Ch 7 Security Outline 7th ed

Ch 7 Security Outline 7th ed - IS 3300 Chapter 7 Securing...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
IS 3300 Chapter 7 Chapter 7 Securing Information systems SECURITY CHALLENGES & VULNERABILITIES Figure 7-1, p. 228 WHY SYSTEMS ARE VULNERABLE o System Complexity o Computerized Procedures Not Always Read or Audited o Extensive Effect of Disaster (Electrical Problems, Power Failures, Flood, Fires, Natural Disaster, etc.) o Unauthorized Access Possible THREATS TO INFO SYSTEMS o Hardware Problems (Breakdowns, Configuration Errors, Damage from Improper Use or Crime) o Software Problems (Programming Errors, Program Changes, Installation Errors, unauthorized changes) o Telecommunications Problems o Internet Vulnerabilities o Wireless Security Challenges o User Errors o Access Penetration o Personnel Actions o Theft Data Services Equipment NETWORK VULNERABILITIES o RADIATION: Allows Recorders, Bugs to Tap System o CROSSTALK: Can Garble Data o HARDWARE: Improper Connections, Failure of Protection Circuits VULNERABILITIES o SOFTWARE: Failure of protection features, access control, bounds control o FILES/DATA: Subject to theft, copying, unauthorized access, changing data MALICIOUS SOFTWARE (Malware) Viruses Worms Trojan Horses Spyware Key Loggers COMPUTER VIRUS 1 of 9
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
o Rogue Program o Difficult to Detect o Spreads Rapidly o Destroys Data o o Disrupts Processing WORM o Independent Computer Programs o Copy Themselves from One Computer to other Computers over a Network o Are NOT attached to Program Files o Spread Rapidly o o TROJAN HORSE Program That Appears Useful But Contains A Hidden Security Risk SPYWARE o Software Used To Gather Information o Install Themselves on Computers to Monitor User Web Surfing Activity o “Serve Up” Tailored Ads KEY LOGGERS o Record Every Keystroke o Steal Information o Launch Internet Attacks o Gain Access to E-Mail Accounts o Obtain Password o Gather Personal Information (e.g., Credit Card Numbers) o Hackers Vs. Crackers o Cybervandalism o Spoofing o Sniffing o Denial-of-Service (DoS) Attack o Distributed Denial-of-Service (DDoS) Attack o Botnets HACKERS vs CRACKERS HACKER o Gains Illegal Access to Computer MOTIVATION
Background image of page 2
IS 3300 Chapter 7 o Profit o Criminal Mischief o Personal Pleasure CRACKER o Hacker With Criminal Intent CYBERVANDALISM o Intentional Disruption, Defacement, or Destruction of a Web Site or Corporate Information System SPOOFING o Spoof: Misrepresent Oneself by Using Fake E-Mail Address or Masquerade as Someone Else o Spoofing: Redirect a Web Link to an Address Different from the Intended One SNIFFING o Sniffer: Eavesdropping Program Monitoring Information Traveling over a Network o Sniffers Enable Hackers to Steal Proprietary Information from Anywhere on a DENIAL-OF-SERVICE (DoS) ATTACK o Flood Network Server or Web Server With Thousands of FALSE
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 9

Ch 7 Security Outline 7th ed - IS 3300 Chapter 7 Securing...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online