© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
-
Upload
norah-lynch -
Category
Documents
-
view
226 -
download
1
Transcript of © Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
© Paradigm Publishing Inc. 8-2
Presentation Overview
• Risk Assessment
• Network and Internet Security Risks
• Computer Viruses
• Hardware and Software Security Risks
• Security Strategies for Protecting Computer Systems and Data
© Paradigm Publishing Inc. 8-3
Risk Assessment
Why is risk assessment important when defining security strategies?Organizations need to assess the level of security risk they face in order to develop an effective security strategy. They must determine the level of • threat – severity of a security breach
• vulnerability – likelihood of a security breach of systems or data
© Paradigm Publishing Inc. 8-4
Risk Assessment
The higher the level of vulnerability and threat, the higher the level of risk.
© Paradigm Publishing Inc. 8-5
Network and Internet Security Risks
What are the security risks on networks and the Internet?– Hacker – individual who breaks into security systems, motivated by curiosity of the challenge– Cracker – a hacker with malicious or criminal intent– Cyberwar – online attacks between countries
© Paradigm Publishing Inc. 8-6
Network and Internet Security Risks
Percentage of unauthorized use of computer networksSource: 2005 CSI/FBI Computer Crime and Security Survey, http://www.cpppe.umd.edu/Bookstore/ Documents/2005CSISurvey.pdf
© Paradigm Publishing Inc. 8-7
Network and Internet Security Risks
Unauthorized Access– User IDs and passwords – hackers gain entry by finding a working user ID and password– System backdoors – a test user ID and password that provides the highest level of authorization– Spoofing – fooling another computer by pretending to send packets from a legitimate source– Online predators – talk young people into meeting them
© Paradigm Publishing Inc. 8-8
Network and Internet Security Risks
Denial of service attack (DoS) hackers run multiple copies of a program to flood it and shut it down.
© Paradigm Publishing Inc. 8-9
Network and Internet Security Risks
Limited Security for Wireless DevicesWired Equivalent Privacy (WEP) makes it more difficult for hackers to intercept and modify data transmissions sent by radio waves or infrared signals.
© Paradigm Publishing Inc. 8-10
Network and Internet Security Risks
Data BrowsingWorkers with access to networked databases that contain private information “browse” through the private documents.
© Paradigm Publishing Inc. 8-11
Computer Viruses
– Virus – a program designed to perform a trick upon an unsuspecting person; the trick may be just annoying or very destructive.
– Worm – software that actively attempts to move or copy itself.
Computer Viruses and Worms
© Paradigm Publishing Inc. 8-12
Computer Viruses
Viruses are often transmitted over the Internet and through shared devices such as flash drives.
© Paradigm Publishing Inc. 8-13
Computer Viruses
Impact of Viruses
– Nuisance virus – usually does no damage but is an inconvenience
– Espionage virus – allows a hacker to enter system later for the purpose of stealing data or spying
– Data-destructive virus – designed to erase or corrupt files so that they are unreadable
© Paradigm Publishing Inc. 8-14
Computer Viruses
Macro Virus– a small subprogram written specifically for one
program to customize and automate certain functions
– macro virus usually does little harm but is difficult to remove
© Paradigm Publishing Inc. 8-15
Computer Viruses
Variant Virus– programmed to change itself and its behavior to
fool programs meant to stop it– comes in many forms and can change daily to
avoid detection
© Paradigm Publishing Inc. 8-16
Computer Viruses
Stealth Virus– tries to hide from software designed to find and
destroy it– masks the size of the file by copying itself to
another location on the victim’s hard drive
© Paradigm Publishing Inc. 8-17
Computer Viruses
Multipartite Virus– utilizes several forms of attack– may first infect boot sector and later become a
Trojan horse by infecting a disk file– rarely encountered but difficult to guard against
© Paradigm Publishing Inc. 8-18
Computer Viruses
Logic Bomb Virus does not act immediately but waits for a specific event or set of conditions to occur.
© Paradigm Publishing Inc. 8-19
Hardware and Software Security Risks
Systems Failure– Power spike – sudden rise or fall in power level
caused by a power surge; can cause poor performance or permanent hardware damage
– Surge protector – guards against power spikes – Uninterruptible power supply – guards against
power spikes and keeps computers running during a blackout
© Paradigm Publishing Inc. 8-20
Hardware and Software Security Risks
Employee Theft– cost of stolen computer hardware and software– cost of replacing lost data– cost of time lost while machines are gone– cost of installing new machines and training people
to use them
© Paradigm Publishing Inc. 8-21
Hardware and Software Security Risks
Cracking Software for Copying– crack – a method of circumventing a security
scheme that prevents a user from copying a program– make copy of CD with burner
– copy files to hard drive and redirect software to check hard disk for files
– duplication of program made difficult when original CD has scrambled files
© Paradigm Publishing Inc. 8-22
Security Strategies for Protecting Computer Systems and Data
Firewall
– allows normal Web browser operations but prevents other types of communication
– checks incoming data against a list of known sources– data rejected if it does not fit a preset profile
© Paradigm Publishing Inc. 8-23
Security Strategies for Protecting Computer Systems and Data
Network Sniffer
– displays network traffic data– shows which resources employees use and Web sites
they visit– can be used to troubleshoot network connections and
improve system performance
© Paradigm Publishing Inc. 8-24
Security Strategies for Protecting Computer Systems and Data
Antivirus Software
– detects and deletes known viruses– Internet allows antivirus software to update itself to
detect newer viruses
© Paradigm Publishing Inc. 8-25
Security Strategies for Protecting Computer Systems and Data
Data Backups
Organizations protect critical files by– keeping a copy of programs and data in a safe place– keep more than one backup of important databases
and update them on a set schedule
© Paradigm Publishing Inc. 8-26
Security Strategies for Protecting Computer Systems and Data
Disaster Recovery Plan
a safety system that allows a company to restore its systems after a complete loss of data; elements include– data backup procedures– remotely located backup copies– redundant systems with mirrored hard drive which contains same data as original hard drive and is updated automatically when original drive is updated
© Paradigm Publishing Inc. 8-27
Security Strategies for Protecting Computer Systems and Data
Authentication
proof of identity of a user and of authority to access data; identity can be confirmed by– personal identity (PIN) numbers– user IDs and passwords– smart cards– biometrics
© Paradigm Publishing Inc. 8-28
Security Strategies for Protecting Computer Systems and Data
An encryption key is used to secure messages that are sent across the Internet.
© Paradigm Publishing Inc. 8-29
Security Strategies for Protecting Computer Systems and Data
Monitoring and Auditing
employees’ online and offline activities can be monitored at work by – keyboard loggers store keystrokes on hard drive– Internet traffic trackers record Web sites visited– webcams provide video surveillance– auditing reviews monitored data and system logins for unauthorized access