CH # 6Securing Information Systems

“66 percent of all Webroot-scanned personal computers are infected with at

least 25 spyware programs.”Webroot (2005)

Topics to be discussed

1. The meaning of “Information System Security” term.2. Primary Threats to Information Systems Security.3. How IS(s) are often compromised?4. Technological and human- based safeguards.5. Q:How to Better manage IS Security?6. The State of System Security Management Today.

(self study p. 256)

Intro. to ISs © 2008,I. Sarah Al-Bakry 2

“Information System Security “ term

• All systems connected to a network are at risk– Internal threats– External threats

• Information systems security definition:– Precautions to keep all aspects of IS safe from

unauthorized access and use(all HW, SW, Network, equipment and Data)

• Increased need for good computer security with increased use of the Internet

Intro. to ISs © 2008,I. Sarah Al-Bakry 3

Primary Threats to Information Systems Security

1. Accidents and natural disasters

Power outages, cats walking across keyboards

2. Employees and consultants

3. Links to outside business contacts

Travel between business partners

4. Outsiders (Hackers, Crackers, Viruses)

1

2

3

4

Intro. to ISs © 2008,I. Sarah Al-Bakry 4

HW

Check the difference between:Hackers, Crackers, Viruses

From the glossary

IS(s) are often compromised by one or more of the following:

Intro. to ISs © 2008,I. Sarah Al-Bakry 6

Unauthorized Access

• Unauthorized people– Look through electronic

data– Peek (steal a look) at

monitors– Intercept (cut off)

electronic communication

• Unauthorized access may be achieved:

- Theft of computers or storage media.

- Get an administrator status.

Intro. to ISs © 2008,I. Sarah Al-Bakry 7

Gaining Access to a Password

• Brute force– Try combinations until

a match is found• Protection:

– Wait time requirements after unsuccessful login attempt.

– CAPTCHACompletely Automated Public

Tuning Test to tell computers and Humans Apart

Intro. to ISs © 2008,I. Sarah Al-Bakry 8

Information Modification• User accesses

electronic information

• User changes information– Employee gives

himself a raise.– Crackers hack

government computers and change info.

Intro. to ISs © 2008,I. Sarah Al-Bakry 9

Denial of Service Attack• Attackers prevent

legitimate users from accessing services

• Zombie computers– Created by viruses or

worms– Attack Web sites.– Look for the definition of

“Zombie computer” in the glossary.

Intro. to ISs © 2008,I. Sarah Al-Bakry 10

Computer Viruses

• Corrupt and destroy data• Destructive code can

– Erase a hard drive– Seize(get hold of) control of

a computer• Worms

– Variation of a virus– Replicate endlessly across

the Internet– Servers crash

• My Doom attack on Microsoft’s Web site

Intro. to ISs © 2008,I. Sarah Al-Bakry 11

HW

Check the difference between:Viruses , Worms, Trojan Hours

From the glossary

Spyware

• Within freeware or shareware• Within a Web site• Gathers information about a user

– Credit card information– Behavior tracking for marketing purposes

• Eats up computer’s memory and network bandwidth• Adware – special kind of spyware

– Collects information for banner ad customization

Intro. to ISs © 2008,I. Sarah Al-Bakry 13

Spam

• Electronic junk mail• Advertisements of

products and services• Eats up storage space• Compromises network

bandwidth• Spim

– Spam over IM

Intro. to ISs © 2008,I. Sarah Al-Bakry 14

Protection Against Spam

• Barracuda Spam Firewall 600– Filters spam and other email threats– Decreases amount of spam processed by the central e-

mail server– Handles 3,000 – 10,000 active email users– Spam messages blocked or quarantines

Intro. to ISs © 2008,I. Sarah Al-Bakry 15

Phishing

• Attempts to trick users into giving away credit card numbers

• Phony messages• Duplicates of legitimate

Web sites• E.g., eBay, PayPal have

been used

Intro. to ISs © 2008,I. Sarah Al-Bakry 16

Cookies

• Messages passed to a Web browser from a Web server

• Used for Web site customization• Cookies may contain sensitive information• Cookie management and cookie killer

software• Internet Explorer Web browser settings

Intro. to ISs © 2008,I. Sarah Al-Bakry 17

Other Threats to IS Security

1. Employees writing passwords on paper

2. No installation of antivirus software

3. Use of default network passwords

4. Letting outsiders view monitors

Intro. to ISs © 2008,I. Sarah Al-Bakry 18

Other Threats to IS Security (II)

5. Organizations fail to limit access to some files

6. Organizations fail to install firewalls

7. Not doing proper background checks

8. Lack of employee monitoring

9. Fired employees who are resentful

Intro. to ISs © 2008,I. Sarah Al-Bakry 19

Technological safeguards

1. Physical access restrictions– Authentication

• Use of passwords• Photo ID cards, smart cards• Keys to unlock a computer• Combination

Authentication limited too Something you haveo Something you knowo Something you are

Intro. to ISs © 2008,I. Sarah Al-Bakry 20

Biometricsالبيولوجية ((اإلحصائيات

• Form of authentication– Fingerprints– Retinal patterns

الشبكية ) ( أنماط– رقم 35 شريحة التفاصيل من لمزيد

– Body weight– Etc.

• Fast authentication• High security

Intro. to ISs © 2008,I. Sarah Al-Bakry 21

Access-Control Software

• Access only to files required for work• Read-only access• Certain time periods for allowed access• Business systems applications

– Built-in access control capabilities

Intro. to ISs © 2008,I. Sarah Al-Bakry 22

Wireless LAN Control

• Wireless LAN cheap and easy to install

• Use on the rise• Signal transmitted

through the air– at risk to being

intercepted– Drive-by hacking

Intro. to ISs © 2008,I. Sarah Al-Bakry 23

Technological safeguards

2. Firewalls: System designed to detect intrusion and prevent unauthorized access.

• Implementation– Hardware, software, mixed

Intro. to ISs © 2008,I. Sarah Al-Bakry 24

Technological safeguards3. Encryption• Message encoded before sending• Message decoded when received

– Public key technology• Each individual has a pair of keys

– Public key – freely distributed– Private key – kept secret

Intro. to ISs © 2008,I. Sarah Al-Bakry 25

Encryption for Websites

• Certificate Authority – Third party – trusted middleman

• Verifies trustworthiness of a Web site• Checks for identity of a computer• Provides public keys

• Secure Sockets Layer (SSL)– Developed by Netscape

Intro. to ISs © 2008,I. Sarah Al-Bakry 26

Technological safeguards

4. Recommended Virus Precautions

• Purchase and install antivirus software– Update frequently

• Do not download data from unknown sources– Flash drives, disks, Web sites

• Delete (without opening) e-mail from unknown source

• Warn people if you get a virus– Your department– People on e-mail list

Intro. to ISs © 2008,I. Sarah Al-Bakry 27

Technological safeguards

5. Audit Control Software• Keeps track of computer activity• Spots suspicious action• Audit trail

– Record of users– Record of activities

• IT department needs to monitor this activity

Intro. to ISs © 2008,I. Sarah Al-Bakry 28

Other Technological Safeguards

• Backups – Secondary storage devices– Regular intervals

• Closed-circuit television (CCTV)– Monitoring for physical intruders– Video cameras display and record all activity– Digital video recording

• Uninterruptible power supply (UPS)– Protection against power off.

Intro. to ISs © 2008,I. Sarah Al-Bakry 29

Human Safeguards

• Use of federal and state laws as well as ethics

Intro. to ISs © 2008,I. Sarah Al-Bakry 30

Q:How to Better manage IS Security?

Answer: By developing an Information Systems Security Plan

Ongoing five-step process1. Risk analysis.2.Policies and procedures.3. Implementation.4. Training – organization’s personnel.5. Auditing.

Intro. to ISs © 2008,I. Sarah Al-Bakry 31

The State of System Security Management Today

Self Study p. 256

(The Points only)

Intro. to ISs © 2008,I. Sarah Al-Bakry 32

THE END of the chapter

Intro. to ISs © 2008,I. Sarah Al-Bakry 33

التالية الشرائحلإلطالع

Intro. to ISs © 2008,I. Sarah Al-Bakry 34

Retinal Patternالخاليا • أنسجة من يتكون رقيق غشاء هي البشرية العين شبكية

. البنية بسبب العين من الحق جزء في تقع التي العصبيةكل ، بالدم الشبكية تزود التي الدموية للشعريات المعقدة

. نوعها من فريدة شبكية لديه شخص

بحيث • لدرجة معقدة العين شبكية في الدموية األوعية شبكة . متماثل نمط لها ليس ، المتماثلة التوائم حتى

بعض • بسبب G أحيانا العين شبكية أنماط تغير من الرغم علىتتغير ال بالعادة الشبكية أن اال السكري حاالت في مثل األمراض

. الموت حتى الوالدة منذ

وسائل • كإحدى تستخدم فإنها ، والثابتة الفريدة ولطبيعتها. البيولوجية الموثوقية

• Source: http://en.wikipedia.org/wiki/Retinal_scanIntro. to ISs © 2008,I. Sarah Al-Bakry 35

Cookies• G صغيرا G ملفا زياراتها يتم عندما الويب، مواقع معظم تضع

) ) ، المتصفح الزائر بجهاز الخاص الصلب القرص على " عبارة " هي الكوكيز وملفات ، كوكي يسمى الملف هذا

شفرات أو برامج ليست أنها اذ نصية، ملفات عنالمعلومات بعض جمع إلى الكوكي هذا ويهدف برمجية

يتطلب الموقع كان إذا خاصة ،G أحيانا مفيد وهو عنك، . الحالة هذه ففي بزيارته تخولك مرور كلمة إدخال منكسيتمكن إذ الكلمة، تلك إلدخال زيارة كل في تضطر لن " الذي " ، الكوكي طريق عن بنفسه اكتشافها من الموقعاول من وذلك الجهاز في الصلب القرص على وضعه تم ) الكوكيز ( النصية الملفات هذه تحتوي أخر بمعنى زيارةيسترجعها أن أودعها الذي للموقع تتيح معلومات على

. للموقع المقبلة زيارتكم عند أي الحاجة، عند

Intro. to ISs © 2008,I. Sarah Al-Bakry 36

Cookies

في • الكوكيز استغالل يتم ان الممكن من ولكنمعلومات وجمع المستخدمين خصوصية انتهاك

. ترغبون ال كنتم إذا للمواقع تصفحهم خالل عنهم " الصلب " القرص على كوكيز اآلخرون يسجل أن

المعلومات بعض جمع بهدف جهازكم، فينستخدمه الذي المتصفح تجهيز فبإالمكان عنكم،

أي يحفظ أن قبل الموافقة يطلب بحيث . " الصلب" القرص على ، كوكي

Intro. to ISs © 2008,I. Sarah Al-Bakry 37

Mydoom (computer worm)From Wikipedia, the free encyclopedia

• Mydoom, also known as W32.MyDoom@mm, watson postmortem debugger, Novarg, Mimail.R and Shimgapi, is a computer virus affecting Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever (as of January 2004[update]), exceeding previous records set by the Sobig worm.[1]

• Mydoom appears to have been commissioned by e-mail spammers so as to send junk e-mail through infected computers.[2] The worm contains the text message “andy; I'm just doing my job, nothing personal, sorry,” leading many to believe that the worm's creator was paid to do so. Early on, several security firms published their belief that the worm originated from a professional underground programmer in Russia.[3] The actual author of the worm is unknown.

Intro. to ISs © 2008,I. Sarah Al-Bakry 38

Sobig (computer worm)From Wikipedia, the free encyclopedia

• The Sobig Worm was a computer worm that infected millions of Internet-connected, Microsoft Windows computers in August 2003.

• Although there were indications that tests of the worm were carried out as early as August 2002, Sobig.A was first found in the wild in January 2003. Sobig.B was released on May 2003. It was first called Palyh, but was later renamed to Sobig.B after anti-virus experts discovered it was a new generation of Sobig. Sobig.C was released May 31 and fixed the timing bug in Sobig.B. Sobig.D came a couple of weeks later followed by Sobig.E in June 25. On August 19, Sobig.F became known and set a record in sheer volume of e-mails.

• The worm was most widespread in its "Sobig.F" variant.• Sobig is a computer worm in the sense that it replicates by itself, but also a

Trojan horse in that it masquerades as something other than malware. The Sobig worm will appear as an electronic mail with one of the following subjects:

Intro. to ISs © 2008,I. Sarah Al-Bakry 39

Sobig (computer worm)• Re: Approved • Re: Details • Re: Re: My details • Re: Thank you! • Re: That movie • Re: Wicked screensaver • Re: Your application • Thank you! • Your details

Intro. to ISs © 2008,I. Sarah Al-Bakry 40

Sobig (computer worm)• It will contain the text: "See the attached file for details" or

"Please see the attached file for details." It also contains an attachment by one of the following names:

• application.pif • details.pif • document_9446.pif • document_all.pif • movie0045.pif • thank_you.pif • your_details.pif • your_document.pif • wicked_scr.scr

Intro. to ISs © 2008,I. Sarah Al-Bakry 41