MIS 2000 Class 22 System Security Update: Winter 2015 1 Outline Security threats concept Sniffing Encryption defense Malware Data theft Intrusion detections system, password & firewall defenses Internet threats and defenses Internal threats & defenses Summary 2 Information Systems’ Vulnerability Network-related challenges: Access to local and wide area networks (Internet) brings risks. Anyone from inside/outside the organization can attempt to infiltrate information systems. The risks of unauthorized access to data, stealing and destruction is greater than with paper that exists in one original form and can be securely locked. Digital data can also be changed, while the fraud is not easily detected. One of disadvantages in comparison with paper.* 3 Security Threats - External Sniffing False identity (spoofing/phishing) Data theft Malware (virus, worm…) 4 Sniffing Sniffing refers to listening to a communication channel performed by an uninvited party. Sniffing is a version of unauthorized access. Conversations on cell phones can easily be sniffed.* WiFi channels are also vulnerable. Defense: Encryption of the data transferred. The content is jammed into illegible format by using some programming method. Example: “Hi, how are you?” can be encrypted into something like “xy&*z-&8w4}”. See next slide. 5 Encryption Encryption = Scrambling of a message to prevent unauthorized parties from reading it. Encryption is a defense against sniffing communication channel. Single key encryption – Sender and receiver use the same private key for encryption and decryption. Double key encryption – Sender and Receiver use a combination of a public and a Certificate Authority private key: Digital Signature can be applied Encrypt with Recipient’s Public Key Decrypt with Recipient’s Private Key Digital Certificate - public key and a proof of its validity issued by a certificate authority (e.g., VeriSign); licensed annually. Critical for e-commerce; important in other Internet communications 6 Malware Malware = malicious software that can harm data, and/or computer software and even hardware. Virus (a legend about their origin) – destructive to data & software Warm – replicates itself taking computing resources and impairing computer functioning (e.g., speed, and screen freeze). Trojan – blocks system security functions, so opening doors for other malware. Adware – presents unwanted ads in pop-up or pop-under windows. Spyware – observes user's activities and reports it to external party. Defenses: Anti-virus software. Automatic and continuously updated online by vendor. Critical for Internet. * Firewall (see later slide) 7 Data Theft Data theft is stealing data by hackers. This is also internal threat in organizations when unauthorized person accesses data. Also, data storage devices or mobile tech. can be stolen or lost. Defenses: Firewall: a whole security-tasked IS for guarding access 8 More Defenses from Data Theft Intrusion Detection System (IDS). Automatically detects suspicious network traffic. • • • Supports Firewall Rules defining suspicious moves Monitoring internal traffic as well Passwords for access Physical: Locking up computers and storage devices. Mobile tech. methods: Combining passwords, storage encryption*, locks, remote data wipes. 9 False Identity Also called spoofing, phishing, social engineering…* A malevolent party pretends to be a company or a person they really are not, and tries to get personal data (credit card numbers etc.). Defense: Vigilance and caution! Never go to Web sites your are invited to via email or on social media, unless you are absolutely sure the site/invitation is real.** Never engage in “money transfer” schemes unknown persons offer you via email or texting. 10 Internal Security Threats & Defenses Within organizations. Threats are bigger as people are closer to technologies and data storage. Unauthorized access, change and copying of data; also, stealing data storage. Unauthorized access to data: when a user does not have a particular privilege (read, write, change, delete) but gets it somehow. Human errors: leaving data unprotected, poor & lost passwords, not locking data/hardware/software. Defenses: Physical securing; passwords; biometric methods (fingertip readers). Managing access to data (system administrators) Training, supervision 11 Power failure & Natural disasters Power failure can be internal or external threat. Defense: Have backup electricity generators ready to take over. Natural disasters belong to external threats. Defense: Have disaster management plans Extra computing facilities off-site (can be rented). Keep backup data off-site. Run regular checks to assess preparedness. 12 Summary Security threats are external and internal, and include malware, false identity, sniffing, data theft, and unauthorized access and change of data tempering. Mobile phones and devices and wireless channels are very vulnerable. Internet increases security risks. Defenses include data encryption, intrusion detections system, passwords, firewalls, physical means, and managing system access. 13