CHAPTER FIVE

Information System Security

Outline
 Introduction
 Major Threats To Information System Security
 Factors Contributing To Threat
 Computer Crime
 Managing Information System Security

1
 Chapter IV
Introduction

Information System Security

Threats – IS Factors Managing IS

Security Contributing to Security
Threat

 Goals
 Definition of IS  Inadvertent act  Strategy
Security  Deliberate SW attack  Policy
 Dimensions of IS  Virus, Hacking,  Authentication
Security identity theft,  Access control
 Definition of IS cyber-harassment,  Encryption
Security Threats war, crime  Backup
 Natural Disaster  Firewall
 Technical Failure  IDS
 Management failure  Physical security
3

Chapter IV

MAJOR THREATS TO INFORMATION

SYSTEM SECURITY

2
 Definition of Information System Security
 Security is defined as “the quality/state of being secured –
to be secured from danger”
 Information security – practice of defending digital
information from unauthorized:
 Access

 Use

 Recording

 Disruption

 Modification

 Destruction
5

Goals of Information Security

 Availability:
 Ensuring that legitimate users can access the system

 Integrity
 Preventing unauthorized manipulations of data and systems

 Confidentiality
 Protecting data from unauthorized access

 Accountability
 Ensuring that actions can be traced

3
 Dimensions of Information Security

 Information is:
 Stored on computer hardware

 Manipulated by software

 Transmitted by communication network

 Used by people, etc.

Information Security Threats

• Security Threat: any event or circumstance that could cause
disclosure, alteration, loss, damage or unavailability of a
company’s/individual’s assets

• Three components of threat:

 Target: organization’s assets that might be attacked (information,
HW, SW, Network service, etc.)

 Agent: people/organization originating threat (intentional/non-

intentional)

 Events: type of action that poses the threat

4
 Chapter IV

FACTORS CONTRIBUTING TO THREAT

FACTORS CONTRIBUTING TO THREAT

 INADVERTENT ACTS

 Acts that happen by mistake

 Not deliberate or with no malicious intent or ill will

 Examples of inadvertent acts

 Acts of Human error and failure (inexperienced, poor training)

 Deviation from service quality,

 Communication error

10

5
 FACTORS CONTRIBUTING TO THREAT
 DELEBERATE SOFTWARE ATTACKS
 Deliberate action aimed to violate/ compromise a system’s security
through the use of software:

 Use of malware

 Password Cracking

 DoS and DDoS

 Spoofing

 Sniffing

 Man-in-the-Middle

 Phishing

 Pharming
11

FACTORS CONTRIBUTING TO THREAT

 NATURAL DISASTER
 Dangerous - unexpected and occur without very little warning

 Causes damage to information

 Avoid

12

6
 FACTORS CONTRIBUTING TO THREAT
 TECHNICAL FAILURE
 Two Types:
 Technical Hardware Failure
 Equipment distributed with flaws that may be known or
unknown to the manufacturer
 Technical Software Failure
 Cause the system to perform in an undesirable or
unexpected way  may be unrecoverable

13

FACTORS CONTRIBUTING TO THREAT

 MANAGEMENT FAILURE
 Managers:
 Update themselves about recent developments and technology
 Develop proper plan for good protection of the information
 Committed to upgrade the existing system to the latest
technology (assisted by IT professionals)

14

7
 Computer Crime
 What is computer crime?
 Using a computer to commit an illegal act
 Targeting a computer while committing an offense

 Unauthorized access of a server to destroy data

Using a computer to:

 Commit an offense: to embezzle funds

 Support criminal activity: illegal gambling

15

Computer Crime

 Who commits a crime?

 Current or former employees; insider threat
 People with technical knowledge who commit business or
information sabotage for personal gain

 Career criminals a person who earns his or her income through

criminal activities

 Outside crackers — commit millions of intrusions per year

16

8
 Types of Computer Crimes

Identity
Hacking & Cracking
Theft

Computer
Viruses

Cyber harassment,
Cyberstalking, Piracy
Cyberbullying

17

Hackers & Crackers

 Hackers
 Anyone who can gain unauthorized access to computers

 White hat hackers don’t intend to do harm

 Crackers
 Individuals who break into computer systems with the intent
to commit crime or do damage

 Also called black hat hackers

 Hacktivists
 Crackers who are motivated by political or ideological goals
and who use cracking to promote their interests
18

9
 Computer Viruses
 Perverse software which cause malicious activity (spread
destructive program routines)
 Hindering execution of other programs

 Modification or complete destruction of data

 Destroy the contents of memory, hard disks, and other

storage devices

 Sabotaging the operating system

 Types: Virus, Worms, Trojan Horses, Bombs,

19

Computer Viruses
Type Description Way of Propagation/ Effect
spreading
Worms  Stand-alone  Replicates itself and  Neither delete nor
program and spread from one computer change data/files
propagates to another  Make multiple copies of
itself  It doesn't need to be part itself and send the copies
automatically of another program to be on the network and
propagated congest disk drives
 Useful for installation of
a network – to check its
presence at each node

Virus  Program code  Makes copies of itself (just  Erasing/overwriting files

that reproduce like biological viruses)  Formatting hard disk
itself within a  Propagate by attaching  Allowing unauthorized
computer itself to executable files access to the machine
system (e.g., application  Modify or even destroy
programs, OS) - running the software
executable file make new  but doesn’t damage HW
copies of the virus
 Also propagates a copy of
itself via telephone lines
or via network connections 20

10
 Computer Viruses
Type Description Way of Propagation/ spreading Effect

Bombs  Piece of bad  Explode and cause immediate  Disruption of

code damage when conditions computer system,
fulfilled: modification or
 Time Bomb – activated by a destruction of
computer clock data
 Logic Bomb – activated by
combination of events (e.g.
deleting file – destroying the
whole content of the memory)

Trojan  Pretends to be a  Doesn’t attach itself to other  Steals personal

Horse legitimate programs information(PW)
program (e.g.  Doesn’t move from one & sends it to a
game, utility computer to the other (happens criminal
program) but only when it is copied)  Modify records in
contain special  As an e-mail attachment – when protected files
hidden codes executed it creates damage  Delete the
content of the
machine

21

Computer Viruses
 Reasons for perverse activity:
 For gaining publicity

 Revenge on company/person

 In-born natural desire to tease other people

 Act of maniac

22

11
 Computer Viruses
 Commonly transmitted through:
 The Internet and online services:

 Hacker creates a virus and attaches it to a real program or file on a

Website

 User downloaded file (thinking it is a legitimate file or program). Once

downloaded, it infects other files and programs on the machine

 Email and file attachments and files shared

 Disks from contaminated computers

 Doesn’t infect non-executable files

 User created word files, database files, source program code

 Infects files with extension (.COM, .EXE, .OVR, .OVL, .SYS, .BIN)
23

Computer Viruses

 Protection & Treatment Mechanism

 Preventive

 Detection and Removal of a virus

Using anti-virus SWs

 Recovery of the damaged data files

24

12
 Spyware, Spam, and Cookies
 Spyware: software that monitors the computer use, such as the
Web sites visible or even the keystrokes of the user

 Spam: Bulk unsolicited e-mail sent to millions of users at extremely

low cost, typically seeking to sell a product, distribute malware, or
conduct a phishing attack

 Cookies: A small file Web sites place on a user’s computer; can be

legitimate (to capture items in a shopping cart) but can be abused
(to track individuals’ browsing habits) and can contain sensitive
information (like credit card numbers) and pose a security risk

25

Denial-of-Service (DoS)
 A denial-of-service attack seeks to overload
servers, typically using a network of hacked
computers that are controlled remotely, by
sending too many requests or messages to the
server for it to handle.

 When a server has too many requests to handle,

it becomes overloaded and unable to serve the
requests of legitimate users.

26

13
 Spoofing
 Insertion of forged (but trusted) IP addresses into IP packets in
order to gain access to networks/components
 Ingress filtering – ISP discard packet with IP address not belonging to
any of the networks connected to the ISP

 Egress filtering – organization’s firewall discards any outgoing packet

with a source address that doesn’t belong to the organization

27

Sniffing
 Use of a program or device that can monitor data traveling
over a network

 Unauthorized sniffers – sniff/extract critical information;

can’t be detected

28

14
 Phishing
 It is an attempt to gain sensitive personal information by
posing as a legitimate entity
 E.g. an e-mail is sent to the victim informing them of a problem
and asking them to provide their username, password, etc.

29

Identity Theft
 Stealing Social Security, credit card, bank account
numbers and information
 Thieves even withdraw money directly from victims’ bank
accounts
 Organizations keep information about individuals in accessible
databases

 One of the fastest growing information crimes

 Possible solutions
 Government and private sector working together to change
practices
 Use of biometrics and encryption
30

15
 Cyber-harassment, Cyberstalking, and
Cyberbullying
 Communicating offensive, ill-mannered, or threatening
content

 To cause emotional distress

 To track the individual’s online activity & committing acts that
damage the reputation of the individual

31

Software Piracy
 Unauthorized copying of computer programs, which is intellectual
property protected by copy right law.

 Using software that isn’t properly licensed and paid for, such as by
purchasing one copy of a product and then using it on multiple
computers.

 Huge profit loss by software publishers

Region Piracy Level Dollar Loss
(in US$ millions)
North America Western 19% 10,958
Europe 32% 13,749
Asia/Pacific 60% 20,998
Latin America 61% 7,459
Middle East/Africa 58% 4,159
Eastern Europe 62% 6,133
Worldwide 42% 63,456
32

16
 Privacy Issue
 Violation of Privacy
 Unauthorized access of individuals’ private email conversations
and computer records (personal files)

 Collecting and sharing information about individuals gained from

their visits to Internet websites

 Computer Monitoring: tracking where a person is, especially as

mobile and paging services are becoming more closely associated
with people rather than places.

33

Cyberwar and Cyber-terrorism

 Cyber-war
 Modern military systems rely on their own sophisticated
networks to help the military execute its mission
 Cyber-war involves protecting a military’s own infrastructure
and/or disrupting an enemy’s infrastructure.
 Cyber-war Vulnerabilities
 Command-and-control systems

 Intelligence collection, processing, and distribution systems

 Tactical communication systems and methods

 Troop and weapon positioning systems

 Smart weapons systems

34

17
 Cyberwar and Cyber-terrorism

 Cyber-war strategy includes controlling Internet-based

propaganda
 Web vandalism

 “Patriot hackers”-governments sometimes blame independent

citizens or groups for cyber-war attacks

 Stuxnet—malware against an Iranian system

 Originally blamed on patriot hackers, then revealed to be
developed by the U.S. and Israel

35

Cyberwar and Cyber-terrorism

 Cyber-terrorism
 Attacks by individuals and organized groups (not by the
government)

 Goal Political, religious, or ideological

 Terrorists are leveraging the Internet to coordinate their

activities, recruit, and perform fundraising

 Globalization of Terrorism (a global business)

 Attacks can be launched from anywhere in the world

36

18
 Cyberwar and Cyber-terrorism

Types of Cyber-terrorism Terrorist Use of the Internet

• Coordinated bomb attacks • Information dissemination
• Manipulation of financial and • Data mining
banking information • Fundraising
• Manipulation of the • Recruiting and mobilization
pharmaceutical industry • Networking
• Manipulation of transportation • Training
control systems
• Planning and coordinating
• Manipulation of civilian
infrastructures • Information gathering
• Manipulation of nuclear power • Location monitoring
plants

37

Chapter IV

Managing Information System Security

38

19
 Developing IS Security Strategy
 Options for addressing information security risks
 Risk Reduction
Actively installing countermeasures
 Risk Acceptance
Accepting any losses that occur
 Risk Transference
Have someone else absorb the risk (insurance,
outsourcing)
 Risk Avoidance

Using alternative means, avoiding risky tasks

39

Developing IS Security Strategy

 A strategy is developed detailing the information security
controls
 Types of Controls
 Preventive:
 negative event from occurring: intruders
 Detective
 recognizing wrong incidents: unauthorized access attempts
 Corrective
 Mitigating the impact
 Principles of least permissions and least privileges

40

20
 Developing IS Security Strategy

 IS Security Mechanisms:
 Developing Information System Security Policy

 Use of authentication mechanism

 Access control

 Back-ups

 Firewalls

 Intrusion detection system

 Physical Security

41

IS Security Policy & Procedure

 Policies and procedures include:

 Information policy: handling, storage, transmission, and destroying

 Security policy: access limitations, audit-control software, firewalls,

etc.

 Use policy: proper use

 Backup policy: requirements – critical data

 Account management policy: adding & removing users

 Incident handling procedures: list procedures to follow when

handling a security breach

 Disaster recovery plan: restore computer operations in case of a

natural or deliberate disaster

42

21
 Authentication Mechanism

 Use of Passwords: secret alphanumeric text used for

authentication

 Can be compromised if it is weak

 Use of key or smart cards:

 Can be easily stolen/lost

 Use of physical characteristics

 Biometric: Identification via fingerprints, retinal patterns in

the eye, facial features, or other bodily characteristics

43

Access Control
 Which users are authorized to read, write, modify, add,
delete after login through password

 Only those with such capabilities are allowed to perform

those functions

44

22
 Chapter V
Physical Security

 Locked doors

 Physical intrusion detection

 Security cameras

 Secured equipment – e.g. hard disc – locked

 Environmental monitoring
 Monitoring temperature, humidity, airflow  for servers and
other high value equipment

 Employee training – how to secure

45

Chapter V
Antivirus
 Used to prevent, detect and remove malware

 It runs in the background at all times

 It should be kept updated

 It runs computer disk scans periodically

 Eg. McAfee, Norton, Kaspersky.

46

23
Thank you !!!!

47

24