1 / 14

Thursday 2/24/2011

Thursday 2/24/2011. Agenda: Student security topics Computer / Network security & fraud Quiz 3 Last short paper: Cloud Computing Final similar to midterm, over 2d half of course only. NETWORK (COMPUTER) SECURITY. Security: prevent unauthorized access.

lang
Download Presentation

Thursday 2/24/2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Thursday 2/24/2011 Agenda: • Student security topics • Computer / Network security & fraud • Quiz 3 • Last short paper: Cloud Computing • Final similar to midterm, over 2d half of course only. Foster School of Business Acctg 420

  2. NETWORK (COMPUTER) SECURITY Security: • prevent unauthorized access. • recovery from temporary service problems. • recovery from disasters. • protect organization’s data & application software. Foster School of Business Acctg 420

  3. The problem Computer security problem are wide spread. The average case of computer fraud causes a loss of about $1,000,000. Computer fraud is under reported. Why? Employee fraud is the most common type of fraud. Economic espionage (theft of information and intellectual property) is growing very fast. Foster School of Business Acctg 420

  4. Viruses Viruses: several new viruses are created by twisted individuals every day (update anti-virus software frequently). Attachments to e-mail present a high risk for virus infection. Newer viruses are able to mutate (change their appearance as they replicate and spread). Foster School of Business Acctg 420

  5. Fraud (all types) Fraud: (3-legged stool) • Motivation(pressure)—financial, work-related, other. • Opportunity—lack of internal controls (prevent, detect, and correct). • Rationalization—excuse. Foster School of Business Acctg 420

  6. Risk Assessment Risk Assessment—starting point for security, identify and rate each risk. This allows for resource allocation and setting of security priorities. A control spreadsheet is used to organize this process. Foster School of Business Acctg 420

  7. RECOVERY • Mitigate disruption, destruction, and disaster by redundancy in both hardware and software. Fault-tolerant servers, automatic disk copy, duplicate main network components at different location and decentralize data. • Hot, cold, & warm sites for business continuity. • Disaster recovery plan: most important part is backup and recovery controls. Plan Foster School of Business Acctg 420

  8. Access Unauthorized access: • casual cruisers, • security experts, • professional hackers. • Detecting— looking for the unusual, repeat tries, entrapment (fake server = honey pot to bait intruder) • Correcting—depends how the breach occurred, civil and/or criminal action • Latest (Mar. 2010) way to keep PCs Safe—InZero Systems XB technology, a better sandbox! Foster School of Business Acctg 420

  9. Preventing unauthorized access: • Have a security policy—social engineering • Develop user profiles—need to know access basis, smart cards, biometric access systems. Delete user accounts when user leaves organization. • Plug security holes—delete preset accounts, keep up to date and “patch” holes. (Microsoft servers) • Secure access points—terminal, modem, network. Call-back modems, firewalls, proxy servers (application firewall of choice but slows message transfer from internal to Internet. • Prevent eavesdropping—network cabling & devices. Control physical access, use special cables & hubs. Foster School of Business Acctg 420

  10. Cryption • Cryption—encrypt & decrypt, plain text and ciphertext. Algorithms and keys. Keys make the transformation of data unique. Need a key to encrypt and one to decrypt information. The longer the key, the harder it is to guess (56 bits is one standard). It takes 1 week to break a 56-bit key, 1 yr for 64-bit, and billions of years for 128-bit key. • Key escrow—a good or bad idea? Foster School of Business Acctg 420

  11. Cryption Data encryption standard (DES) is a symmetric algorithm—key to encrypt is the same as the one to decrypt. Public key encryption—RSA, asymmetric algorithm, public key to encrypt and private key to decrypt. This allows for authentication (digital signatures). SHTTP is encryption for the web. Foster School of Business Acctg 420

  12. Asymmetric Key Public key algorithms are invertable—text encrypted with either key can be decrypted with the other. Normally, we encrypt with public and decrypt with private, but we can do the reverse! Foster School of Business Acctg 420

  13. Who sent the message? How would you prove legally who actually sent the message? (This is needed for transfer of funds, buy/sell orders, etc.) • Assume that A wants to send a message to B and also wants to prove it came from A. A encrypts key part of message with its private key, then encrypts the whole message with B’spublic key. Then sends message to B. B then decodes with its private key and sees that part of the message is still encoded. B then decodes the encoded part with A’spublic key. Only A has the private key that allows message to be decoded with Aspublic key! Therefore, B knows that the message was from A. Foster School of Business Acctg 420

  14. QUESTIONS???? Foster School of Business Acctg 420

More Related