Download Chapter 13

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
Document related concepts

Distributed firewall wikipedia , lookup

Malware wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Wireless security wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Chapter 13
Security Strategies
and Systems
Security Issues
The Internet has opened up many new
frontiers for everyone, including con artists
and computer users with malicious intent.
Security Issues
Network and Internet Security Risks
Hardware and Software Security Risks
Computer Viruses
Network and Internet
Security Risks
Unauthorized Access
Information Theft
Denial of Service (DoS) Attacks
Hackers and Crackers
Hackers are individuals who
specialize in breaking security
systems, motivated by either
curiosity or the challenge.
Crackers
Crackers tend to be more decidedly
criminal in nature, and oftentimes steal
information or break the security of a
software program on CD by removing
the copy protection system.
Hacker Methods
A company’s
most valuable
possession is
typically its
information
stored in
databases.
• Obtaining users’ IDs and passwords
• Entering through system backdoors left
unintentionally by programmers
• Spoofing
• Installing spyware
User IDs and Passwords
Most hackers focus on
gaining entry over the
Internet to a secure
computer system by
finding a working user
ID and password
combination.
Obtaining User IDs
and Passwords
Hackers know from experience which
passwords are common and they have
programs that generate thousands of
likely passwords and try them
automatically over a period of hours or
days.
System Backdoors
People who know about
a backdoor can then
enter the system,
bypassing the security,
perhaps years later
when the backdoor has
been forgotten.
A system backdoor is a user ID and password that provides the highest
level of authorization. The “backdoor” often is created in the early days
of system development to allow programmers access to fix problems.
Spoofing
Spoofing is the process of fooling another computer
by pretending to send packets from a legitimate
source.
It works by altering the address that the system
automatically puts on every message sent.
The address is changed to one that the receiving
computer is programmed to accept as a trusted
source of information.
Spyware
• A type of software that allows an intruder
to spy upon someone else’s computer
• Takes advantage of loopholes in the
Windows security systems and allows a
stranger to witness and record another
person’s every mouse click and keystroke
on the monitor as it occurs.
• For the spy, it looks as if a ghost is
moving the mouse and typing in e-mail on
his screen.
Spyware
• For the victim, everything seems normal.
• The spy can record activities, gain access to
passwords and credit card information—or she
can just snoop.
• Software can be installed without victim’s
knowledge. Disguised as an e-greeting, for
example, the program can operate like a virus
that gets the unwary user to install the spyware
unknowingly.
Information Theft
Information can be a company’s most valuable
possession. For example, a sales database lists
all of a company’s clients, with contact information
and sales history.
A competitor who gains access to this information
will have a huge advantage. He will know exactly
how much to bid to gain a sale, which clients to
call, and what products they like to buy.
Industrial Espionage
Stealing corporate information, a crime included in
the category of industrial espionage, is
unfortunately easy to do and difficult to detect.
With software, if a cracker breaks into a company
network and manages to download the company
database from the network onto a disk, nothing
seems wrong. The original database is still in
place, working the same way it did before.
Industrial Espionage
Industrial espionage and other types of
information theft carried out via networks
pose a serious problem.
Wireless Vulnerability
Wireless networks and wireless devices make
information theft particularly easy.
Wireless devices such as cameras, Web
phones, networked computers, PDAs, and
input and output peripherals are inherently
less secure than wired devices. A normal
wired connection, such as a wire between a
keyboard and a computer, cannot be as
easily intercepted as a wireless radio
transmission.
Denial of Service (DoS) Attacks
Carried out by organized
groups of hackers who run
a computer program that
repeatedly asks a Web site
for information or access.
Bombarding the site
thousands of times a
second means that
legitimate users cannot
access the site and thus
are denied service.
Computer Viruses
Computer viruses are
software programs
designed expressly to
“infect” or spread to as
many computers as
possible and perform
some kind of prank.
These pranks range from
annoyance to the
destruction of data and
hardware.
Antivirus Software
The Internet has made
viruses spread more
quickly.
Antivirus software is
available to detect and
remove known viruses.
Methods of Virus Operation
• E-mail
• Macros
• Boot sector infections
• Trojan horse method
• Stealth, polymorphic,
or multipartite viruses
• Logic or time bombs
• Similar to viruses are
software worms, which
operate by transmitting
and copying
themselves.
Hardware and Software
Security Risks
• Major systems failures
• Employee theft
• Cracking of software
protection codes.
Security Strategies
• Data backups
• Disaster recovery plans
• Data encryption
• Firewalls
• User IDs and passwords
• Network sniffers
• Mini webcams
• Biometric authentication
Security Strategies
• Data backups: Create
backup files
and place them in a safe spot
• Disaster recovery plans: Data backup
procedures, remotely located backup
copies, redundant systems
Data Encryption
Other security strategies include using data
encryption for sensitive transactions
Firewalls
Security strategies include setting up
firewalls to protect networks
User IDs and Passwords
User ID and Password Combination
User ID: Known portion
Password: Core security element
To create a secure, memorable
password, use one or two familiar
words connected with a number or
symbol.
Network Sniffers
Network sniffer is a software
package that
• Displays network traffic data
• Shows which resources
employees are using
• Shows Web sites they are
visiting
• Troubleshoots network
connections
• Improves system performance.
Mini Webcams
Webcams were originally
designed to sit on top of a
user’s monitor and allow for
audio/video conversations
with others on the Internet.
They have been adapted,
however, as a security
measure and as a tool for
voyeurism. The addition of a
motion sensor allows them to
transmit only when
something is happening
Biometric Authentication
Biometric identifiers are
unique physical attributes
that can be used to verify a
person’s identity:
• Hand geometry
• Facial geometry
• Facial thermography
• Retinal patterns
• Iris patterns
• Voice patterns
Fingerprint Scanning Systems
Fingerprint scanning
systems are commonly used
for biometric authentication.
Hand Geometry
A hand geometry system
determines a person’s
identity by measuring the
dimensions of the hand,
which are unique to each
individual.
This system is touted as harder to fool than a
fingerprint scanner, as it is more difficult to create a
fake hand than a fake image of a fingerprint.
Computerized Facial Recognition
(CFR) systems work in a variety of ways, but the
primary goal is to recognize a human face by
comparing it to existing scans of photos in a
database.
Voice and Signature Verification
By measuring the pitch
and timbre of a human
voice, computers are
able to recognize
individuals.
Scanners are used to verify a person’s signature
against a known database of signatures.
Iris and Retinal Recognition
Hundreds of details
about irises can be
measured and compiled
as unique patterns
stored in iris recognition
systems.
Iris and retinal recognition
systems are used primarily in
high-security environments
such as military installations
and financial institutions.
On the Horizon
Keystroke
identification is a new
area of biometric
technology that
measures typing
rhythms, which are
virtually impossible for
someone to falsify.
This type of system offers the advantages of being
unobtrusive, fairly low-tech, inexpensive, and highly
effective.
On the Horizon
Quantum cryptography is a new attempt to
make even the starting encryption keys secret.
Using quantum devices to transmit light signals
over fiber optic cable, two parties who wish to
send a secret message can exchange their
unprotected key as normal to start the sequence.
If anyone observes the key, the system will be
disturbed, and both sides will be aware of the
security breach.
Related documents
Security
Security
User Defined Tag 1 - DA Document Manager
User Defined Tag 1 - DA Document Manager
1.3 Viruses are not alive but affect living things. Vocabulary Host cell
1.3 Viruses are not alive but affect living things. Vocabulary Host cell
Security Risks
Security Risks
Chapter 5 Protection of Information Assets
Chapter 5 Protection of Information Assets
Security Risks - Bannerman High School
Security Risks - Bannerman High School
Anton van Leeuwenhoek, who is considered to be the father of
Anton van Leeuwenhoek, who is considered to be the father of
Chapter 24- Viruses, section review answers
Chapter 24- Viruses, section review answers
Biometric Confirmations Throughout the Criminal Justice Process
Biometric Confirmations Throughout the Criminal Justice Process
Stat 430 Homework 2 Fall 2008
Stat 430 Homework 2 Fall 2008
Blue Asterisk template - Connected Security Expo
Blue Asterisk template - Connected Security Expo
Introduction to Information Security - Cs Team Site | courses.cs.tau.ac.il
Introduction to Information Security - Cs Team Site | courses.cs.tau.ac.il
Combinatorics and Discrete Probability
Combinatorics and Discrete Probability
CSCI6268L24
CSCI6268L24
The Future of Online Internet Marketing:
The Future of Online Internet Marketing:
Small DNA Tumor Viruses
Small DNA Tumor Viruses
Cold vs flu
Cold vs flu
Bill Holmes
Bill Holmes
TIM158-2013-Lectures 10-11
TIM158-2013-Lectures 10-11
幻灯片 1 - University of Calgary
幻灯片 1 - University of Calgary
Internet safety townhall slide deck
Internet safety townhall slide deck
Biometric Databases
Biometric Databases