defining higher education issues and challenges in southeast asia ...
Defining Security Issues Chapter 8
-
Upload
sandra4211 -
Category
Documents
-
view
394 -
download
0
description
Transcript of Defining Security Issues Chapter 8
![Page 1: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/1.jpg)
Defining Security Issues
Chapter 8
![Page 2: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/2.jpg)
General E-Business Security Issues
Any E-Business needs to be concerned about network security.
The Internet is a “public” network consisting of thousands of interconnected private computer networks.
Private computer network systems are exposed to threats from anywhere on the public network.
![Page 3: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/3.jpg)
Businesses must protect against the unknown. New methods of attacking networks and Web
sites, and new network security holes, are being constantly discovered or invented.
An E-Business cannot expect to achieve perfect security for its network and Web site.
General E-Business Security Issues (cont’d)
![Page 4: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/4.jpg)
Several aspects of E-Business computer systems security need to be addressed:
How secure is the server software? How secure are communications? How is the data protected once it is delivered
to the E-Business? How are credit card transactions
authenticated and authorized?
Security Questions
![Page 5: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/5.jpg)
The biggest potential security problem in an E-Business is ________, rather than ________.
The weakest link in any security system is the people using it.
Social engineering Dumpster diving
General Security Issues
![Page 6: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/6.jpg)
General Security Issues
![Page 7: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/7.jpg)
Network and Web Site Security
An entire glossary of words and phrases identifies network and Web security risks, such as hacker, cracker, Trojan horse, and more.
As part of planning a startup E-Business’s security, management should become familiar with network and Web server security risk terminology.
![Page 8: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/8.jpg)
Denial of Service Attacks (DoS)
Designed to disable a Web site by flooding it with useless traffic or activity.
Distributed denial of service (DDoS) attack uses multiple computers to attack in a coordinated fashion.
Risk is primarily centered around downtime or lack of Web site availability.
Defenses exist for these attacks.– Routers used to filter out certain types of network
traffic
![Page 9: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/9.jpg)
Viruses
A common threat that is not unique to networks.
Networks facilitate the spread of viruses. Potential for harm is high including loss of
data and downtime. Good software defenses are available. Defenses require diligence.
![Page 10: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/10.jpg)
Viruses
Virus – small program that inserts itself into other program files that then become “infected”
Trojan Horse – type of virus that emulates a benign application, that appears to do something useful, but is actually harmful (destroy files or creates a “back door”
Worm – type of virus that replaces a document or application with its own code and then uses that code to replicate itself.
![Page 11: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/11.jpg)
Viruses
Logic bomb – virus whose attach is triggered by some event such as a date on a computer’s system clock
Macro virus – malicious macro written in MS Office that run upon opening that MS Office document
![Page 12: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/12.jpg)
Anti-Virus Information
![Page 13: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/13.jpg)
Web Site Defacement
Occurs when a hacker penetrates the system and replaces text or graphics with “other” material.
Risk is primarily down time and repair costs. There have been many well publicized examples,
including high profile industry and government sites. Ordinary defenses against unauthorized logins are a
first line defense. Total security may be difficult to achieve.
![Page 14: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/14.jpg)
Electronic Industrial Espionage
A very serious problem, especially considering that “professional” hackers may be involved.
Must implement and diligently maintain industry standard “best practices”.
Additional recommendations:– Don’t open questionable or suspicious e-mail attachments.– Keep security software and virus checkers updated.
![Page 15: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/15.jpg)
Credit Card Fraud & Data Theft
E-Business is at risk from credit card fraud from stolen data.
Secure your own data. Verify the identity of your customers and the
validity of the incoming credit card data. Identity theft by a someone masquerading as
someone else is also a common problem.
![Page 16: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/16.jpg)
Data Spills
A security problem caused, ordinarily by a bug or other “system” failure, occasionally hackers are behind this problem
This is an unintended disclosure of customer or corporate data through the Web or other Internet service
May expose firm to legal liability Statistics – p. 284-5
![Page 17: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/17.jpg)
E-Business Security
An important issue that is often overlooked or given a lower priority in the face of startup activity.
A startup firm should consider outsourcing Web and Internet services in part since the outsourcing company can address security concerns as part of the “package.”
![Page 18: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/18.jpg)
Network and Web Site Security
Tools such as passwords, firewalls, intrusion detection systems (IDS), and virus scanning software should be used to protect an E-Business’s network and Web site.
Firewall – hardware or software used to isolate a private network from the public network
IDS – ability to analyze real-time data to detect, log, and stop unauthorized network access as it happens.
![Page 19: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/19.jpg)
Firewall
![Page 20: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/20.jpg)
Transaction Security and Data Protection
Tools to protect transaction/customer data:– Use a predefined key to encrypt and decrypt the
data during transmission.– Use the secure sockets layer (SSL) protocol to
protect data transmitted over the Internet.– Move sensitive customer information such as
credit card numbers offline or encrypting the information if it is to be stored online.
![Page 21: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/21.jpg)
Remove all files and data from storage devices including disk drives and tapes before getting rid of the devices.
Shred all hard-copy documents containing sensitive information before trashing them.– Shredder market up
Security is only as strong as the weakest link.
Transaction Security and Data Protection (cont’d)
![Page 22: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/22.jpg)
Security Audits and Penetration Testing
Can provide an overall assessment of the firm’s current exposure and vulnerabilities.
This is an outsourced item. Consultant will provide a comprehensive
recommendation to address list of vulnerabilities.– Evaluation guidelines – p. 291
![Page 23: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/23.jpg)
Hire an Ethical Hacker
![Page 24: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/24.jpg)
Individual PC Security Risks
Anti-virus – a given
Personal firewall- software to guard against intrusions, especially for “always on” connections– Network ICE’s BlackICE Defender– Zone Lab’s ZoneAlarm
![Page 25: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/25.jpg)
Security Providers and Products
There are many security consultants.
Many commercial products are available.
Training for in-house staff is a key issue.
Growth – p. 295
![Page 26: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/26.jpg)
Risk Management Problems The list of potential risks is long and includes:
– Business interruptions caused by Web site defacement or denial of service attacks
– Litigation and settlement costs over employees’ inappropriate use of e-mail and the Internet
– Product or service claims against items advertised and sold via a Web site.
– Web related copyright, trademark, and patent infringement lawsuits
– Natural or weather-related disasters
![Page 27: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/27.jpg)
Risk Management Program
Network and Web site security and intruder detection programs
Antivirus protection Firewalls Sound security policies and procedures Employee education
![Page 28: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/28.jpg)
Risk Transfer (Insurance)
A firm can manage and transfer risk through insurance products
May be purchased as part of the firms business insurance package
Consult an insurance professional
![Page 29: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/29.jpg)
Insurance Coverage Options
![Page 30: Defining Security Issues Chapter 8](https://reader033.fdocuments.us/reader033/viewer/2022061223/54c2d7484a7959265e8b45b0/html5/thumbnails/30.jpg)
Insurance Coverage Options (cont’d)