This action might not be possible to undo. Are you sure you want to continue?
I.T. SECURITY INCIDENTS: A WORSENING PROBLEM The security of information technology used in business is of utmost importance. Confidential business data and private customer and employee information must be safe-guarded, and systems must be protected against malicious acts of theft or disruption.
Although the necessity of security is obvious, it often must be balanced against other business needs and issues. Business managers, IT professionals, and IT users all face a number of ethical decisions regarding IT security: y If their firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low profile to avoid the negative publicity, must they inform their affected customers, or should they take some other action? How much effort and money should be spent to safeguard against computer crime (how safe is safe enough?) If their firm produces software with defects that allow hackers to attack customer data and computers, what actions should they take? What tactics should management ask employees to use to gather competitive intelligence without doing anything illegal? What should be done if recommended computer security safeguards make life more difficult for customers and employees, resulting in lost sales and increased costs?
y y y y
Higher Computer User Expectations Today, time means money and the faster that computer users can solve a problem, the sooner they can be productive.
Increased Reliance on Commercial Software with Known Vulnerabilities In computing, an exploit is an attack on an information system that takes advantage of particular system vulnerability. Often, this attack is due to poor system design or implementation. Once the vulnerability is discovered, software developers quickly create and issue a fix or patch to eliminate the problem.
sending copies of themselves to other computers by e-mail or Internet Relay Chat (IRC). Other viruses sit in a computer s memory and infect files as the computer opens. y y y SQL Slammer Worm Blaster Worm Zotob Computer Worm TYPES OF ATTACKS Security incidents can take many forms. or denial of service.A zero-day attack takes place before the security community or a software developer knows about vulnerability or has been able to repair it. but one of the most frequent is an attack on a networked computer from an outside source. and new varities are being invented all the time. Worms Unlike a computer virus. a virus is a piece of programming code. Most attacks involve a virus. usually disguised as something else. few such attacks have been documented as of this writing. Technically. that causes some unexpected and usually undesirable event. Most viruses deliver a payload or malicious act. which requires users to spread infected files to other users. Often.15 billion $1. Although the potential foe damage from zero-day exploits is great.75 billion $2. worm. the viruses executes.10 billion . worms are harmful programs that reside in the active memory of the computer and duplicate themselves. Viruses Computer virus has become an umbrella term for many types of malicious code. TABLE 3-1 Cost Impact of Worms Name ILOVEYOU Code Red SirCam Melissa Year released 2000 2001 2001 1999 Worldwide economic impact $8. They differ from viruses because they can propagate without human invention. There are numerous types of attacks. or creates them. Trojan horse. a virus is attached to a file so that when the infected file is opened.62 billion $1. modifies.
Trojan Horses A Trojan horse is a program that a hacker secretly installs on a computer. The program s harmful payload can allow the hacker to steal passwords or Social Security numbers. . Denial-of-Service (DoS) Attacks A denial-of-service attack is one in which a malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other small tasks. Perpetrators Computer criminals often have the same motive as other types of criminals thrill seekers wanting a challenge. and eventually the requests exhaust all resources of the target. A denial-ofservice attack does not involve a break-in at the target computer. and terrorists seeking to cause destruction to further their cause. The data may then be sold to criminals who use the information to obtain credit cards or pilfer bank accounts. instead. Corporations with Internet connections can ensure that spoofed packets don t leave their corporate network using a process called egress filtering. it just keeps the target machine so busy responding to a stream of automated requests that legitimate users cannot get in the Internet equivalent of dialing a telephone number repeatedly so that all other callers hear a busy signal. The zombies are often programmed to put false return addresses on the packets they send put (known as spoofing) so that the sources of the attack are obscured and cannot be identified and turned off. Internet service providers (ISPs) can prevent incoming packets with false IP addresses from being passed on by a process called ingress filtering. industrial spies trying to gain a competitive advantage. The target machine holds the line open while waiting for a reply that never comes. common criminals looking for financial gain. or spy on users by recording keystrokes and transmitting them to a server operated by a third party.
Web sites. Cracking is a form of hacking that is clearly criminal activity. spread harmful programs or hateful messages. .Type of Perpetrator Hacker Objectives Test limits of system and gain publicity Cause problems. downloadable hacker tools. Malicious Insiders The top security concern for companies is the malicious insider an ever-present adversary. They have at least a basic understanding of information systems and security features. and write scripts and automated programs that let other people do the same things. Crackers break into other people s networks and systems. and much of their motivation comes from a desire to learn even more. Some hackers are smart and talented. and even hacker conventions (such as Defcon. deface Web pages. and corrupt systems Make money and disrupt company s information systems Capture trade secrets and gain competitive advantage Make money Destroy key infrastructure components Resources available to perpetrator Limited Level of risk acceptable to perpetrator Minimal Frequency of attack High Cracker Limited Moderate Medium Insider Knowledge of systems and passwords Well funded and well trained Moderate Low Industrial spy Minimal Low Cyber-criminal Cyber-terrorist Well funded and well trained Not necessarily well funded or well trained Moderate Very High Low Low Hackers and Crackers Hackers test the limitations of systems out of intellectual curiosity to see whether they can gain access and how far they can go. An estimated 85 percent of all fraud is perpetrated by employees. an annual gathering in Las Vegas). according to the Association of Certified Fraud Examiners (ACFE). steal data. has lots of spare time. has minimal financial resources. Today s hacker commonly is male. but many are technically inept and are referred to as lamers or script kiddies by more skilled hackers. hackers have a wealth of available resources to hone their skills online chat groups. who account for more than $660 billion per year in losses. crash computers. Surprisingly. and is a social outsider. in his mid-20s or younger.
they can also be consultants and contractors. A strong security program begins by assessing threats to the organization s computers and network. Such attacks could include sending a virus or worm or launching a denialof-service attack. attacks can easily originate from foreign countries. However. identifying actions that address the most serious vulnerabilities. REDUCING VULNERABILITIES The security of any system or network is a combination of technology. has no record of being a problem employee. the typical employee who commits fraud has many years with the company. and it requires a wide range of activities to be effective. networks. making detection and retaliation much more difficult. often by transferring money from one account to another to another leaving a hopelessly complicated trail for law enforcement officers to follow. They can spend large sums of money to buy the technical expertise and access they need from unethical insiders. and educating users about the risks involved and the actions they must take to prevent a security incident. Industrial Spies Industrial spies use illegal means to obtain trade secrets from competitors of their firm. Because of the internet. is an authorized user. and people. such as disgruntled employees and ex-employees. uses legitimate computer commands to commit the fraud. personal identities. Cyberterrorists Cyberterrorists intimidate or coerce a government or organization to advance their political or social objectives by launching computer-based attacks against other computers. and cell phone IDs. They hack into corporate computers and steal.Insiders are not necessarily employees. policy. Trade secrets are protected by the economic Espionage Act of 1996. which makes it a federal crime for people to use a trade secret for their own benefit or another s benefit. Cybercriminals also engage in all forms of computer fraud stealing and reselling credit cards numbers. and does so mostly during business hours. is in a non-technical position. . Cybercriminals Information Technology provides a new and highly profitable venue for cybercriminals. Trade secrets are most often stolen by insiders. and the information stored on them.
and part-time workers Employees. The concept of reasonable assurance recognizes that mangers must use their judgment to ensure that the cost of control does not exceed the system s benefits or the risks involved.000 Probability x cost= expected cost impact $400.000 Assessment of current level of protection Poor Poor 1 2 Risk Relative priority to be fixed Denial-ofservice attack E-mail attachment with harmful worm Harmful virus Invoice and payment fraud 90% 10% $50. A security policy outlines what needs to be done. Educating employees. A good policy delineates responsibilities and expected behavior by members of the organization. Its goal is to identify investments in time and resources that can best protect the organization from its most likely and serious threats.000 $200.000 $20.000 $140. Users must understand that they are a key part of the security system and that they have certain responsibilities.000 $45.000 Good Excellent 3 4 Establishing a Security Policy A security policy defines an organization s security requirements and the controls and sanctions needed to meet those requirements. No amount of resources can guarantee a perfect security system. Estimated probability of such an event occurring 80% 70% Estimated cost of a successful attack $500.Risk Assessment A risk assessment is an organization s review of potential threats to its computers and network and the probability of those threats occurring. and part-time workers must be educated about the importance o security so they will be motivated to understand and follow the security policy. but not how to do it. so organizations frequently have to balance the risk of a security breach with the cost of preventing one. contractors. contractors. It should refer to procedure guides instead of outlining the procedures. Often. this can be accomplished by discussing recent security incidents that affected the organization. Users must help protect an organization s information systems and data by doing the following: y y Guarding their passwords to protect against unauthorized access to their accounts Not allowing others to use their passwords .000 $200.
intrusion prevention system. IT staff must promptly delete the computer accounts. Intrusion Detection Systems An intrusion detection system monitors system and network resources and activities. organizations should implement detection systems to catch intruders in the act. known as the virus signature. To reduce the threat of attack by malicious insiders. Antivirus software scans for a specific sequence of bytes. Organizations often employ an intrusion detection system. Implementing Safeguards against Attacks by Malicious Insiders Corporate security managers believe some of their worst security breaches come from corporate users who access information they are not authorized to see. Thus. and then notifies the proper authority when it identifies possible intrusions from outside the organization or .y y Applying strict access controls (file and directory permissions) to protect data from disclosure or destruction Reporting all unusual activity to the organization s IT security group Prevention Installing a Corporate firewall Installation of a corporate firewall is the most common security precaution taken by businesses. login IDs. and passwords od departing employees. Another potential problem is leaving user accounts active after employees leave the company. no organization is completely secure from a determined attack. Detection Even when preventive measures are implemented. A firewall stands guard between your organization s internal network and the Internet and limits network access based on the organization s access policy. or a honeypot to minimize the impact of intruders. Installing Antivirus Software on Personal Computers Antivirus software should be installed on each user s PC to regularly scan a computer s memory and disk drives for viruses.
malformed packets. The honeypot is well-isolated from the rest of the network and can extensively log the activities of intruders. Honeypots The idea of a network-based honeypot is to provide would-be hackers with the fake information about a network by means of a decoy server to confuse them. The IPS sits directly behind the firewall and examines all the traffic passed by it. trace them. There are two fundamentally different approaches to intrusion detection knowledge-based approaches and behavior-based approaches. they work to prevent an attack by blocking viruses. Intrusion Prevention Systems Intrusion prevention systems (IPSs) evolved from network intrusion detection systems. and other threats from getting into the company network.misuse from within the organization. . or keep a record for prosecution.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.