recording Uninterruptible power supply (UPS) – Protection against power off. Intro. to ISs © 2008,I. Sarah Al-Bakry29

30 Human Safeguards Use of federal and state laws as well as ethics Intro. to ISs © 2008,I. Sarah Al-Bakry30

31 Q:How to Better manage IS Security? Answer: By developing an Information Systems Security Plan Ongoing five-step process 1. Risk analysis. 2.Policies and procedures. 3. Implementation. 4. Training – organization’s personnel. 5. Auditing. Intro. to ISs © 2008,I. Sarah Al-Bakry31

32 The State of System Security Management Today Self Study p. 256 (The Points only) Intro. to ISs © 2008,I. Sarah Al-Bakry32

33 THE END of the chapter Intro. to ISs © 2008,I. Sarah Al-Bakry33

34 الشرائح التالية للإطلاع Intro. to ISs © 2008,I. Sarah Al-Bakry34

35 Retinal Pattern شبكية العين البشرية هي غشاء رقيق يتكون من أنسجة الخلايا العصبية التي تقع في جزء لاحق من العين. بسبب البنية المعقدة للشعريات الدموية التي تزود الشبكية بالدم ، كل شخص لديه شبكية فريدة من نوعها. شبكة الأوعية الدموية في شبكية العين معقدة لدرجة بحيث حتى التوائم المتماثلة ، ليس لها نمط متماثل. على الرغم من تغير أنماط شبكية العين أحياناً بسبب بعض الأمراض مثل في حالات السكري الا أن الشبكية بالعادة لا تتغير منذ الولادة حتى الموت. ولطبيعتها الفريدة والثابتة ، فإنها تستخدم كإحدى وسائل الموثوقية البيولوجية. Source: http://en.wikipedia.org/wiki/Retinal_scanhttp://en.wikipedia.org/wiki/Retinal_scan Intro. to ISs © 2008,I. Sarah Al-Bakry35

36 Cookies تضع معظم مواقع الويب، عندما يتم زياراتها ملفاً صغيراً على القرص الصلب الخاص بجهاز الزائر ( المتصفح ) ، هذا الملف يسمى " كوكي " ، وملفات الكوكيز هي عبارة عن ملفات نصية، اذ أنها ليست برامج أو شفرات برمجية ويهدف هذا الكوكي إلى جمع بعض المعلومات عنك، وهو مفيد أحياناً، خاصة إذا كان الموقع يتطلب منك إدخال كلمة مرور تخولك بزيارته. ففي هذه الحالة لن تضطر في كل زيارة لإدخال تلك الكلمة، إذ سيتمكن الموقع من اكتشافها بنفسه عن طريق " الكوكي " ، الذي تم وضعه على القرص الصلب في الجهاز وذلك من اول زيارة بمعنى أخر تحتوي هذه الملفات النصية ( الكوكيز ) على معلومات تتيح للموقع الذي أودعها أن يسترجعها عند الحاجة، أي عند زيارتكم المقبلة للموقع. Intro. to ISs © 2008,I. Sarah Al-Bakry36

37 Cookies ولكن من الممكن ان يتم استغلال الكوكيز في انتهاك خصوصية المستخدمين وجمع معلومات عنهم خلال تصفحهم للمواقع. إذا كنتم لا ترغبون أن يسجل الآخرون " كوكيز " على القرص الصلب في جهازكم، بهدف جمع بعض المعلومات عنكم، فبإلامكان تجهيز المتصفح الذي نستخدمه بحيث يطلب الموافقة قبل أن يحفظ أي " كوكي " ، على القرص الصلب. Intro. to ISs © 2008,I. Sarah Al-Bakry37

38 Mydoom (computer worm) From Wikipedia, the free encyclopedia Mydoom, also known as W32.MyDoom@mm, watson postmortem debugger, Novarg, Mimail.R and Shimgapi, is a computer virus affecting Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever (as of January 2004 [update] ), exceeding previous records set by the Sobig worm. [1] computer virusMicrosoft Windows January 262004 [update] Sobig worm [1] Mydoom appears to have been commissioned by e-mail spammers so as to send junk e-mail through infected computers. [2] The worm contains the text message “andy; I'm just doing my job, nothing personal, sorry,” leading many to believe that the worm's creator was paid to do so. Early on, several security firms published their belief that the worm originated from a professional underground programmer in Russia. [3] The actual author of the worm is unknown.spammers [2] [3] Intro. to ISs © 2008,I. Sarah Al-Bakry38

39 Sobig (computer worm) From Wikipedia, the free encyclopedia The Sobig Worm was a computer worm that infected millions of Internet- connected, Microsoft Windows computers in August 2003.computer wormInternetMicrosoft Windows2003 Although there were indications that tests of the worm were carried out as early as August 2002, Sobig.A was first found in the wild in January 2003. Sobig.B was released on May 2003. It was first called Palyh, but was later renamed to Sobig.B after anti-virus experts discovered it was a new generation of Sobig. Sobig.C was released May 31 and fixed the timing bug in Sobig.B. Sobig.D came a couple of weeks later followed by Sobig.E in June 25. On August 19, Sobig.F became known and set a record in sheer volume of e-mails.2002 2003anti-virusMay 31 June 25August 19 The worm was most widespread in its "Sobig.F" variant. Sobig is a computer worm in the sense that it replicates by itself, but also a Trojan horse in that it masquerades as something other than malware. The Sobig worm will appear as an electronic mail with one of the following subjects:computer worm Trojan horsemalwareelectronic mail Intro. to ISs © 2008,I. Sarah Al-Bakry39

40 Sobig (computer worm) Re: Approved Re: Details Re: Re: My details Re: Thank you! Re: That movie Re: Wicked screensaver Re: Your application Thank you! Your details Intro. to ISs © 2008,I. Sarah Al-Bakry40

41 Sobig (computer worm) It will contain the text: "See the attached file for details" or "Please see the attached file for details." It also contains an attachment by one of the following names: application.pif details.pif document_9446.pif document_all.pif movie0045.pif thank_you.pif your_details.pif your_document.pif wicked_scr.scr Intro. to ISs © 2008,I. Sarah Al-Bakry41

Download ppt "CH # 6 Securing Information Systems “66 percent of all Webroot-scanned personal computers are infected with at least 25 spyware programs.” Webroot (2005)"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Information Systems Today: Managing in the Digital World 6-1 6 Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers.

Information Systems Today: Managing in the Digital World Chapter Securing Information Systems “66 percent of all Webroot-scanned personal computers.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an email from a stranger – it may contain viruses that.

Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.
Computer Viruses.

Computer Viruses.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security

Similar presentations

Ads by Google