UNIT 7 - ORGANISATIONAL SYSTEMS SECURITY

Lesson 3 - Damage to or destruction of systems or information

Last Session

Accidental damage to or destruction of systems or information:

fires and other natural disasters

Power variations

This Session

Damage to or destruction of systems or information:

malicious damage (internal and external causes)

Information security:

confidentiality

integrity and completeness of data

availability of data as needed

New threats reported everyday

Typo-squatting, doppleganger domains

E.g. Goggle.com

30% of Fortune 500 susceptible

Email Based Attack Vectors catch-all email account (passive)

120,000 individual emails (or 20 gigabytes of data) in 6 months, trade secrets, business invoices, employee PII, network diagrams, usernames and passwords,

second attack vector involves social engineering

godaigroup.net

godaigroup.net/free-doppelganger-domain-scan/

Man in the MailBox (MITMB)

Malicious Damage

The first computer virus for Microsoft DOS was apparently written in 1986

Brain virus

NO computer system is immune from attack

http://www.linuxinsider.com/story/62275.html malware

Malicious Damage Several famous malicious computer programs:

the Morris worm released in 1988,

the MBDF virus

the Pathogen virus

the Melissa virus

the Anna worm

By 2002 these were the ONLY cases where a person had been convicted; over a dozen were arrested in 2004. In May 2014 over 100 people world-wide were arrested in connection with one piece of malware (The Guardian)

http://www.theguardian.com/technology/2014/may/19/fbi-arrests-100-hackers-blackshades-rat-backdoor-malware

Malicious damage: - task

For your selected incident find out and report back to the group:

When was it released? What did it do? Where did it originate? Who was responsible? How much damage was

caused? What was the punishment? What OS(s) did it attack?

Morris wormthe MBDF virusthe Pathogen virusthe Melissa virusthe Anna wormGoner wormBlaster

Rapid propogation

How long do you think a new computer was estimated to have as ‘survival time’ before being infected (using XP, 2004)?

Data from the Register, 19th Aug 2004

How long do you think it took the Slammer worm to scan all 4 billion IP addresses following its release in February 2005?

Ronald Standler

Threats to E-Commerce

Website defacement – crackers seek out script or version vulnerabilities in servers and website coding. Then edit site to include: Graffiti-type ‘tags’ Political statements Religious statements Childish statements Explicit or inappropriate images

Meta-refresh tags to forward visitors to spoof sites (phishing).

Denial of Service or Distributed Denial of Service

Website defacement – why?

What Hackers Do With Compromised WordPress SitesThis entry was posted in Learning, Research, WordPress Security on April 19, 2016 by Dan Moenhttps://www.wordfence.com/blog/2016/04/hackers-compromised-wordpress-sites/

Technical Errors

Seldom a cause for concern

Regular maintenance of equipment will contain most of these errors

Human Errors one of the biggest sources of errors in any complex

system.

poorly designed human-computer interface (HCI).

“usually it’s caused by an action, or failure, of someone inside the company.”*

60% of all attacks carried out by insiders **

¾ of these malicious**

¼ accidental**

*The Biggest Cybersecurity Threats Are Inside Your CompanyMarc van ZadelhoffSEPTEMBER 19, 2016https://hbr.org/2016/09/the-biggest-cybersecurity-threats-are-inside-your-company** 2016 Cyber Security Intelligence Index quoted in *

Computer Theft

This is physical removal of a computer system

Seldom happens

Good example:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9056058

http://www.datacenterknowledge.com/archives/2007/12/08/oceans-11-data-center-robbery-in-london/

Portable devices more at risk

Computer Theft

Of course people leave computers lying about http://www.bbc.co.uk/news/uk-scotland-glasgow-

west-18955798 (2000)

http://news.bbc.co.uk/1/hi/uk/1279584.stm (2012)

“The unencrypted laptop contains sensitive details of 8.63 million people plus records of 18 million hospital visits, operations and procedures.” (2011)Read more: http://www.thesun.co.uk/sol/homepage/news/3637704/Missing-Laptop-with-86million-medical-records.html#ixzz26picYml9

Counterfeit Goods

music, films, software, websites, hardware, etc

Infringement of copyright

Damage to reputation and future sales of genuine manufacturer

Copyright, Designs & Patents Act 1988

So far…

Know potential threats to IT systems and organisations Natural disasters

Accidental damage to or destruction of systems or information

Malicious damage Threats to e-commerce Human error Technical error Theft or loss Counterfeit

Counterfeit Goods

FACT – case studies Task

Find an example of counterfeit software. What were the consequences (£….) for the original, genuine company? For users?

Find an example of counterfeit hardware. What were the consequences for the original, genuine company? For users?

Record your sources!

10 minutes

Counterfeit Goods – effects on the customer

Customer disappointment

Possible damage to customer equipment – e.g. Malware contained on DVD’s, software

Illegal downloading -> legal process, heavy fine, loss of computer; traceable through IP address

Health effects – e.g. Counterfeit hardware may cause fires

Wider impact on society – often used to fund other criminal or terrorist activities

Information Security

protecting information and information systems from:

unauthorized access

Use

Disclosure

Disruption

modification

destruction

Information Security

Protect

the confidentiality,

integrity and

availability of information

Information Security

Involves:• Communications• Hardware• SoftwareProtected by:• Products • People• Procedures

Confidentiality Who can see the information? Who can update the information? How long should the information be stored? How often should it be checked to make sure it is

up-to-date and accurate? What information can be stored? What systems should be used to store the

information? How often do you review the above? Data Protection Act 1998

http://www.legislation.gov.uk/ukpga/1998/29/contents

Integrity and completeness of data Critical

Errors cause damage to individuals and organisations

Medical,

credit,

police,

Need to review - ask customer, person involved.

Availability of Data

What are the effects when authorised users cannot access systems or data?

Task

Consider the different types of risk:

List each of them under the key strands of Information Security? State why – e.g. Confidentiality

Man in the Middle attack - steals private data

Integrity Human error – incorrect data entered into system

Availability Network failure – users unable to access system or

data

Legal aspects

Which laws are relevant to Information Security?

• Data Protection Act 1998• Computer Misuse Act 1990• Freedom of Information Act 2000• Copyright, Designs and Patents Act

1988

Task – 15 mins

Find evidence (newspaper articles etc) to show the main impact of these acts:

Data Protection Act 1998

Computer Misuse Act 1990

http://www.computerevidence.co.uk/Cases/CMA.htm

Freedom of Information Act 2000

https://www.whatdotheyknow.com/

Copyright, Designs and Patents Act 1988

Assignment 1

Know your threats

P1 - Explain the impact of different types of threat on an organisation.

M1 - Discuss information security.

P1 - Explain the impact of different types of threat on an organisation.

Leaflet (draft format):

Type of threat,

example of each

Consequences to business

6 types of threat are listed on the brief

Variety of consequences are suggested –other consequences can be included

~ 3 sides of A4

M1 Discuss information security

Relate strands to threats in task 1.

Confidentiality

Integrity and completeness of data

Availability of data

– Do not confuse with confidentiality!

Explain legal aspects:

Computer Misuse Act 1990,

Data Protection Act 1998,

Copyright, Designs and Patents Act 1988