Threat N Antivirus

8/14/2019 Threat N Antivirus

1/16

THREAT AND ANTIVIRUSES

VINEET JOSHI

JOURNAL COLLECTION


2/16

Journal 1: The real reverberations from IDfraud: case study

The case deals in how a simple non following of protocol and drill and carelessness of one loweremployee can cause a loss of nearly 25 millionrecords for the company. The case talks abouthow compact discs containing data was lost inthe mailing system but according to theprocedure the discs were not supposed to be sent

by mailing service. The case gives anotherexample when a laptop was taken out of theoffice premises against the procedures and wasstolen from the employee leading to a loss of around 26 million records.

The case tells us the importance of abiding by

the security related regulations and protocol byemployees to safeguard the data for thecompany.

Journal 2: IDs sell for much more than creditcard numbers in underground

Ids which is nothing but name, address, date of birth and mothers maiden name bank account


3/16


4/16

the reliability of the intrusion information asmany times the attacker changes his IP and otherdetails.

Journal 4: US Financial regulator warnsbanks to get inShipshape

The case is the various different authenticationprocesses that the Banks in USA are prescribed

to use for securing the Internet bankingcustomers. It also tells of how the banks need toprotect its customers by helping them deal withphishing websites attacks. These methods willsurly help protect customers and will provide as asafer method for authentication.

Journal 5: Hackers turn on security systemsIn this journal it talks about how hackers aretargeting the security systems rather than theO.S (operating System. It shows the mostvulnerable list of utilities over the internet andhow they are easily prone to be hacked in by theattackers. Windows services top the list closelyfollowed by internet explorer.

Journal 6: CRYPTOGRAPHY

This article focuses on how digital certificates

and cryptography are being used in today`s

modern technology implementations. The use of


5/16

these variables are mainly for transacting

processes online in a secure way which may be a

bank statement or E-Shopping. The problemwhich this article confesses is that the site

certificate remains unchecked for its authenticity

before confidential information such as credit

card details are sent through the web. This

problem takes place due to the poor design ordevelopment by the designer or sometimes due

to the lack of knowledge by the users. There fact

is that most of the users do not understand the

benefits and need of cryptography. But surveys in

2005 suggest that almost 74% of the

respondents are using cryptography. The risks

may be reduced by making the users aware

about the facts and also through education.

Moreover it is an essential duty of the corporateto train their employees such as security training.

These things will help the users to know more

about the importance of certificates.

Journal 7: SECURITY OUTSOURCING ISSUES


6/16

This article is about the security outsourcing

issues. It focuses on some of the basic questions

like the need for the organizations to outsourcetheir security functions, benefits and drawbacks,

what security functions should or should not be

outsourced etc.,

Journal 8: TWO FACTOR AUTHENTICATION

This article is about the introduction of two

factor authentication by the Bank of Ireland in

the year 2006. It is to provide security token

system to all of its online banking customers. By

this system, each customer will get a numberafter each of their transactions. Already the bank

had issued more than 4000 tokens to their

corporate customers.

Journal 9: TRUSTED COMPUTING

This article focuses on Trusted Computing (TC),

its benefits and the controversies that took place


7/16

due to this. TC is a new technology and it is

designed such that it acts as a security. The

benefits such as the protection of input andoutput, curtained memory (secured running of

programs) and attestations along with the

controversies such as the controversy due to the

name trust were discussed in this article.

Journal 10: BIOMETRIC ID CARDS

This article deals about the UK government`s

plan of issuing Biometric ID cards to the public

which constitutes their finger prints. The

government believes that it would be the bestsolution for national security. It has planned for

about 50 million cards at the initial stage. There

are lots of opinions from the public which is for

and against this issue. The main purpose of

issuing this card is to prevent terrorists and

terrorism entering into the country. But experts

suggests that this method is not cost worthy to

the public.


8/16

Journal 11: Summary on Computer securityand fraud:

Spyware- the spy in the computer: This article is about the spyware that is installedwithout the users knowledge in order to gatherthe users information from their computer.Spyware can be a Trojan worm or a Trojan horsethat enables the hackers to steal data from the

users computer. Computers that are hacked thisway are called as zombies. This also deals withthe actions taken by the U.S govt. to curb themenace of hacking. This article also focuses onthe protections that are used by certainorganization and their awareness regarding the

hacking activity. Some organizations also endedup using two computers, one for the internetpurpose and the other for the office datapurpose. As a whole this focuses the internethacking and their consequences and the actionthat is being taken for such hacking activity.

Journal 12: Transferring business andsupport functions the information securityrisks of outsourcing

This article mainly focuses on the outsourcingand the security risks involved in it withexamples. This article discusses about theincreased outsourcing that is taking place in the


9/16

banking sector as well and the possible risksassociated with the outsourcing. Outsourcinghappens only when that organization thinks thatit cannot deploy staffs to do a particular job bythem. This gives a deep insight about thesecurity issues with the outsourcing that arebeing done.

Journal 13: Qualified to help: in search of skills to ensure security.

This article deals about the persons whoformulate the IT policies of a company. It alsodiscusses about the role of CISOs in everyorganization. How much he can be relied upon bythe organization. This also discusses about the

practical difficulties in getting real people for theformulation of security issues in an organization. The qualifications, those are mandatory for suchpeople. This article also brings to light thatpeople who frame IT policies and involved insecurity issues of an organization are not actuallyaware of the issues that they are handling.

Journal 14: Electronic funds transfer fraud.

This article deals with the frauds that happen inthe online fund transfer. It also discusses aboutthe security problems that are caused to anorganization because of the unblocked ids thattheir ex-employees used. It also explains the


10/16

whole concept of the fund transfer in a simplelanguage with a practical example. It discussesthe fraud that happened and how did they trackit down. This article projects some graphsregarding how the normal transactions and thefraudulent transactions occur. It also suggestsome of the security measures to prevent EFTfrauds such as supervising the contracted staffs,blocking of ex-employees id, monitoring the

event logs, being vigilant during the holidayperiod etc. its main focus is on the EFT and thefrauds that happen in the banks during suchtransfers.

Journal 15: Applying forensic techniques toinformation system risk management .

This article discusses about applying thetechniques to the information security and riskmanagement. It also focuses on the incident postmortems which means projecting an incidentwhich has not occurred actually and reading theconsequences, if it happens in the future. Thiscan be achieved through the EEDI technique. Thishelps the organization analyze the vulnerabilities,nature of threats, counter measures etc. Thisprojected its view on the alternative approach tothe risk management through the forensicscience.


11/16

Journal 16 : Website Security Leaves half of US companies Cold

This article speaks about Jupiter Media MetrixAnalyst which concentrates on EnterpriseSecurity which involves managing services formaximum coverage . There are 50% of UScompanies with are concerned with the securityof online data and this survey also indicates that29% of website managers and CIO s rate theirrisk of attack as low. This article mentions aboutthe impact that an online security invasion hason consumer trust and confidence rather thanfinancial loss. The author after discussing aboutthe problems finally recommends that securityservice providers should provide 24- hour site formonitoring and emergency response. Jupitermakes a survey with 471 customers.

Journal 17: Hacking

This article is about Hacking. There are threeissues covered in this article which includes how

students can beat ATM Security and how piracyhas become popular and how XP was crackedwithin hours of release.

This article includes the problems that haveincreased due to Pirated Software Websites.

There are around 5400 piracy related sites on thenet. Andy Meyer tells that the Organisations


12/16

need to take some tolerance with respect toemployees visiting pirated software sites at work.

It also explains How XP was cracked immediatelyafter the launch. The chief Technology officersays that crackers develop illegal installation fileswhich can now be downloaded from websites.

This is done by Chinese hackers. And this articleincludes the students who have the defeated theencryption system used by banks to protect ATMMachines. This includes Crypto processors whichare designed to destroy encryption keys. Thisincludes the applications developed byApplication Programming Interface or CommonCryptographic Architecture.

Journal 18: Foreign police working in USInternet Fraud Centre

This article is about the establishment of TheInternet Fraud Complaint Centre (IFCC) which isbeen established by the FBI and the NationalWhite Collar Crime Centre (NWC3). According tothe FBI, international cyber policing of theInternet now exits. This FBI has internet Frauddetection training seminars and technicalsurveillance centre for police officers. The statedmission of the IFCC is to address fraud committeeover the internet, this will provides a web based


13/16

reporting mechanism that alerts authorities of asuspected criminal or violation. It also provideslaw enforcement with a central repository forcomplaints related to Internet Fraud, works toquantify fraud patterns and provides timelystatistical data of current fraud trends. Nowcomes the credit card frauds, Visa Internationallaunched a Global Data Security website to assistmerchants meet tougher standards for protecting

and storing data on their own sites. The primarypurpose is to support for merchants efforts toestablish appropriate card holder informationsecurity and privacy controls and measures.Merchants can also evaluate the level of security.

This practice will mostly benefit consumers in

reduced identity theft from fewer credit cardnumbers being stolen from merchant web sites.

The network has potential to do what no otherfraud prevention group is doing: prioritizemerchant concerns and identify specific solutionsfor resolving the issues.

Journal 19: The Worst of Awakening

Continuity planning has evolved anddeveloped from the mundane IT disasterrecovery plan to the more comprehensiveevaluation of business risk to minimize theimpact of disaster on a business to full BusinessContinuity Management. This disaster recovery


14/16

was not deserving of a prime time televisiondebate. To all these technologies even theterrorist got impressed and got attracted towardsit. They were using all important modes of communication like e mail and mobiles. Noaspect of computer security changed moredramatically and tangibly. It is impossible to overestimate how the events of September 11terrorist attack have transformed the people

sense of vulnerability and unfortunately disasterrecovery as a component of a computer securityhas come to the fore front for this tragic reasons.It is not only the corporate which suffers butmostly all of them who are highly dependable onnetworks and in turn telecommunication. Being

prepared seems somewhat of an understatement in any uncertain climate. For manyorganisations this will mean coming to grips withthe concepts and logistics of disaster recovery.And then about threat it is what we all protecteourselves from. A direct threat could mean that

a company has a particular feature that couldattract potential enemies. A location threat couldensue if a company is in an area that wouldattract maximum publicity. If any company islocated near any potential terrorist targets then itis classed as a threat from proximity. Finally athreat from associated activity might be aconcern for a company if a staff or any voard


15/16

members are involved. Then is the E Bombswhose attacks are becoming feasible as the daysgo by and then about worms which may containsleep phase in which the worm will infect asmany host as possible. Another potential probleminvolves routing vulnerabilities. Finally Cyber orPhysical disaster recovery plans are equallyrequired for any kind of threats.

Journal 20: Compsec 2001: Watching TheThreat From Without

Cyberspace is the new one which is building trustand confidence in many of the IT sectors. Thisarticle is all about the premier conference calledConpsec 2001. In this conference, the most

entertaining and memorable presentations wereboth given by Alan Brill on risk consultancy firmKroll. Brill also gave a talk on the Infosecaftermath of the World Trade Centre disaster. Hehighlighted the program associated with hiringstaff without doing rigorous backgroundchecking. Particularly difficult to account for arethe invisible people. He described the events of september11 as a catalogue failure. In theimmediate aftermath of disaster, securitybudgets are likely to be bolstered. In thisconference Brill also gave a talk entitled, 2001: AHacking Odyssey, he made a point that thethreat is greater now than ever. He predicted that


16/16

the next great threat trend will be site denialattacks (SDA). The main key points of thisconference is there is no need for us to be anexpert to launch a cyber attack because of theavailability of point and click hacking tools on theinternet. It says that corporate standardisation of infrastructure increases risk. Management lackcommitment to security because they runsystems they know are flawed yet do not budget

for time to patch and do security maintenance.

Threat N Antivirus

Documents

Transcript of Threat N Antivirus