1 / 23

Ethics and Security

Ethics and Security . Information Has No Ethics. Acting ethically and legally are not always the same . PROTECTING INTELLECTUAL ASSETS. Organizational information is intellectual capital - it must be protected

kelton
Download Presentation

Ethics and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Ethics and Security

  2. Information Has No Ethics Acting ethically and legally are not always the same

  3. PROTECTING INTELLECTUAL ASSETS Organizational information is intellectual capital - it must be protected Information security – the protection of information from accidental or intentional misuse by persons inside or outside an organization E-business automatically creates tremendous information security risks for organizations

  4. THE FIRST LINE OF DEFENSE - PEOPLE • Organizations must enable employees, customers, and partners to access information electronically • The biggest issue surrounding information security is not a technical issue, but a people issue • 33% of security incidents originate within the organization • Insiders – legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

  5. THE SECOND LINE OF DEFENSE - TECHNOLOGY There are three primary information technology security areas • Authentication and authorization • Prevention and resistance • Detection and response

  6. Authentication and Authorization Authentication – a method for confirming users’ identities Authorization – the process of giving someone permission to do or have something The most secure type of authentication involves: • Something the user knows such as a user ID and password • Something the user has such as a smart card or token • Something that is part of the user such as a fingerprint or voice signature

  7. Something That Is Part Of The User Such As a Fingerprint or Voice Signature This is by far the best and most effective way to manage authentication Biometrics – the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting Unfortunately, this method can be costly and intrusive

  8. Prevention and Resistance Downtime can cost an organization anywhere from $100 to $1 million per hour Technologies available to help prevent and build resistance to attacks include: • Content filtering • Encryption • Firewalls

  9. Content Filtering Organizations can use content filtering technologies to filter e-mail and prevent e-mails containing sensitive information from transmitting and stop spam and viruses from spreading. • Content filtering – occurs when organizations use software that filters content to prevent the transmission of unauthorized information • Spam – a form of unsolicited e-mail • Corporate losses caused by Spam (Billions of $)

  10. Encryption - scrambles the contents of a file so that you can’t read it without having the right decryption key.

  11. Firewalls Sample firewall architecture connecting systems located in Chicago, New York, and Boston

  12. Detection and Response If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage Antivirus software is the most common type of detection and response technology

  13. Detection and Response Hacker - people very knowledgeable about computers who use their knowledge to invade other people’s computers White-hat hacker (Steve Wozniak: Co-founder of Apple) Black-hat hacker (Jonathan James: At 16 broke into Pentagon Computers – stole the International Space Station’s source code)

  14. Detection and Response Script kiddies or script bunnies (Michael Calce (MafiaBoy): DOS to Yahoo, eBay, CNN, etc.) Cracker (Kevin Poulson (Dark Dante): hacked Into FBI) Cyberterrorist (YounisTsouli (Irhabi 007): plotted terrorist attack using Internet Sites)

  15. What is a Bot? Software bot- malicious code that turns PCs and servers into remotely controlled “zombies” Bot “bitten” organizations- Department of Defense, Argonne National Library, Alabama Supercomputer Network, Arkansas Department of Information Systems, Iowa Communications Network, Connecticut’s Department of IT

  16. Detection and Response Virus-software written with malicious intent to cause annoyance or damage BOTS: Worm(A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention) Denial-of-service attack (DoS) Distributed denial-of-service attack (DDoS) Trojan-horse virus (A term used to describe malware that appears to the user to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system) Backdoor program (method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected)

  17. What does a Bot do? Bots can remain dormant for weeks or months at a time 60% of bots are used to send spam The other 40% for more destructive reasons: including phishing, pharming, click fraud, distributing adware or malware, denial-of-service attacks, data theft, and temporarily storing illegal malicious, or stolen files

  18. How do you get a Bot? Most bots are installed due to Human Error. • Through Operating system or application vulnerabilities from not updating security. • Dictionary attacks that guess passwords • Files downloaded via Email • Instant Messaging • Peer-to-Peer applications for downloading • Pre-existing back doors created by viruses • Exploit code aimed at specific networks like: • PC’s • Cell Phones • Ipods • Once bots are installed they can update themselves or install other malicious software.

  19. Thinking of Making Money Using Bots? Think Again Jeanson James Ancheta Downey, California 20 years old Made a worm that let him turn computers into bots for profit ($60,00) Ancheta set himself above the crowd by actively advertising his network of bots on Internet chat channels Became the first person to be charged for controlling large numbers of hijacked computers or botnets. Bot infected China Lake Naval Air Weapons Station in California Convicted – 5 years in prison and a $1 Million dollar fine

  20. Other “Famous” Hackers Anthony Scott Clark (Volkam) - (21 years old from Beaverton, Oregon): Attacked eBay (DOS) - 10 Years in Prison and $250,00 in fines FaridEssebar : Moroccan black hat hacker; also a Russian citizen. He was one of the two people behind the spread of the Zotob computer worm that targeted Windows 2000operating systems in 2005. Among the affected were CNN, ABC News, New York Times, Caterpillar, United Parcel Service, Boeing and also United States Department of Homeland Security.

  21. More Cyber Criminals SaadEchouafni (head of a satellite communications company) : Disrupted Homeland Security • Fugitive since 2004 and on FBI’s Most Wanted Jefferey Lee Parson (18 years old - 2003): Infected 48,000 home PC’s using MS operating system with Blaster worm • 18 month sentence in prison • 225 hours of community service • $407,546.55 in restitution to Microsoft • $1,056 to specific individuals to have hard drives cleaned http://www.wired.com/threatlevel/2009/12/ye_cybercrimes

  22. Source Code Jefferey Lee Parson’s Blaster Worm: The worm contains two messages in its source code. The first: • I just want to say LOVE YOU SAN!! soo much Which is why the worm is sometimes called the Lovesan worm. The second: • billy gates why do you make this possible ? Stop making moneyand fix your software!!

  23. Ethical Dilemmas Jules has walked away from a lab computer without logging off. Trish sits down and, still logged in as Jules, sends inflammatory e-mail messages out to a number of students and posts similar messages on the class newsgroup. You are Trish’s friend. What would/should you do? A large, prospective client calls you and asks about a competitor's reputation. One of your long time customers had a very bad experience with this competitor. What information do you share with the prospect? How do you respond to the prospect call?

More Related