120 likes | 219 Views
Business Computing 550. Lesson 6. Security Threats on Web Sites. Issues and vulnerabilities Illegal Access and Use (Hacking the system or users exposing login details )
E N D
Business Computing550 Lesson 6
Security Threats on Web Sites Issues and vulnerabilities • Illegal Access and Use (Hacking the system or users exposing login details) • Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or exposing confidential information for the purpose of information gathering, fraud, or computer system access
Security Threats on Web Sites (Cont…) 3. Malicious Software Attacks • Virus: Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data. • Trojan Horse : is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer • Worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout. • Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect
Security Threats on Web Sites (Cont…) 4. Software Flows: Most security applications and suites are incapable of adequate defense against these kinds of attacks. • Applications with known security flaws may allow worms to automatically break into a system and then spread to other systems connected to it. • Fundamental operating system design flaws: The operating system designer chooses to enforce such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator • Unchecked user input: The program assumes that all user input is safe. Programs that do not check user input can allow unintended direct execution of commands or SQL statements SQL injection. • Buffer overflow is an attack that could be used by a cracker to get full system access through various methods by essentially cracking a computer using brute force.
Security tools to protect networks 1. Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worms, Trojan horses, spyware and adware. 2. Anti-spyware. Many programmers and some commercial firms have released products dedicated to remove or block spyware. 3. Intrusion Detection Systems (IDSs) are designed to detect network attacks in progress and assist in post-attack audit trails and logs serve a similar function for individual systems. 4. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet, and can be implemented as software running on the machine.
Security procedures to prevent or minimise the possible security risks 1. Define Policy – Organisations must start out by determining what the desired security state for their environment is. This includes determining desired device and service configurations and access control rules for users accessing resources. 2. Apply penetration testing which is a form of verification of the weakness and countermeasures adopted by an organization 3. Maintain and Monitor – All computing environments are dynamic and evolve over time, as do security policy requirements. Moreover, additional security vulnerabilities are always being identified. For this reason, vulnerability management is an on-going process rather than a point-in-time event.
Employment Act 1992Workplace Safety and responsibilities of an employer Every employer shall take all practicable steps to ensure the safety of employees while at work; and in particular shall take all practicable steps to: (a) Provide and maintain for employees a safe working environment; and (b) Provide and maintain for employees while they are at work facilities for their safety and health; and (c) Ensure that plant used by any employee at work is so arranged, designed, made, and maintained that it is safe for the employee to use; and (d) Ensure that while at work employees are not exposed to hazards arising out of the arrangement, disposal, manipulation, organisation, processing, storage, transport, working, or use of things: (i) in their place of work; or (ii) near their place of work and under the employer's control; and (e) Develop procedures for dealing with emergencies that may arise while employees are at work.
Privacy Dimensions as social and ethical issue in information systems 1. Internet Privacy: The use of internet and online retail activities poses privacy concerns on the business. Examples: • Whether the organisation should be permitted to track the visitors of their website. • Whether the organisation gathers personally identifiable information from the visitors with the possibility of storing or sharing this information. • Collecting personal information of members of a certain club/group. • Privacy and security of credit card numbers.
Privacy Dimensions as social and ethical issue in information systems (Cont…) 2. Employee Privacy Examples: • Emails: Issues about whether cafe managers should be allowed to store or read employee emails without informed consent. • Using computer based monitoring system tied directly to workstations. These systems can monitor what workers are doing and whether they access personal emails or the internet during work hours. • Protecting the privacy of collected employee records.
Privacy Dimensions as social and ethical issue in information systems (Cont…) 3. Customer Privacy Examples: • Protecting customers’ collected private information • Storing customer’s credit card numbers.
Actions to cover the three dimensions of privacy 1. Actions related to informing people what information is collected about them and maintaining their data: • People are consented before storing any information about them. • Allow people to determine what records pertaining to them are collected, maintained and used. • Permit people to gain access to information pertaining to them, to correct or amend their records • Ensure that all collected information is accurate for its intended use. • Actions related to security practices to protect collected information.
Actions to cover the three dimensions of privacy (Cont…) 2. Database Security • Endorsing strict access control measures for accessing data and information in the organisation • Encrypting sensitive information in stored in the database. 3. Network Security • Using encryption technologies when for electronic commerce transactions • Installing a firewall to protect their network from intruders.