WHY SYSTEMS ARE VULNERABLE

When large amounts of data are stored in electronic

form, they are more vulnerable to threats The
potential for unauthorized access, abuse or fraud is
not limited to a single location CONTEMPORARY
SECURITY CHALLENGES Technical, organizational
and environmental factors.
Internet vulnerabilities : Computers that are
constantly connected to internet by cable modems or
DSL’s are more open to penetration by outsiders
because they use fixed internet adresses where they
can be easily identified.

Wireless Security Challenges: Radio frequency

bands are easy to scan The service set identifiers
(SSID) identifying the access points broadcast
multiple times
Malicious Software (Malware)
Virus :
Malicious software program that attaches itself to another
program or file to be executed .
Mostly they deliver a ‘payload’, (just a message or destroys data)
Spread from computer to computer, triggered by human actions
Worm :
Copy themselves from computer to computer through network
Destroy data and halt operations of computer network
Usually come through downloaded programs, e-mail attachments
Malware target mobile devices too, thus being a serious threat to
enterprise computing
Trojan Horse
Looks like a legitimate program
Does not replicate itself, but creates way for virus and other malicious
code
Based on the Greek Trojan war

SQL injection attacks

Malware that takes advantage of vulnerabilities in poorly cose web
application software
Enter data into online form to check for vulnerability to a SQL injection

Spyware
Small programs that temporarily install themselves on the computer to
monitor web surfing for advertising, but they also act as malware,
affecting the computer peformance
Hacking and Computer Crime
Hacking :
Accessing a computer system unauthorized
Usually “cracker” is an individual with criminal intent
Find weaknesses in the security features of web sites or computer systems

Cyber Vandalism :
Intentional disruption, defacement of web site or corporate information

Spoofing :
Hackers hide themselves behind fake ids
Also involves redirecting a Web link to a fake ones that looks like the
original site
 Sniffing :
Eavesdropping program that monitors information
traveling over a network
They have a legitimate use as well, but otherwise can be
very lethal

DoS Attack :
Hackers flood a network server or web server will many
requests for services to crash the network
For e-commerce sites, these attacks can be costly
Hacking and Computer Crime
Computer Crime
“Any violations of criminal law that involve a knowledge
of computer technology for their perpetration,
investigation or prosecution”
Computers as targets of crime :
• Breaching the confidentiality of protected computerized data
• Accessing a computer without authority
• Accessing a protected computer to commit fraud
• Accessing a protected computer to cause damage Transmitting a
program that intentionally causes damage
• Threatening to cause damage to protected computer 
Computer as instruments of crime  :
Theft of trade secrets Unauthorized copying of software or
copyrighted intellectual property Schemes to defraud
Using e-mail for threats and harassment Intentionally
attempting to intercept electronic communication Illegally
accessing stored electronic documents
Hacking and Computer Crime
Identity Theft
Crime in which an imposter obtains key pieces of key personal information to
impersonate someone else, eg. Credit card theft
Phishing
Setting up fake web sites or sending fake e
mails that look legitimate to ask users for personal data
Pharming
Redirects users to fake web page even when they have entered the correct web
address
Happens when ISP companies have flawed software
Cyberterrorism
Cyber attacks that target software that run electric power grids, air traffic
control, or bank networks (on large scale)
 CLICK FRAUD
It occurs when a individual or computer program
fraudulently clicks on an online add without any
intention of learning more about the advertiser or
making a purchase