1 / 37

Chapter 13 Security Strategies and Systems

Chapter 13 Security Strategies and Systems. Security Issues. The Internet has opened up many new frontiers for everyone, including con artists and computer users with malicious intent. . Security Issues. Network and Internet Security Risks. Hardware and Software Security Risks.

shakti
Download Presentation

Chapter 13 Security Strategies and Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 13 Security Strategies and Systems

  2. Security Issues • The Internet has opened up many new frontiers for everyone, including con artists and computer users with malicious intent.

  3. Security Issues • Network and Internet Security Risks • Hardware and Software Security Risks • Computer Viruses

  4. Network and InternetSecurity Risks Unauthorized Access Information Theft Denial of Service (DoS) Attacks

  5. Hackers and Crackers • Hackers are individuals who specialize in breaking security systems, motivated by either curiosity or the challenge.

  6. Crackers • Crackers tend to be more decidedly criminal in nature, and oftentimes steal information or break the security of a software program on CD by removing the copy protection system.

  7. Hacker Methods • A company’s most valuable possession is typically its information stored in databases. • Obtaining users’ IDs and passwords • Entering through system backdoors left • unintentionally by programmers • Spoofing • Installing spyware

  8. User IDs and Passwords • Most hackers focus on gaining entry over the Internet to a secure computer system by finding a working user ID and password combination.

  9. Obtaining User IDsand Passwords • Hackers know from experience which passwords are common and they have programs that generate thousands of likely passwords and try them automatically over a period of hours or days.

  10. System Backdoors People who know about a backdoor can then enter the system, bypassing the security, perhaps years later when the backdoor has been forgotten. A system backdoor is a user ID and password that provides the highest level of authorization. The “backdoor” often is created in the early days of system development to allow programmers access to fix problems.

  11. Spoofing Spoofing is the process of fooling another computer by pretending to send packets from a legitimate source. It works by altering the address that the system automatically puts on every message sent. The address is changed to one that the receiving computer is programmed to accept as a trusted source of information.

  12. Spyware • A type of software that allows an intruder to spy upon someone else’s computer • Takes advantage of loopholes in the Windows security systems and allows a stranger to witness and record another person’s every mouse click and keystroke on the monitor as it occurs. • For the spy, it looks as if a ghost is moving the mouse and typing in e-mail on his screen.

  13. Spyware • For the victim, everything seems normal. • The spy can record activities, gain access to • passwords and credit card information—or she • can just snoop. • Software can be installed without victim’s • knowledge. Disguised as an e-greeting, for • example, the program can operate like a virus • that gets the unwary user to install the spyware • unknowingly.

  14. Information Theft Information can be a company’s most valuable possession. For example, a sales database lists all of a company’s clients, with contact information and sales history. A competitor who gains access to this information will have a huge advantage. He will know exactly how much to bid to gain a sale, which clients to call, and what products they like to buy.

  15. Industrial Espionage Stealing corporate information, a crime included in the category of industrial espionage, is unfortunately easy to do and difficult to detect. With software, if a cracker breaks into a company network and manages to download the company database from the network onto a disk, nothing seems wrong. The original database is still in place, working the same way it did before.

  16. Industrial Espionage • Industrial espionage and other types of information theft carried out via networks pose a serious problem.

  17. Wireless Vulnerability • Wireless networks and wireless devices make information theft particularly easy. • Wireless devices such as cameras, Web phones, networked computers, PDAs, and input and output peripherals are inherently less secure than wired devices. A normal wired connection, such as a wire between a keyboard and a computer, cannot be as easily intercepted as a wireless radio transmission.

  18. Denial of Service (DoS) Attacks Carried out by organized groups of hackers who run a computer program that repeatedly asks a Web site for information or access. Bombarding the site thousands of times a second means that legitimate users cannot access the site and thus are denied service.

  19. Computer Viruses • Computer viruses are software programs designed expressly to “infect” or spread to as many computers as possible and perform some kind of prank. • These pranks range from annoyance to the destruction of data and hardware.

  20. Antivirus Software The Internet has made viruses spread more quickly. Antivirus software is available to detect and remove known viruses.

  21. Methods of Virus Operation • E-mail • Macros • Boot sector infections • Trojan horse method • Stealth, polymorphic, • or multipartite viruses • Logic or time bombs • Similar to viruses are software worms, which operate by transmitting and copying themselves.

  22. Hardware and SoftwareSecurity Risks • Major systems failures • Employee theft • Cracking of software • protection codes.

  23. Security Strategies • Data backups • Disaster recovery plans • Data encryption • Firewalls • User IDs and passwords • Network sniffers • Mini webcams • Biometric authentication

  24. Security Strategies • Data backups: Create backup files • and place them in a safe spot • Disaster recovery plans: Data backup • procedures, remotely located backup • copies, redundant systems

  25. Data Encryption • Other security strategies include using data encryption for sensitive transactions

  26. Firewalls • Security strategies include setting up firewalls to protect networks

  27. User IDs and Passwords User ID and Password Combination User ID: Known portion Password:Core security element To create a secure, memorable password, use one or two familiar words connected with a number or symbol.

  28. Network Sniffers • Network sniffer is a software package that • Displays network traffic data • Shows which resources • employees are using • Shows Web sites they are • visiting • Troubleshoots network • connections • Improves system performance.

  29. Mini Webcams Webcams were originally designed to sit on top of a user’s monitor and allow for audio/video conversations with others on the Internet. They have been adapted, however, as a security measure and as a tool for voyeurism. The addition of a motion sensor allows them to transmit only when something is happening

  30. Biometric Authentication • Biometric identifiers are unique physical attributes that can be used to verify a person’s identity: • Hand geometry • Facial geometry • Facial thermography • Retinal patterns • Iris patterns • Voice patterns

  31. Fingerprint Scanning Systems Fingerprint scanning systems are commonly used for biometric authentication.

  32. Hand Geometry A hand geometry system determines a person’s identity by measuring the dimensions of the hand, which are unique to each individual. This system is touted as harder to fool than a fingerprint scanner, as it is more difficult to create a fake hand than a fake image of a fingerprint.

  33. Computerized Facial Recognition (CFR)systems work in a variety of ways, but the primary goal is to recognize a human face by comparing it to existing scans of photos in a database.

  34. By measuring the pitch and timbre of a human voice, computers are able to recognize individuals. Scanners are used to verify a person’s signature against a known database of signatures. Voice and Signature Verification

  35. Iris and Retinal Recognition Hundreds of details about irises can be measured and compiled as unique patterns stored in iris recognition systems. Iris and retinal recognition systems are used primarily in high-security environments such as military installations and financial institutions.

  36. On the Horizon Keystroke identification is a new area of biometric technology that measures typing rhythms, which are virtually impossible for someone to falsify. This type of system offers the advantages of being unobtrusive, fairly low-tech, inexpensive, and highly effective.

  37. On the Horizon Quantum cryptography is a new attempt to make even the starting encryption keys secret. Using quantum devices to transmit light signals over fiber optic cable, two parties who wish to send a secret message can exchange their unprotected key as normal to start the sequence. If anyone observes the key, the system will be disturbed, and both sides will be aware of the security breach.

More Related