Chapter 8 Security Issues and Strategies
advertisement
Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies © Paradigm Publishing, Inc. 8-1 Presentation Overview • • • • • Risk Assessment Network and Internet Security Risks Computer Viruses Hardware and Software Security Risks Security Strategies for Protecting Computer Systems and Data © Paradigm Publishing, Inc. 8-2 Risk Assessment Why is risk assessment important when defining security strategies? – In order to protect their systems adequately, organizations need to assess the level of security risk that they face. – The two factors that determine the level of security risk are • Threat – the severity of a security breach • Vulnerability – the likelihood of a security breach © Paradigm Publishing, Inc. 8-3 Risk Assessment The higher the level of vulnerability and threat, the higher the level of risk. © Paradigm Publishing, Inc. 8-4 Risk Assessment Companies today face security problems in three broad areas: – Network and Internet security risks – Computer viruses – Hardware and software security risks © Paradigm Publishing, Inc. 8-5 Network and Internet Security Risks What are the security risks on networks and the Internet? – Unauthorized access – Denial of service attacks – Information theft © Paradigm Publishing, Inc. 8-6 Network and Internet Security Risks Unauthorized Access – A hacker is a computer expert that seeks programming, security, and system challenges. – A cracker is a hacker with malicious or criminal intent. – A cyberwar occurs when a group of hackers attacks a site in a competing country when news events between two potential foes cause a flare-up of tensions. © Paradigm Publishing, Inc. 8-7 Network and Internet Security Risks Annual Percentage of Unauthorized Access to Computers © Paradigm Publishing, Inc. 8-8 Network and Internet Security Risks Unauthorized Access – User IDs and passwords – hackers gain entry by finding a working user ID and password – System backdoor – a test user ID and password that provides the highest level of authorization © Paradigm Publishing, Inc. 8-9 Network and Internet Security Risks Unauthorized Access – Spoofing –fooling another computer by pretending to send packets from a legitimate source – Online predator – an individual who uses the Internet to talk young people into meeting or exchanging photos with him or her © Paradigm Publishing, Inc. 8-10 Network and Internet Security Risks In a denial of service (DoS) attack, one or more hackers run multiple copies of a program that asks for the same information from a Web site over and over again, flooding the system and essentially shutting it down. © Paradigm Publishing, Inc. 8-11 Network and Internet Security Risks Information Theft – Stealing corporate information is easy to do and difficult to detect. – The limited security of wireless devices has made it even easier. Wired Equivalent Privacy (WEP) is a security protocol that makes it more difficult for hackers to intercept wireless data transmissions. – Data browsing is when workers invade the privacy of others by viewing private data. © Paradigm Publishing, Inc. 8-12 Computer Viruses • A computer virus is a program, written by a hacker or cracker, that is designed to perform some kind of trick upon an unsuspecting victim. • A worm doesn’t wait for a user to execute an attachment or open a file with a macro; instead, it actively attempts to move and copy itself. © Paradigm Publishing, Inc. 8-13 Computer Viruses Viruses are often transmitted over the Internet and through shared devices such as flash drives. © Paradigm Publishing, Inc. 8-14 Computer Viruses Virus Symptoms © Paradigm Publishing, Inc. 8-15 Computer Viruses Impact of Viruses – A nuisance virus usually does no real damage, but is rather just an inconvenience. – An espionage virus does not inflict immediate damage, but it allows the hacker or cracker to enter the system later to steal data or spy. – A data-destructive virus is designed to erase or corrupt files so that they are unreadable. © Paradigm Publishing, Inc. 8-16 Computer Viruses Methods of Virus Operation – A macro virus is written specifically for one program, such as Microsoft Word. • If the user activates macros, infecting the program, every file created or edited using that program will become infected too. – A variant virus is programmed to change itself to fool programs meant to stop it. – A stealth virus tries to hide from software designed to find and destroy it. © Paradigm Publishing, Inc. 8-17 Computer Viruses Methods of Virus Operation – A boot sector virus is designed to alter the boot sector of a disk (which contains a variety of information) so that whenever the operating system reads the boot sector, the computer will become infected. – A Trojan horse virus hides inside another legitimate program or data file. © Paradigm Publishing, Inc. 8-18 Computer Viruses Methods of Virus Operation – A multipartite virus utilizes several forms of attack. – A logic bomb virus sits quietly dormant, waiting for a specific event or set of conditions to occur before it infects the computer. © Paradigm Publishing, Inc. 8-19 Hardware and Software Security Risks Systems Failure A power spike is a sudden rise or fall in the power level that can cause poor performance or permanently damage hardware. • A surge protector can guard against power spikes. • An uninterruptible power supply (UPS) is a more vigorous power protection system which provides a battery backup and can keep computers running during a blackout. © Paradigm Publishing, Inc. 8-20 Hardware and Software Security Risks Employee Theft – Businesses lose millions of dollars a year in stolen computer hardware and software. – The costs involved include • The cost of the stolen software and hardware • The cost of replacing lost data • The cost of the time lost while the machines are gone • The cost of installing new machines and training people to use them © Paradigm Publishing, Inc. 8-21 Hardware and Software Security Risks Cracking Software for Copying – A crack is a method of circumventing a security scheme that prevents a user from copying a program. • For example, copying a CD with a burner – Some companies are trying to make duplication difficult by scrambling some of the data on their original CDs. © Paradigm Publishing, Inc. 8-22 Security Strategies for Protecting Computer Systems and Data Components of Physical Security – The location of devices – The use of locking equipment © Paradigm Publishing, Inc. 8-23 Security Strategies for Protecting Computer Systems and Data Firewalls – A firewall will generally allow normal Web browser operations but will prevent many other types of communication. – The firewall checks incoming data against a list of known, trusted sources. If a packet does not fit the profile of anything on the firewall’s list, it is rejected. © Paradigm Publishing, Inc. 8-24 Security Strategies for Protecting Computer Systems and Data Network Sniffers – A network sniffer is a software package that displays network traffic data. – It shows which resources employees are using and the Web sites they are visiting. – It can be used to monitor, prevent unauthorized activity, or troubleshoot network connections and improve system performance. © Paradigm Publishing, Inc. 8-25 Security Strategies for Protecting Computer Systems and Data Antivirus Software – Antivirus software detects and deletes known viruses. – The Internet helps antivirus software to update itself. • There are 10 to 20 new viruses reported daily. • Antivirus programs must be upgraded constantly. © Paradigm Publishing, Inc. 8-26 Security Strategies for Protecting Computer Systems and Data Data Backups – Data should always be backed up and placed in a safe spot. – A rotating backup involves many copies of data which are updated on a set schedule. • This is a time-saving method of backup. • If the database is lost or corrupted, many copies exist, some of which may predate the problem. © Paradigm Publishing, Inc. 8-27 Security Strategies for Protecting Computer Systems and Data Disaster Recovery Plan – A disaster recovery plan is a safety system that allows a company to restore its systems after a complete loss of data. – A typical disaster recovery plan includes • Data backup procedures • Remotely located backup copies • Redundant systems A mirrored hard drive is one that contains exactly the same data as the original. © Paradigm Publishing, Inc. 8-28 Security Strategies for Protecting Computer Systems and Data Authentication – Authentication is proof that a user is who he says he is, and that he is authorized to access an account. – Common forms of authentication include • • • • Personal identification numbers User IDs and passwords Smart cards Biometrics © Paradigm Publishing, Inc. 8-29 Security Strategies for Protecting Computer Systems and Data Data Encryption – Encryption scrambles information so that it is unreadable. This unreadable text is called ciphertext. – Data encryption schemes include an encryption key that is shared between the two computers that wish to communicate. © Paradigm Publishing, Inc. 8-30 Security Strategies for Protecting Computer Systems and Data Monitoring and Auditing – Employers can monitor their employees at work in a number of ways. • Keyboard loggers store keystrokes on hard drive. • Internet traffic trackers record the Web sites that employees visit for later auditing. – Auditing involves a review of monitoring data and systems logins to look for unauthorized access or suspicious behavior. © Paradigm Publishing, Inc. 8-31 On the Horizon Based on the information presented in this chapter and your own experience, what do you think is on the horizon? © Paradigm Publishing, Inc. 8-32
